Professional Documents
Culture Documents
11 Itil4andthecloud
11 Itil4andthecloud
11 Itil4andthecloud
Mark O'Loughlin
White paper
February 2019
1. Contents
1 Introduction 03
2 What is ITIL? 04
13 Summary 20
14 References 20
16 About AXELOS 22
zz IT technologies
zz management of IT
zz business models
zz attitudes, behaviours, and culture.
As the traditional IT landscape shifts, the IT model that had proven successful has evolved significantly.
New digital technologies require organizations to change or adapt their business models. This digital
transformation is being driven by emerging technologies, for example:
zz cloud
zz Big Data
zz internet of things (IoT)
zz blockchain
zz artificial intelligence (AI).
This technological change has been so significant that it is commonly referred to as the Fourth Industrial
Revolution. However, if IT service management (ITSM) professionals and the IT function want to remain
relevant in this new IT landscape, they need to fully understand what digital transformation is about. They
also need to become leaders and trusted advisors in their organization on all matters relating to cloud. This
is because cloud is the most common of the digital technologies being adopted today.
A significant difficulty facing ITSM professionals is where to start. What needs to be addressed to make a
difference? Going back to first principles, the following is good advice:
zz Frameworks such as ITIL, DevOps, Lean and Agile can help the organization to structure activities to drive results.
zz Vendor-neutral training and education is important, as it helps the organization and IT professionals cope with hybrid
cloud environments, i.e. multiple cloud services.
zz Vendor-specific technology training is equally as important, as digital technologies and their capabilities continue
to evolve.
Upskilling IT professionals to deliver value, from digital technologies, as opposed to doing tasks, is a
necessity, even if it remains a significant and often overlooked gap. Focusing on the technology alone will
not deliver digital success, digital innovation, or digital value; it will only deliver new technology.
Continue Providing technology training Covering both vendor specific and vendor neutral
technology training.
Combine Current and emergent practices, It is only by combining current and emergent
training and education and practices, technology, training and education will
technology training organizational and business change occur to such a
level where value is delivered, and change happens
across the entire IT function and throughout the
organization.
BCC model is copyright of Red Circle Strategies ©2019
This whitepaper looks at the way traditional IT service management practices have been impacted and
challenged by the disruptive nature of cloud computing1. It also examines the way ITIL 4 can be utilized to
meet the challenges that rise from the adoption of cloud-based services. It supplements ITIL 4, and stands
in relation to ITIL 4, the CCC digital and cloud portfolio, and the Professional Cloud Service Manager
(PCSM) certification.
2. What is ITIL?
ITIL has led the ITSM industry with guidance, training, and certification programmes for more than
30 years. ITIL 4 brings ITIL up to date by re-shaping many of the established ITSM practices in the context
of customer experience, value streams, and digital transformation, as well as embracing new ways of
working, such as Lean, Agile, and DevOps. The guidance provided by ITIL publications can be adopted
and adapted for all manner of organization and service, including cloud-based services.
1
Cloud computing will be referred to as ‘cloud’ or ‘cloud-based services’ throughout this white paper.
Because of these changes, the organization and individuals need to change the way they work.
There are similarities between cloud and cloud-based services and the definition of a service as defined in
ITIL Foundation: ITIL 4 edition:
Service
A means of enabling value co-creation by facilitating outcomes that customers want to achieve,
without the customer having to manage specific costs and risks.
The premise of cloud is that it allows IT, business, customer and consumer services to be provided with
greater economies of scale, quicker, faster and cheaper and without the need for the service provider to
own the entire IT infrastructure, platform, software or applications themselves. Peaks in demand for IT,
business and customer services can be automatically provisioned for, leading to a pay-per-use model.
A pay-per-use model can, in certain circumstances, lower the cost of service delivery by eliminating full
ownership of back-end IT infrastructure, platforms, software and applications.
Cloud is now ubiquitous in our lives. People and organizations use the cloud every day, often unknowingly.
However, from an organizational perspective, the realization of the benefits from cloud and digital
technologies is dependent on:
zz how well the organization adopts and uses cloud and digital technologies
zz having sufficiently trained IT professionals with technical and non-technical digital and cloud skills.
However, cloud was born out of disruption. The latest developments in cloud and digital technologies allow
the organization to develop new business models, which will give them a competitive advantage over
traditional businesses. For example, Amazon continues to take market share from high street retailers while
4.1. OUTSOURCING
Cloud is a form of outsourcing. In moving to the cloud, the organization outsources specific tasks and
responsibilities to the cloud service provider. This leads to the organization, and the IT function as the
internal IT service provider, to shift away from managing some of the technical aspects of delivering the
service, including: IT process management; risk management; financial management; IT architecture;
interoperability of systems; security; and IT service management in general.
