ITIL® 4 and the Cloud

Mark O'Loughlin

White paper
February 2019
1. Contents
1 Introduction 03

2 What is ITIL? 04

3 What is cloud computing? 05

4 Impact of cloud on IT service management 06

5 ITIL 4 updated for the digital world 09

6 Service value system and the cloud 11

7 Practices and continual improvement and the cloud 11

8 Adapting the service value chain to the cloud 12

9 Value stream mapping 15

10 Service financial management 15

11 Service level agreements 16

12 DevOps, change control and velocity of change 18

13 Summary 20

14 References 20

15 About the author 21

16 About AXELOS 22

17 Trade marks and statements 22

02 ITIL® 4 and the Cloud AXELOS.COM

1. Introduction
There is an on-going shift in the world of IT that is disrupting both the IT function and the organization
itself. We are experiencing significant change in areas such as:

zz IT technologies
zz management of IT
zz business models
zz attitudes, behaviours, and culture.

As the traditional IT landscape shifts, the IT model that had proven successful has evolved significantly.
New digital technologies require organizations to change or adapt their business models. This digital
transformation is being driven by emerging technologies, for example:

zz cloud
zz Big Data
zz internet of things (IoT)
zz blockchain
zz artificial intelligence (AI).

This technological change has been so significant that it is commonly referred to as the Fourth Industrial
Revolution. However, if IT service management (ITSM) professionals and the IT function want to remain
relevant in this new IT landscape, they need to fully understand what digital transformation is about. They
also need to become leaders and trusted advisors in their organization on all matters relating to cloud. This
is because cloud is the most common of the digital technologies being adopted today.

A significant difficulty facing ITSM professionals is where to start. What needs to be addressed to make a
difference? Going back to first principles, the following is good advice:

zz Frameworks such as ITIL, DevOps, Lean and Agile can help the organization to structure activities to drive results.
zz Vendor-neutral training and education is important, as it helps the organization and IT professionals cope with hybrid
cloud environments, i.e. multiple cloud services.
zz Vendor-specific technology training is equally as important, as digital technologies and their capabilities continue
to evolve.

Upskilling IT professionals to deliver value, from digital technologies, as opposed to doing tasks, is a
necessity, even if it remains a significant and often overlooked gap. Focusing on the technology alone will
not deliver digital success, digital innovation, or digital value; it will only deliver new technology.

So, what should we to do to ensure we deliver value?

AXELOS.COM ITIL® 4 and the Cloud 03

Start by using a simple model, such as the BCC Model (Table 1).

Table 1 The blend, continue, combine (BCC) model

Model Area Details

Blend Current and emergent practices, Emergent practices, training and education include
training and education ITIL, DevOps, AGILE, Lean, Cloud, Big Data,
Internet of Things, Blockchain, Artificial Intelligence,
etc.

Continue Providing technology training Covering both vendor specific and vendor neutral
technology training.

Combine Current and emergent practices,
training and education and
technology training
BCC model is copyright of Red Circle Strategies ©2019
It is only by combining current and emergent
practices, technology, training and education will
organizational and business change occur to such a
level where value is delivered, and change happens
across the entire IT function and throughout the
organization.

This whitepaper looks at the way traditional IT service management practices have been impacted and
challenged by the disruptive nature of cloud computing1. It also examines the way ITIL 4 can be utilized to
meet the challenges that rise from the adoption of cloud-based services. It supplements ITIL 4, and stands
in relation to ITIL 4, the CCC digital and cloud portfolio, and the Professional Cloud Service Manager
(PCSM) certification.

The summary concludes with a personal call to action.

2. What is ITIL?
ITIL has led the ITSM industry with guidance, training, and certification programmes for more than
30 years. ITIL 4 brings ITIL up to date by re-shaping many of the established ITSM practices in the context
of customer experience, value streams, and digital transformation, as well as embracing new ways of
working, such as Lean, Agile, and DevOps. The guidance provided by ITIL publications can be adopted
and adapted for all manner of organization and service, including cloud-based services.

3. What is cloud computing?

Cloud is a disruptive innovation that challenges and changes traditional business and IT models. It is
disruptive because it changes how IT products and services are provided for both the consumer and the
service provider. Cloud has moved the organization away from the traditional software licensing models
and premises-based data centre hosting to ‘pay-as-you-go’ or utility-based pricing models. As the adoption
of cloud increases, the organization has seen a reduction in the use of the IT infrastructure which they
previously bought, operated and maintained. Cloud also changes the way the organization purchases,
integrates, manages and consumes operations support, IT, and consumer services and applications.

1
Cloud computing will be referred to as ‘cloud’ or ‘cloud-based services’ throughout this white paper.

04 ITIL® 4 and the Cloud AXELOS.COM

In simple terms, cloud can be described as a revolutionary new model for technology and business:

zz Cloud uses new and emerging technologies.

zz It is provided to customers in a different way to traditional IT.
zz It is bought, operated and maintained differently from traditional IT.
zz It allows the organization to use IT infrastructure, platforms and software in new ways.

