Changing IT Managing Networks in a New Reality Alex Bakman Founder and CEO Ecora Software

2 Agenda Introduction to Change Management Discuss key aspects of Change Management Define Configuration Management How Configuration Management is key component of Change Management Benefits of Configuration Management/ Change Management

3 Everything Changes… Seasons Jobs Styles/Wardrobes Relationships INFORMATION TECHNOLOGY

4 …And Change Impacts Everything Just like the transition of seasons when new weather patterns completely change the local environment… … a simple configuration change in your IT infrastructure can greatly impact your servers, applications, and the business.

5 The Fact Is… Your enterprise relies on sever-based computing to deliver new applications and services to employees, customers, and business partners.

6 As A Result… Your IT infrastructure is growing more and more complex. This increased complexity adds more risk that must be managed.

7 Change Happens The dynamic nature of sever-based computing dictates that code, configurations, and content change on a frequent basis.

8 The Issue With Change Interdependencies between IT components are critical. Frequent changes in the IT production environment is the leading cause of system failures. Changes can lead to downtime, security exposures, or a decrease in the quality of services that can directly result in lost customers and revenue.

9 Implications of Change Operational Efficiency Risk Management Security Business Continuity Systems Integrity Cost Management Regulatory Compliance Value Delivery

10 Managing Changes To minimize security risks and maximize performance and availability of systems, enterprises need to reliably and efficiently manage changes.

11 Change Management The process of managing IT changes is commonly referred to as Change Management. Change Management processes help enterprises significantly reduce administrative costs while maximizing IT services.

12 Change Management Effective Change Management enables an enterprise to promptly handle the need to modify any part of its IT and communications environment, and supports the acceptance, approval, and implementation of the modification.

13 Change Management Benefits Reduce unplanned downtime Reduce planned downtime Improve quality of service Repeatable processes Improve communication with users Reduce volume and effects Improve client satisfaction

14 Q: Do you use one system to track all IT operations and application development changes in a production environment? Yes (46 percent) No (54 percent) Source: Network Computing

15 What type of change reporting is provided to IT senior management? Number of changes implemented (27 percent) Number of successful changes (4 percent) Percentage of changes by category (17 percent) No reporting provided (52 percent) Source: Network Computing

16 If Change Management is so important… …why is the implementation of change management processes so difficult to maintain???

17 Gartner Says: Enterprises fail to implement operational change management because they lack governance. Mere statements of the importance of change control do not make for true governance. Operational change control requires that IT management: –adopt change policy guidelines –require process documentation –automate control and verification processes

18 Preparing For Change Establish a baseline of the IT environment. Create a framework for tracking changes across: applications vendors departments project teams stakeholders Provide a long-term strategy for managing change.

19 Change Management Goals Establishing day-to-day business procedures. Establish and enforcement required: –Checkpoints –Approvals –Workflow mandates Capture, manage, and communicate issues to all team members.

20 Change Management Outcomes Standardized methods and procedures that guide day-to-day IT operations. Formalized governance that guides the efficient and effective handling of changes and minimizes any effects on IT systems in production. Gartner reports that change management: –Reduces unplanned downtime by 25% to 35% –Reduces planned downtime by 25%

21 Motivators of Change Management Clients Vendors Regulatory Compliance –Sarbanes-Oxley (SOX) –HIPAA –GLBA –FISMA Source: Network Computing magazine

22 Steps to Effective Change Management Communication Authorization Approval Documentation Security Testing Scheduling Emergency Procedures Segregation of Duties Back-Out Plans Closing Change Support from the Top

23 ITIL Recommendations ITIL (IT Infrastructure Library) provides a solid framework for high-quality delivery and support of IT services. ITIL recommends implementing Change Management and Configuration Management concurrently as a best practice.

24 Change Management Begins With Configuration Management Data collected by configuration management tools provides a foundation for change management processes. Configuration Management is the detailed recording and updating of information that describes an enterprise's computer systems and networks, including all hardware and software components.

25 Change Management Begins With Configuration Management Stored Configuration Item (CI) information typically includes: –CI Name –Serial Number –Category of CI (e.g. hardware, software, documentation, etc) –Model Number –Location and Network Address –Owner Responsible –Source/Supplier –Purpose, installed software (COTS or custom), and version

26 Configuration Management Supports Change management Problem management Event management IT service management Disaster recovery management IT security Regulatory compliance

27 Configuration Management Supports

28 Configuration Management Rationale To account for all IT systems To provide accurate information in support of other Service Management processes To provide a sound basis for Incident, Problem, Change, and Release Management To verify the infrastructure To correct exceptions

29 Configuration Management Provides Enhanced… Planning Identification Control Status Accounting Verification and Audit Security

30 Configuration Management Planning The purpose, scope, and objectives of Configuration Management and how it fits in with the organization’s overall Change Management and Configuration Management plan. The schedule and procedures for performing Configuration Management activities: configuration identification, control, status accounting, configuration audit, and verification.

31 Configuration Management Planning Configuration Management systems design –scope and key interfaces, including: Automated Configuration Management tools Configuration Management Database (CMDB) Locations of Configuration Management data and libraries

32 Configuration Management System For large and complex infrastructures, Configuration Management will operate more effectively when supported by a software tool that is capable of maintaining a CMDB. The CMDB should contain details about the attributes and history of each configuration item (CI) and details of the important relationships between CIs.

33 Configuration Management System The Configuration Management system should prevent changes from being made to an IT infrastructure without valid authorization via Change Management. Changes should be recorded on the CMDB by automatically updating the CMDB.

34 Centralized CMDB Cross platform configuration reporting –Single source for configuration data collection Consolidated change tracking –Ability to track changes across the enterprise from a central location

35 Configuration Management Benefits Provides accurate information to support IT Service Management processes. Facilitates adherence to legal and contractual obligations. Helps financial planning through clear identification of all assets and associations between them. Improves security by controlling the versions of CIs in use, and enables the organization to reduce the use of unauthorized software. Facilitates impact and trend analysis for changes and problems.

36 Results: Improved Quality of IT Services Reduce the errors attributable to wrong CI information. Improve the speed of component repair and recovery. Improve customer satisfaction with services and equipment.

37 Supports Success of other ITSM Processes Fewer change failures as a result of inaccurate configuration data. Improved incident resolution time because of complete and accurate configuration data. More accurate results from risk analysis audits because of available and accurate system information.

38 Security Configuration and Change Management lead to a more secure enterprise computing environment: –Easily identify security risks and vulnerabilities –Centralized reporting for IT audits –Assess the impact of changes on IT security before an incident occurs

39 Regulatory Compliance Following Best practices eases the effort of regulatory compliance (SOX, HIPAA, etc.); where achieving and demonstrating control of IT processes is now a requirement for most organizations. Configuration Management and Change Management processes are in scope of Regulatory Compliance efforts.

40 Regulatory Compliance Centralized CMDB provides the ability to generate specific, detailed reports to provide documented evidence for compliance audits. Reports can be produced to meet the specific requirements of Sarbanes-Oxley, HIPAA, GLBA, 21 CFR Part 11, and more.

41 Results of Sound Configuration and Change Management Improved Quality of IT Service Improved IT Governance Improved planning Reduced downtime Happier Customers Improved position for regulatory compliance More profitable organization

42 Questions & Answers