Public cloud-based services are provided to the organization under contracts which have different metrics
to traditional IT services. Availability is a key indicator of service provision of public cloud services.
However incident resolution times, root cause analysis, change notifications and customer specific service
level agreements are generally not defined for the customers of many public cloud-based services.
There is one fundamental aspect which will not change. The IT function and the organization must retain
overall responsibility for the end-to-end design, architecture, interoperability, security and risk management,
etc. of the services they provide, no matter how much or how little of that service is outsourced to the
cloud vendor. End-to-end responsibility cannot be outsourced.
2
The CCC conducts research on a continual basis. Research methods include; global surveys, industry analysis, expert panel
reviews and pre-and-post classroom surveys. Findings are also published in CCC reports and whitepapers.
How do I report the expected incident resolution fix-time to the CIO when our
public cloud email application goes offline?
Problem manager Why won’t the public cloud service provider provide root cause analysis (RCA)
for the major application problem we had last week?
I am under pressure to provide the CIO a reason other than ‘cloud-failure’; the
CIO needs to report to the board.
Change manager Do we still need a change advisory board (CAB) or our weekly two-hour
change approval meetings?
How do I manage and report change activity which occurs in a cloud service
providers’ environment?
Why are DevOps teams allowed to make changes without following our change
process or procedures?
Availability manager How do I ensure availability of systems, applications and services when I
cannot control or manage the parts provided by cloud service providers?
Service level manager How do I report our typical IT service management metrics to management?
I do not get metrics from public cloud service providers. Even when they
provide me with the monthly availability measurements, they differ from the
availability we measure for many of the other cloud-based infrastructure,
services and applications we use.
Finance manager I was told that moving to the cloud was going to save us a lot of money. I have
not seen any savings to date. Why not?
Actually, never mind that: who is spending the OPEX budget and on what?
Our monthly spend on cloud seems to be increasing but I don’t know why
and can’t see any additional revenue coming into the business from this extra
spend. The CIO does not seem to know either, which is a concern.
VP of products I asked IT to ensure that our online shop would be always available during
the busy shopping period. We requested that IT integrate two new forms of
online payment wallets. In addition, we need to analyse purchaser shopping
preferences from the customer’s previous visits using some form of analytics,
which IT refer to as their big data capability. However, I have yet to see any of
this working consistently. So much for this cloud and digital revolution I keep
hearing about!
Head of marketing We decided to use a public cloud-based service to run this years’ marketing
and social media campaign.
The CIO said we cannot use the cloud service which we have subscribed to
due to some problem with our data existing on a server outside the European
Union. I don’t understand what this means, and I don’t really care. Anyway,
doesn’t cloud do away with the need for servers these days?
The cloud service we signed up to is really good value and does what we need
it to do. However, IT needs to sort out single-sign-on and to make the cloud
system work with our CRM application. They seem to be having problems with
this, as usual.
All roles How are we to change and adapt our current work practices to be more agile
and flexible, and to work with DevOps and Lean ideas? How are we to benefit
from using cloud where problems are solved, not introduced?
The above scenarios are still common today. In order for the organisation and IT Professionals to
deal with and find answers to these questions and challenges, they need to understand the context
of what the cloud is. Context requires more than just a working definition of cloud.
The key components of the ITIL 4 framework are the service value system (SVS) and the four dimensions
model.
5.1. SVS
The SVS, shown in Figure 1.1, represents the way the activities of the organization combine to create value
through IT-enabled services. The SVS facilitates integration and coordination of the activities and provides a
strong, unified, value-focused direction for the organization.
Opportunity/
demand
2
The CCC conducts research on a continual basis. Research methods include; global surveys, industry analysis, expert panel
reviews and pre-and-post classroom surveys. Findings are also published in CCC reports and whitepapers.
5.5. GOVERNANCE
The SVS includes governance activities that enable the organization to continually align its operations with
the strategic direction set by its governing body.
6.2. GOVERNANCE
Governance activities enable the organization to align their choices and use of cloud-based services with
the strategic direction set by the organization’s governing body and stakeholders. It is critical to consider
how cloud-based services will be directed, controlled and monitored when parts of the service are not
accessible by the organization, and contract terms, conditions and service levels may not be negotiable.
The defined activities may be generic in some cases, whereas in others they might be specific e.g. a
specific cloud service from a specific cloud vendor.
ITIL 4 has relabelled what were previously referred to as processes as practices. By using cloud-based
services, organizations are able to reduce tasks for some of the practices, as these will be carried out by
cloud service providers.