Because of these changes, the organization and individuals need to change the way they work.

There are similarities between cloud and cloud-based services and the definition of a service as defined in
ITIL Foundation: ITIL 4 edition:

Service
A means of enabling value co-creation by facilitating outcomes that customers want to achieve,
without the customer having to manage specific costs and risks.

The premise of cloud is that it allows IT, business, customer and consumer services to be provided with
greater economies of scale, quicker, faster and cheaper and without the need for the service provider to
own the entire IT infrastructure, platform, software or applications themselves. Peaks in demand for IT,
business and customer services can be automatically provisioned for, leading to a pay-per-use model.
A pay-per-use model can, in certain circumstances, lower the cost of service delivery by eliminating full
ownership of back-end IT infrastructure, platforms, software and applications.

Cloud enables organizations to realize the following benefits:

zz reduces IT asset ownership

zz reduces overall capital expenditure costs (CAPEX)
zz reduces IT over-capacity
zz increases the capabilities of the IT organization
zz leverages newer technologies
zz provides utility-based charging
zz introduces real economies of scale
zz enables resources to be scaled up and down quickly to cope with increases and decreases in demand for IT services

Cloud is now ubiquitous in our lives. People and organizations use the cloud every day, often unknowingly.
However, from an organizational perspective, the realization of the benefits from cloud and digital
technologies is dependent on:

zz how well the organization adopts and uses cloud and digital technologies
zz having sufficiently trained IT professionals with technical and non-technical digital and cloud skills.

4. Impact of cloud on IT service management

The proliferation of cloud-based services does not change the fundamentals of what IT service
management aims to achieve. The goal is to create quality products and services which are fit for purpose,
fit for use and aligned to the strategic goals and needs of the organization.

However, cloud was born out of disruption. The latest developments in cloud and digital technologies allow
the organization to develop new business models, which will give them a competitive advantage over
traditional businesses. For example, Amazon continues to take market share from high street retailers while

AXELOS.COM ITIL® 4 and the Cloud 05

also disrupting traditional IT service providers. Software giants such as Microsoft are moving away from the
traditional software licensing model to reinvent themselves as cloud-service providers.

4.1. OUTSOURCING
Cloud is a form of outsourcing. In moving to the cloud, the organization outsources specific tasks and
responsibilities to the cloud service provider. This leads to the organization, and the IT function as the
internal IT service provider, to shift away from managing some of the technical aspects of delivering the
service, including: IT process management; risk management; financial management; IT architecture;
interoperability of systems; security; and IT service management in general.

Public cloud-based services are provided to the organization under contracts which have different metrics
to traditional IT services. Availability is a key indicator of service provision of public cloud services.
However incident resolution times, root cause analysis, change notifications and customer specific service
level agreements are generally not defined for the customers of many public cloud-based services.

There is one fundamental aspect which will not change. The IT function and the organization must retain
overall responsibility for the end-to-end design, architecture, interoperability, security and risk management,
etc. of the services they provide, no matter how much or how little of that service is outsourced to the
cloud vendor. End-to-end responsibility cannot be outsourced.

4.2. MODIFYING THE BUSINESS STRATEGY

Organizations need to modify their business strategies in line with the opportunities offered by cloud and
other digital technologies. These modifications will filter down to the IT strategy, where they will help re-
define the goals and objectives for how IT supports the needs of the business. Many organizations have not
yet done this.

Research carried out by the CCC2 found :

… many IT and Service Management professionals, taking CCC classroom-based education

continue to report that they have not seen a cloud-based IT or business strategy. Some delegates
report seeing an IT cloud strategy but only as a presentation or set of slides. More worrying is the
large number of delegates who report that... they would not know what should be included in a
cloud strategy document. This is not surprising as many organisations and professionals do not
understand the basics regarding the context of cloud.

4.3. CLOUD AND ITIL ROLES

When organizations adopted guidance from previous versions of ITIL, they generally selected processes
from the service transition and service operation stages of the lifecycle, including: incident, problem and
change management; service request fulfilment; event management; and configuration management.
Taking these processes as examples, how would they be affected when an organization outsources their IT
to the cloud?

2
The CCC conducts research on a continual basis. Research methods include; global surveys, industry analysis, expert panel
reviews and pre-and-post classroom surveys. Findings are also published in CCC reports and whitepapers.

06 ITIL® 4 and the Cloud AXELOS.COM

Table 2 presents fictitious scenarios based on real-life challenges from the point of view of a variety of roles
within the organization. Many of the issues do not get addressed, frequently because the IT function lacks
the guidance to determine the best course of action.

Table 2. Possible issues faced in a typical organization

Role/process Typical questions and concerns

Incident manager How do I manage, restore and report on incidents which occur in a cloud-
service providers’ environment, where I have no control over what they do, and
I have no access to their IT environments?

How do I restore a service when there are multiple-cloud providers providing a

part of the service and they each blame the others?

How do I report the expected incident resolution fix-time to the CIO when our
public cloud email application goes offline?

Our cloud service provider will not tell me.

Problem manager Why won’t the public cloud service provider provide root cause analysis (RCA)
for the major application problem we had last week?

I am under pressure to provide the CIO a reason other than ‘cloud-failure’; the
CIO needs to report to the board.

Change manager Do we still need a change advisory board (CAB) or our weekly two-hour
change approval meetings?

How do I manage and report change activity which occurs in a cloud service
providers’ environment?

Why are DevOps teams allowed to make changes without following our change
process or procedures?

Is my role being outsourced to the cloud?

Availability manager How do I ensure availability of systems, applications and services when I
cannot control or manage the parts provided by cloud service providers?

Service level manager How do I report our typical IT service management metrics to management?

I do not get metrics from public cloud service providers. Even when they
provide me with the monthly availability measurements, they differ from the
availability we measure for many of the other cloud-based infrastructure,
services and applications we use.

AXELOS.COM ITIL® 4 and the Cloud 07

Role/process Typical questions and concerns
CIO Have I just lost control of the IT function?

IT seems to be provided by a number of different cloud service providers, but

no-one seems to be accountable. Worse still, the cloud providers are only
responsible for certain pieces of each service and they won’t talk to each other
when problems arise.

Finance manager I was told that moving to the cloud was going to save us a lot of money. I have
not seen any savings to date. Why not?

Who is controlling the OPEX budget?

Actually, never mind that: who is spending the OPEX budget and on what?
Our monthly spend on cloud seems to be increasing but I don’t know why
and can’t see any additional revenue coming into the business from this extra
spend. The CIO does not seem to know either, which is a concern.

VP of products I asked IT to ensure that our online shop would be always available during
the busy shopping period. We requested that IT integrate two new forms of
online payment wallets. In addition, we need to analyse purchaser shopping
preferences from the customer’s previous visits using some form of analytics,
which IT refer to as their big data capability. However, I have yet to see any of
this working consistently. So much for this cloud and digital revolution I keep
hearing about!

Head of marketing We decided to use a public cloud-based service to run this years’ marketing
and social media campaign.

The CIO said we cannot use the cloud service which we have subscribed to
due to some problem with our data existing on a server outside the European
Union. I don’t understand what this means, and I don’t really care. Anyway,
doesn’t cloud do away with the need for servers these days?

The cloud service we signed up to is really good value and does what we need
it to do. However, IT needs to sort out single-sign-on and to make the cloud
system work with our CRM application. They seem to be having problems with
this, as usual.

All roles How are we to change and adapt our current work practices to be more agile
and flexible, and to work with DevOps and Lean ideas? How are we to benefit
from using cloud where problems are solved, not introduced?

08 ITIL® 4 and the Cloud AXELOS.COM

Further analysis conducted by the CCC2 reveals that:

The above scenarios are still common today. In order for the organisation and IT Professionals to
deal with and find answers to these questions and challenges, they need to understand the context
of what the cloud is. Context requires more than just a working definition of cloud.

5. ITIL 4 updated for the digital world

ITIL 4 champions the use of modern technology and addresses the challenges of modern IT service
management. It presents a flexible, coordinated and integrated framework for the effective governance and
management of IT-enabled services.

The key components of the ITIL 4 framework are the service value system (SVS) and the four dimensions
model.

5.1. SVS
The SVS, shown in Figure 1.1, represents the way the activities of the organization combine to create value
through IT-enabled services. The SVS facilitates integration and coordination of the activities and provides a
strong, unified, value-focused direction for the organization.

Opportunity/
demand

Figure 1. The ITIL service value system

2
The CCC conducts research on a continual basis. Research methods include; global surveys, industry analysis, expert panel
reviews and pre-and-post classroom surveys. Findings are also published in CCC reports and whitepapers.

AXELOS.COM ITIL® 4 and the Cloud 09

The core components of the SVS are:

zz ITIL service value chain

zz ITIL practices
zz ITIL guiding principles
zz governance
zz continual improvement.

5.2. SERVICE VALUE CHAIN

The ITIL service value chain provides an operating model for the creation, delivery, and continual
improvement of services. It is a flexible model that defines six key activities that can be combined in many
ways, forming multiple value streams. The service value chain is flexible enough to be adapted to multiple
approaches, including DevOps and centralized IT, to address the need for multimodal service management.
The adaptability of the service value chain enables the organization to react to changing demands from
their stakeholders in the most effective and efficient ways.

5.3. ITIL PRACTICES

The flexibility of the service value chain is further enhanced by ITIL practices. Each practice supports
multiple service value chain activities, providing a comprehensive and versatile toolset for ITSM
practitioners.

5.4. ITIL GUIDING PRINCIPLES

The ITIL guiding principles can be used to guide the organization’s decisions and actions. They ensure the
organization has a shared understanding and common approach to service management. The ITIL guiding
principles create the foundation for the organization’s culture and behaviour from strategic decision-making
to day-to-day operations.

5.5. GOVERNANCE
The SVS includes governance activities that enable the organization to continually align its operations with
the strategic direction set by its governing body.