For example, with public cloud email services, the service provider is responsible for maintaining the
entire back-end infrastructure behind the email service, including the management of incidents, problems,
changes, releases, changes, capacity, etc.
Many organizations who need to integrate cloud-based services with their traditional IT and business
services are likely to retain the processes and practices that allow them to manage incidents, problems,
changes, releases, changes, capacity and availability from an end-to-end, holistic perspective.
Accountability for the overall service will remain with the organization that procured the cloud service.
ITIL 4 supports continual improvement through the ITIL continual improvement model. A holistic approach
to the continual improvement of the SVS of cloud-based services should be aligned with the continual
service improvement practice.
DevOps methods work holistically and ensure that improvements are not only well designed but also
effectively applied.
The service value chain can be adapted to multiple approaches, including DevOps and centralized IT, to
address the need for multimodal service management. The adaptability of the value chain enables the
organization to react to the changing demands of its stakeholders effectively and efficiently.
The flexibility of the service value chain is further enhanced by ITIL practices. Each ITIL practice
supports multiple service value chain activities, providing a comprehensive and versatile toolset for ITSM
practitioners.
Table 3 shows the six activities within the service value chain which lead to the creation of products and
services and, in turn, value.
zz plan
zz improve
zz engage
zz design and transition
zz obtain/build
zz deliver and support.
A cloud Plan should be aligned to the overall business strategy, and should
include take into consideration the needs of the business and IT stakeholders. It
should include:
zz policy statement
zz organizational vision
zz organizational objectives
zz key drivers for adoption
zz risks and issues
zz individual policy statements
zz glossary
If cloud is adopted for the right reasons and in the right way, it should bring
improvements for both IT and the business.
*
NIST. National Institute for Standards in Technology. www.nist.gov NIST defined these basic characteristics of cloud.
Design and transition The purpose of the Design and transition activity is to ensure that products and
services continue to meet stakeholder expectations for quality, cost, and time to
market.
The design and transition of a cloud-based service may take time, as it can be
complex. It is a good idea to approach the service as a project. Equally, it might
be wise to approach the service as a minimal viable product.
Once in place, many of the on-going design and transition activities for cloud-
based services can be handled using DevOps or Agile methods, which would
allow the workload to be handled in short, incremental bursts, which would
initiate a higher velocity of change.
Please note: some changes are not suited to a high velocity.
Obtain/build The purpose of the Obtain/build activity is to ensure that service components
are available when and where they are needed, and that they meet agreed
specifications.
With cloud-based services, there is less need to build back-end infrastructure,
platforms or applications, as they come as part of the cloud service.
Most cloud-based services have to be subscribed to in order to gain access.
Frequently, they have to be configured to work with the organization’s existing IT
infrastructure and services (which may contain other cloud-based services).
Once in place, the build phase for cloud-based services may refer to building
required improvements.
Wherever possible, it is good practice to automate build activities, including
testing and validation, using relevant continual integration/continual deployment
(CI/CD) toolchains.
*
NIST. National Institute for Standards in Technology. www.nist.gov NIST defined these basic characteristics of cloud.
In the event of a cloud-based service going offline, the organization could be left
with limited information regarding service restoration.
NIST. National Institute for Standards in Technology. www.nist.gov NIST defined these basic characteristics of cloud.
*
In many cases, once a cloud service, such as IaaS, PaaS and SaaS3 is in use, the engage, design and
transition, and obtain/build stages of the SVS can be automated using automated tool chains, leading to
higher velocity of change in line with good DevOps practices.
Applied to the organization and its SVS, the value streams and processes dimension is concerned with how
the various parts of the organization work in an integrated and coordinated way to enable the creation of
value through products, services and in this case, cloud-based services.
See Appendix A: Examples of Value Streams in ITIL® Foundation for examples of how the SVS model
can be used to develop appropriate value stream mapping. Apply this approach, along with the
templates in Appendix A.4, to cloud based-services.
3
IaaS – Infrastructure as a Service, PaaS – Platform as a Service, SaaS – Software as a Service.
The emergence of new technology has affected the way that every organization manages its IT
services from a financial perspective. Much of the current wave of technological evolution has been
enabled by cloud computing, and this seems likely to continue for the foreseeable future. This has
led to a major change in how IT services are obtained, funded, and paid for by organizations.
Traditionally, IT resources were obtained using upfront capital expenditure (CAPEX). However, under
the cloud model, the provision of IT infrastructure, platforms, and software is provided ‘as a service’.
This model generally uses subscription-based or pay-as-you-use charging mechanisms which are
paid for out of operational expenditure (OPEX).