5.6. CONTINUAL IMPROVEMENT

Every component of the SVS is supported by continual improvement. ITIL provides the organization with a
simple and practical improvement model to maintain their resilience and agility in a constantly changing
environment.

5.7. THE FOUR DIMENSIONS OF ITIL 4

ITIL 4 outlines four dimensions of service management from which each component of the SVS should be
considered to ensure the service is viewed holistically. The four dimensions are:

zz organizations and people

zz information and technology
zz partners and suppliers
zz value streams and processes.

10 ITIL® 4 and the Cloud AXELOS.COM

By giving each of the four dimensions the appropriate time and attention, the organization ensures their
SVS remains balanced and effective.

6. Service value system and the cloud

The ITIL SVS describes how the components and activities of the organization work together as a system to
create value. It can be adapted for cloud-based services. The SVS provides a useful structure to ensure the
organization uses the right cloud-based services, for the right reasons and in the right way, aligned to the
needs and requirements of the governing body and stakeholders.

6.1. ITIL GUIDING PRINCIPLES

The ITIL guiding principles can be adapted for cloud-based services and aligned to disciplines such as:
architecture; strategy; procurement; velocity of change; budgeting and financial controls; capacity and
performance management; availability; training and education, etc..

6.2. GOVERNANCE
Governance activities enable the organization to align their choices and use of cloud-based services with
the strategic direction set by the organization’s governing body and stakeholders. It is critical to consider
how cloud-based services will be directed, controlled and monitored when parts of the service are not
accessible by the organization, and contract terms, conditions and service levels may not be negotiable.

6.3. SERVICE VALUE CHAIN

The ITIL service value chain can be adapted to deliver cloud-based services.

The defined activities may be generic in some cases, whereas in others they might be specific e.g. a
specific cloud service from a specific cloud vendor.

7. Practices and continual improvement and the cloud

7.1. PRACTICES
Practices are sets of organizational resources designed for performing work or accomplishing an objective
related to the full lifecycle of a cloud service.

ITIL 4 has relabelled what were previously referred to as processes as practices. By using cloud-based
services, organizations are able to reduce tasks for some of the practices, as these will be carried out by
cloud service providers.

For example, with public cloud email services, the service provider is responsible for maintaining the
entire back-end infrastructure behind the email service, including the management of incidents, problems,
changes, releases, changes, capacity, etc.

Many organizations who need to integrate cloud-based services with their traditional IT and business
services are likely to retain the processes and practices that allow them to manage incidents, problems,
changes, releases, changes, capacity and availability from an end-to-end, holistic perspective.
Accountability for the overall service will remain with the organization that procured the cloud service.

AXELOS.COM ITIL® 4 and the Cloud 11

7.2. CONTINUAL IMPROVEMENT
Continual improvement is a recurring organizational activity performed at all levels to ensure the
organization’s performance continually meets stakeholder expectations.

ITIL 4 supports continual improvement through the ITIL continual improvement model. A holistic approach
to the continual improvement of the SVS of cloud-based services should be aligned with the continual
service improvement practice.

High level areas to consider include:

zz how can cloud improve existing services?

zz h
ow to deliver value and outcomes to the organization through cloud-based services, rather than managing infrastructure
task and activities
zz h
ow to improve the organization’s use of cloud, reducing the time and effort of managing back-end infrastructure and
application code.

Continual improvement is not exclusive to ITIL:

zz Lean methods provide perspectives on the elimination of waste.

zz Agile methods focus on making improvements incrementally at a cadence.

DevOps methods work holistically and ensure that improvements are not only well designed but also
effectively applied.

8. Adapting the service value chain to the cloud

A service value chain is a set of interconnected activities that the organization performs to deliver a
valuable product or service to its consumers and to facilitate value realization. Although the service value
chain operating model is generic, in practice it can follow different patterns called value streams.

The service value chain can be adapted to multiple approaches, including DevOps and centralized IT, to
address the need for multimodal service management. The adaptability of the value chain enables the
organization to react to the changing demands of its stakeholders effectively and efficiently.

The flexibility of the service value chain is further enhanced by ITIL practices. Each ITIL practice
supports multiple service value chain activities, providing a comprehensive and versatile toolset for ITSM
practitioners.

Table 3 shows the six activities within the service value chain which lead to the creation of products and
services and, in turn, value.

The six value-chain activities are:

zz plan
zz improve
zz engage
zz design and transition
zz obtain/build
zz deliver and support.

12 ITIL® 4 and the Cloud AXELOS.COM

Table 3. The six activities in the service value chain

Value-chain Products and services examples

activity
Plan The purpose of the Plan activity is to ensure a shared understanding of the
vision, current status, and improvement direction for the four dimensions and the
organization’s products and services.

A cloud Plan should be aligned to the overall business strategy, and should
include take into consideration the needs of the business and IT stakeholders. It
should include:

zz policy statement
zz organizational vision
zz organizational objectives
zz key drivers for adoption
zz risks and issues
zz individual policy statements
zz glossary

Examples of individual policy statements include:

zz use of public or private clouds

zz data location and retrieval
zz l egal and regulatory compliance requirements (in particular, with regard to the storage of
data)
zz privacy of data, organizational information and secrets
zz skills requirement
zz data retrieval
zz cloud exit criteria/capability (this is very important and almost always overlooked).

The glossary should contain a brief explanation of the five characteristics of

cloud, the four cloud deployment models, and the three cloud service models as
defined by NIST.*

Improve The purpose of the Improve activity is to ensure continual improvement of

products, services, and practices across all value chain activities and the four
dimensions of service management.

In some instances, it is the cloud service which can be improved. In other

instances, cloud will bring an improvement to the existing service, application, IT
component etc.

If cloud is adopted for the right reasons and in the right way, it should bring
improvements for both IT and the business.

*
NIST. National Institute for Standards in Technology. www.nist.gov NIST defined these basic characteristics of cloud.

AXELOS.COM ITIL® 4 and the Cloud 13

 Value-chain Products and services examples
activity
Engage Initially, the purpose of the Engage activity is to foster an understanding of
stakeholder needs, to offer transparency of process, and to maintain continual
engagement and good relationships with stakeholders.
When adopting a cloud-based service for the first time, it is important to
engage with stakeholders, to understand the strategy, to discuss the needs and
requirements with customers, and to understand end user expectations.
The organization will need to engage with the cloud service provider in order to
access their services. This could be as simple as creating a customer account
and providing billing details for a credit card. It could be as complex as having to
work through a Request for Proposal (RFP) process.
Engagement also happens once the cloud-based service is up and running. It
is important to continue to engage with product and service owners, technical
teams, users of the cloud services, and to align future actions with the overall
cloud strategy.

Design and transition The purpose of the Design and transition activity is to ensure that products and
services continue to meet stakeholder expectations for quality, cost, and time to
market.
The design and transition of a cloud-based service may take time, as it can be
complex. It is a good idea to approach the service as a project. Equally, it might
be wise to approach the service as a minimal viable product.
Once in place, many of the on-going design and transition activities for cloud-
based services can be handled using DevOps or Agile methods, which would
allow the workload to be handled in short, incremental bursts, which would
initiate a higher velocity of change.
Please note: some changes are not suited to a high velocity.

Obtain/build The purpose of the Obtain/build activity is to ensure that service components
are available when and where they are needed, and that they meet agreed
specifications.
With cloud-based services, there is less need to build back-end infrastructure,
platforms or applications, as they come as part of the cloud service.
Most cloud-based services have to be subscribed to in order to gain access.
Frequently, they have to be configured to work with the organization’s existing IT
infrastructure and services (which may contain other cloud-based services).
Once in place, the build phase for cloud-based services may refer to building
required improvements.
Wherever possible, it is good practice to automate build activities, including
testing and validation, using relevant continual integration/continual deployment
(CI/CD) toolchains.

*
NIST. National Institute for Standards in Technology. www.nist.gov NIST defined these basic characteristics of cloud.

14 ITIL® 4 and the Cloud AXELOS.COM

 Value-chain Products and services examples
activity
Deliver and support The purpose of the Deliver and support activity is to ensure that services are
delivered and supported according to agreed specifications and stakeholder
expectations.

Initially, a new cloud-based service is provided. This could be a technical cloud

service for the IT function or a software application to be used by business users,
customers or consumers, the ongoing activity would support and maintain the
service.

Many cloud vendors manage incidents, problems, changes, and levels of

availability and capacity as part of their service delivery. This reduces the
activities the organization has to take on themselves.

In the event of a cloud-based service going offline, the organization could be left
with limited information regarding service restoration.

NIST. National Institute for Standards in Technology. www.nist.gov NIST defined these basic characteristics of cloud.
*

In many cases, once a cloud service, such as IaaS, PaaS and SaaS3 is in use, the engage, design and
transition, and obtain/build stages of the SVS can be automated using automated tool chains, leading to
higher velocity of change in line with good DevOps practices.

9. Value stream mapping

The fourth dimension of service management is value streams and processes, which are applicable to
both the SVS in general, and to specific products and/or services. In either context, value streams and
processes define the activities, workflows, controls, and procedures that are essential for the organization
to achieve its agreed objectives. The objectives for cloud-based services should be documented within an
organization-level strategy that is tailored to the cloud.

Applied to the organization and its SVS, the value streams and processes dimension is concerned with how
the various parts of the organization work in an integrated and coordinated way to enable the creation of
value through products, services and in this case, cloud-based services.

See Appendix A: Examples of Value Streams in ITIL® Foundation for examples of how the SVS model
can be used to develop appropriate value stream mapping. Apply this approach, along with the
templates in Appendix A.4, to cloud based-services.

10. Service financial management

Traditionally, IT costs and allocations came from a fixed budget which funded the IT function and its
services. Hardware was a capital expenditure (CAPEX), which could be written off over several years.
However, cloud services are consumed as utilities, which are paid for from the operational budget, (OPEX).

3
IaaS – Infrastructure as a Service, PaaS – Platform as a Service, SaaS – Software as a Service.

AXELOS.COM ITIL® 4 and the Cloud 15

ITIL Foundation: ITIL 4 edition states:

The emergence of new technology has affected the way that every organization manages its IT
services from a financial perspective. Much of the current wave of technological evolution has been
enabled by cloud computing, and this seems likely to continue for the foreseeable future. This has
led to a major change in how IT services are obtained, funded, and paid for by organizations.

Traditionally, IT resources were obtained using upfront capital expenditure (CAPEX). However, under
the cloud model, the provision of IT infrastructure, platforms, and software is provided ‘as a service’.
This model generally uses subscription-based or pay-as-you-use charging mechanisms which are
paid for out of operational expenditure (OPEX).

Another area that has seen change is the organization’s approach to setting and managing IT
budgets. Flexible IT budgets are required to meet the costs of scaling cloud-based services in an
Agile and on-demand way. Fixed IT budgets, often forecast months in advance, struggle to account
for the scaling of IT resources in this way.

Procurement rules within organizations are also having to change. There remains a place for
fixed-price IT projects and services; however, cloud-based digital services are generally sold under
a variable-price model, i.e. the more you use and consume, the more you pay, and vice versa.
Therefore, those organizations that have not updated their procurement rules to allow them to buy
variable-priced IT resources will face a large self-made barrier preventing them from using cloud-
based digital services. To be as effective as possible, organizations must update their policies and
educate their staff to ensure that they can purchase IT under a variable-priced model.

The advice is to:

zz move away from inflexible budgets to flexible cost and charge models
zz establish proper billing mechanisms which charge departments and users based on usage, not pre-defined budgets.

Reducing capital expenditure is likely to lead to increases in operational expenditure, (though CCC research
indicates this is not always the case). The organization needs to understand how to accommodate the
increased operations expenditure in their budgeting. Some organizations may wish to put the CAPEX they
save toward further IT projects. As such, it is important to identify the organization’s strategy for how they
intend to pay for IT services, systems and applications. It is possible the organization will adopt a hybrid
approach to capital and operations.

11. Service level agreements

Service level agreements (SLAs) lay out the minimum level of service delivered to the customer. As such,
SLAs should be agreed in a wider business context and focus on what matters most to the customer.

ITIL Foundation: ITIL 4 Edition states the following:

Using SLAs may present many challenges; often they do not fully reflect the wider service
performance and the user experience.

Service level management requires focus and effort to engage and listen to the requirements, issues,
concerns, and daily needs of customers:

• Engagement is needed to understand and confirm the actual ongoing needs and requirements of customers, not
simply what is interpreted by the service provider or has been agreed several years before

16 ITIL® 4 and the Cloud AXELOS.COM

 • Listening is important as a relationship-building and trust-building activity, to show customers that they are
valued and understood. This helps to move the provider away from always being in ‘solution mode’ and to build
new, more constructive partnerships.

Service level management involves collating and analysing information from a number of sources
including:

Customer engagement – This involves initial listening, discovery, and information capture on which
to base metrics, measurement, and ongoing progress discussions. Consider asking customers some
simple open questions such as:

• What does your work involve?

• How does technology help you?
• What are your key business times, areas, people, and activities?
• What differentiates a good day from a bad day for you?
• Which of these activities is most important to you?
• What are your goals, objectives, and measurements for this year?
• What is the best measure of your success?
• How do you base your opinion and evaluation of a service or IT/technology?
• How can we help you more?

This is good advice. However, there is one simple, but significant, consideration regarding cloud-based
services to consider. Most public cloud-based services provide a generic form of cloud service to their
customers and consumers. There is limited ability to change the overall service, including how it is
presented and delivered. This reduces the cost of support, maintenance and upkeep of the service. As a
consequence, the service provider expects the customer and consumer to accept the terms and conditions
of their services, without negotiation, as we see with the many public cloud-based email services.

It is important to negotiate service levels for cloud-based services wherever possible. However, where
service levels cannot be negotiated, consider the following:

1. Accept that the service levels for the public cloud service is non-negotiable.
2. Analyse the service levels which will be provided for that service.
3. Review the full terms and conditions which govern the service.
4. Identify the differences in customer expectations against what is being offered by the service provider.
5. Update stakeholders on how their requirements differ from the service the provider is willing to deliver. This step is likely
to require a change in their expectations. Upfront and early communication is critical.
A simple example is the public cloud-based email service which offers a minimum level of service
availability. However, the IT department still logs and manages email issues under a priority response
model, i.e. urgency + impact = priority. Worse still, the business expects the IT function to restore the
email service within a specific timeframe e.g. a fix expected within one hour, which indicates a mismatch
between expectation and reality.

It is important to consider:

zz Does your organization know and understand this change in service level?
zz Does your organization have IT professionals and staff capable of dealing with these common situations?
zz Does your organization currently have an expectation of what service levels they think they are getting, rather than what
they are getting. How significant is the gap?

AXELOS.COM ITIL® 4 and the Cloud 17

It is critical to understand that cloud-based service levels, especially for public cloud-based services, are
generally very different from the traditional service levels and T&Cs that the organization has dealt with in
the past.

12. DevOps, change control and velocity of change

Two important characteristics of cloud are on-demand self-service and rapid elasticity. These characteristics
allow changes to cloud-based services to be made instantly. At a basic level, change velocity is a
measurement of the speed at which IT changes can be made. On-demand self-service and rapid elasticity
increase the potential velocity of change for cloud-based services.

Rapid elasticity
Rapid elasticity is the ability for a cloud-service to adapt to continual increases and decreases in
demand for its resources. In rapid elasticity, supply of resources is closely matched to the level
or resources demanded. For example, if the number of users buying from a website increased
substantially at a given point in time, extra processing resources may be required. In this example,
auto-provisioning of extra resources could be enabled where the extra resources could be provided
automatically to the website when needed, and then reduced when the demand for resources
lowers.

On-demand self-service
On-demand self-service is the ability for end-users, customers and consumers to provision cloud-
based services or cloud resources themselves, in real-time and when needed. This is generally
done through interfaces or web portals made available by cloud providers. On-demand self-service
provided mechanisms to quickly increase or decrease cloud resources quickly; thus supporting the
rapid elasticity nature of cloud-based services.

Cloud infrastructure enables faster deployment of new and changed cloud configurations settings, resulting
in services that change quickly and with a high velocity. The ability to configure and deploy computing
hardware with the same speed as new applications is a prerequisite for the success of DevOps and similar
initiatives, which support the requirement of the modern organization for quicker time to market and more
rapid digitalization of services.

Traditional waterfall-based release cycles tend to have a low change velocity, especially when compared
with DevOps change activity on a cloud-based service. DevOps uses automation of the development and
testing toolchain where possible to increase the velocity of change. This promotes a faster cadence (or
cycle time) of CI/CD.

ITIL 4 acknowledges that a faster change velocity is critical for DevOps and is a requirement for many
organizations. ITIL 4 introduces a practice called change control (not to be confused with the change
management process). The purpose of change control is to ‘maximize the number of successful IT changes
by ensuring that risks have been properly assessed, changes have been authorized to proceed, and the
change schedule is properly managed’.

There are three types of change that are managed by change control:

zz standard changes
zz normal change
zz emergency change

18 ITIL® 4 and the Cloud AXELOS.COM

Cloud-based services can be affected by any of these types of change. Standard and normal changes can
be used to formalize high velocity DevOps changes on cloud-based services. In many cases, the goal is
to automate as much work as possible to achieve continuous integration and continuous delivery. High
velocity DevOps changes will be classed as either standard or normal, even if specific DevOps toolchains
are used to record, approve, implement, test and verify the change.

This type of high-velocity service delivery can bring the following benefits:

zz focus on fast delivery of new and changed IT services to users

zz integration of product and service management practices
zz extensive automation of the service delivery supply chain.

However, market analysis undertaken by the CCC2 and the DevOps Agile Skills Association (DASA) shows
that:

many organisations attempt to introduce DevOps practices, only to be slowed down by:

• Inflexible and bureaucratic processes

• Inflexible people, command-and-control management
• Not implementing automation and correctly configured toolsets to support incremental increases in change
• Strict adherence to all change requests having to be approved via a change control board or meeting e.g. on a
weekly or fortnightly schedule

If the organization is to adopt DevOps successfully, it will need to take an agile approach. Agile is a
timeboxed, flexible, and adaptive approach to IT that allows for a rapid response to change through the
collaboration of small, cross-functional teams. Agile ways of working give development teams autonomy
and allow them to self-organize, and the methodology promotes collaboration between customers, users,
and development teams at every opportunity.

From an ITIL perspective, SVS supports many approaches, such as Agile, DevOps and Lean, as well as
traditional process and project management, with a flexible value-oriented operating model. From a cloud
perspective, the on-demand self-service, rapid elasticity, and resource pooling characteristics of cloud-
based services are ideal for an Agile/DevOps environment.

It is important to consider how risks are managed when taking an Agile approach to software development,
as the risks are different to those faced with a waterfall model. Many controls and governance structures
that are required to manage risk under a waterfall model will have to be adapted and modified to work in
an agile CI/CD environment.

However, care must be taken to only apply Agile and DevOps to situations which are suitable for high
velocity, highly automated change. Just because an application can scale and change quickly does not
mean it would suit an Agile approach. For example, medical applications built on cloud-based services
which run life support systems for critical ill patients may not be suitable for high velocity change. Such
an application needs highly regulated, controlled and slow velocity change, to ensure no individual change
threatens the well-being of the patient.

2
The CCC conducts research on a continual basis. Research methods include; global surveys, industry analysis, expert panel
reviews and pre-and-post classroom surveys. Findings are also published in CCC reports and whitepapers.

AXELOS.COM ITIL® 4 and the Cloud 19

The IT function must protect services, applications and IT infrastructure that are not suitable for agile
development. This means:

zz re-defining the change process, end-to-end, incorporating agility where needed

zz re-defining the scope of the change advisory board (CAB), maybe even removing it from all operational activities
zz modifying the process used to approve change activities
zz changing existing attitudes, behaviours and expectations throughout the organization relating to how change occurs within
agile environments
zz updating or redefining the change control process to a value stream perspective.

Delayering and removing siloed work practices, allowing greater collaboration and automating workflows
help to create a more agile working environment, which leads to a more agile organization.

13. Summary
Technology is changing at a faster rate than at any other period in history. The fourth industrial revolution is
here and is evident all around us, both in our personal lives and at work. New technology is being adopted
at a faster rate than ever before. All of this new technology drives innovation, creates new and exciting
opportunities while challenging current, successful, business models. The only constant is change.

Changing technology and changing business models are causing the organization to recognize that it
also needs to change. Using the latest technologies with work practices from the past will not lead to
competitive advantage, nor will not drive innovation.

ITIL 4 provides a level of guidance the organization needs in order to address new service management
challenges and utilize the potential of modern technology. Cloud technology can help us provide a better
service for the customer, while potentially making savings for the organization. The onus is on us to make
the right choices for the right reasons to achieve the right results. Hopefully, this paper can help you
understand the choices you have to make.

14. References
AXELOS Global Best Practice: www.axelos.com/IT-Service-Management-ITIL/

AXELOS (2019) ITIL Foundation: ITIL 4 edition. The Stationery Office, London.

Cloud Credential Council: www.cloudcredential.org.

[The CCC conducts research on a continual basis. Research methods include; global surveys, industry
analysis, expert panel reviews and pre-and-post classroom surveys. Findings are also published in CCC
reports and whitepapers.]

20 ITIL® 4 and the Cloud AXELOS.COM

15. About the author

Mark O’Loughlin is the Managing Director of the Cloud Credential Council

(CCC).

Mark is also the owner and Managing Director of consulting firm, Red
Circle Strategies which provides strategic, management and digital advisory,
consulting and education services.

Author of two books, Mark has written Professional Cloud Service Manager (PCSM), one of the core
certifications provided by the CCC and The Service Catalog published as part of the ITSM Best-Practice
library.

Mark is a professional keynote speaker, regularly asked to speak at conferences and events. Mark is a
former director at itSMF Ireland and a Fellow of the Irish Computer Society (FICS). Mark holds an MBA and
was one of the first people to be globally awarded the ITIL® Master accreditation.

AXELOS.COM ITIL® 4 and the Cloud 21

16. About AXELOS
AXELOS is a joint venture company co-owned by the UK Government’s Cabinet Office and
Capita plc.

It is responsible for developing, enhancing, and promoting a number of best practice

methodologies used globally by professionals working primarily in project, programme and
portfolio management, IT service management and cyber resilience.

The methodologies, including ITIL®, PRINCE2®, PRINCE2 Agile®, MSP®, RESILIA®, and its
newest addition AgileSHIFT® are adopted in more than 150 countries to improve employees’
skills, knowledge, and competence in order to make both individuals and organisations work
more effectively.

In addition to globally recognized qualifications, AXELOS equips professionals with a wide

range of content, templates and toolkits through the CPD aligned My AXELOS and our online
community of practitioners and experts.

Visit www.AXELOS.com for the latest news about how AXELOS is ‘Making organizations
more effective’ and registration details to join AXELOS’ online community. If you have specific
queries, requests or would like to be added to the AXELOS mailing list please contact
Ask@AXELOS.com.

17. Trade marks and statements

AXELOS®, the AXELOS swirl logo®, ITIL®, PRINCE2®, PRINCE2 Agile®, MSP®, M_o_R®,
P3M3®, P3O®, MoP®, MoV®, RESILIA® and AgileSHIFT® are registered trade marks of
AXELOS Limited. All rights reserved.

RU Digital Ready?™ is a trademark of the Cloud Credential Council.

DASA® is a trade mark of the DevOps Agile Skills Association.

Copyright © AXELOS Limited 2019.

Cover image is copyright Getty Images/Rick_Jo

Reuse of any content in this White Paper is permitted solely in accordance with the permission
terms at https://www.axelos.com/policies/legal/permitted-use-of-white-papers-and-case-studies

A copy of these terms can be provided on application to AXELOS at Licensing@AXELOS.com

Our Case Study series should not be taken as constituting advice of any sort and no liability is
accepted for any loss resulting from or use of or reliance on its content. While every effort is
made to ensure the accuracy and reliability of information, AXELOS cannot accept responsibility
for errors, omissions, or inaccuracies. Content, diagrams, logos, and jackets are correct at time
of going to press but may be subject to change without notice.

Sourced and published on www.AXELOS.com

AXELOS.COM IT Service Management and the Cloud 22

About this White Paper
As the traditional IT landscape shifts, the IT model
that has served us well in the past has changed
significantly. New digital technologies require
organizations to change or adapt their business
models. This digital transformation is being driven by
emerging technologies

WWW.AXELOS.COM @AXELOS_GBP AXELOS Global Best Practice AXELOS