Another area that has seen change is the organization’s approach to setting and managing IT
budgets. Flexible IT budgets are required to meet the costs of scaling cloud-based services in an
Agile and on-demand way. Fixed IT budgets, often forecast months in advance, struggle to account
for the scaling of IT resources in this way.
Procurement rules within organizations are also having to change. There remains a place for
fixed-price IT projects and services; however, cloud-based digital services are generally sold under
a variable-price model, i.e. the more you use and consume, the more you pay, and vice versa.
Therefore, those organizations that have not updated their procurement rules to allow them to buy
variable-priced IT resources will face a large self-made barrier preventing them from using cloud-
based digital services. To be as effective as possible, organizations must update their policies and
educate their staff to ensure that they can purchase IT under a variable-priced model.
zz move away from inflexible budgets to flexible cost and charge models
zz establish proper billing mechanisms which charge departments and users based on usage, not pre-defined budgets.
Reducing capital expenditure is likely to lead to increases in operational expenditure, (though CCC research
indicates this is not always the case). The organization needs to understand how to accommodate the
increased operations expenditure in their budgeting. Some organizations may wish to put the CAPEX they
save toward further IT projects. As such, it is important to identify the organization’s strategy for how they
intend to pay for IT services, systems and applications. It is possible the organization will adopt a hybrid
approach to capital and operations.
Using SLAs may present many challenges; often they do not fully reflect the wider service
performance and the user experience.
Service level management requires focus and effort to engage and listen to the requirements, issues,
concerns, and daily needs of customers:
• Engagement is needed to understand and confirm the actual ongoing needs and requirements of customers, not
simply what is interpreted by the service provider or has been agreed several years before
Service level management involves collating and analysing information from a number of sources
including:
Customer engagement – This involves initial listening, discovery, and information capture on which
to base metrics, measurement, and ongoing progress discussions. Consider asking customers some
simple open questions such as:
This is good advice. However, there is one simple, but significant, consideration regarding cloud-based
services to consider. Most public cloud-based services provide a generic form of cloud service to their
customers and consumers. There is limited ability to change the overall service, including how it is
presented and delivered. This reduces the cost of support, maintenance and upkeep of the service. As a
consequence, the service provider expects the customer and consumer to accept the terms and conditions
of their services, without negotiation, as we see with the many public cloud-based email services.
It is important to negotiate service levels for cloud-based services wherever possible. However, where
service levels cannot be negotiated, consider the following:
1. Accept that the service levels for the public cloud service is non-negotiable.
2. Analyse the service levels which will be provided for that service.
3. Review the full terms and conditions which govern the service.
4. Identify the differences in customer expectations against what is being offered by the service provider.
5. Update stakeholders on how their requirements differ from the service the provider is willing to deliver. This step is likely
to require a change in their expectations. Upfront and early communication is critical.
A simple example is the public cloud-based email service which offers a minimum level of service
availability. However, the IT department still logs and manages email issues under a priority response
model, i.e. urgency + impact = priority. Worse still, the business expects the IT function to restore the
email service within a specific timeframe e.g. a fix expected within one hour, which indicates a mismatch
between expectation and reality.
It is important to consider:
zz Does your organization know and understand this change in service level?
zz Does your organization have IT professionals and staff capable of dealing with these common situations?
zz Does your organization currently have an expectation of what service levels they think they are getting, rather than what
they are getting. How significant is the gap?
Rapid elasticity
Rapid elasticity is the ability for a cloud-service to adapt to continual increases and decreases in
demand for its resources. In rapid elasticity, supply of resources is closely matched to the level
or resources demanded. For example, if the number of users buying from a website increased
substantially at a given point in time, extra processing resources may be required. In this example,
auto-provisioning of extra resources could be enabled where the extra resources could be provided
automatically to the website when needed, and then reduced when the demand for resources
lowers.
On-demand self-service
On-demand self-service is the ability for end-users, customers and consumers to provision cloud-
based services or cloud resources themselves, in real-time and when needed. This is generally
done through interfaces or web portals made available by cloud providers. On-demand self-service
provided mechanisms to quickly increase or decrease cloud resources quickly; thus supporting the
rapid elasticity nature of cloud-based services.
Cloud infrastructure enables faster deployment of new and changed cloud configurations settings, resulting
in services that change quickly and with a high velocity. The ability to configure and deploy computing
hardware with the same speed as new applications is a prerequisite for the success of DevOps and similar
initiatives, which support the requirement of the modern organization for quicker time to market and more
rapid digitalization of services.
Traditional waterfall-based release cycles tend to have a low change velocity, especially when compared
with DevOps change activity on a cloud-based service. DevOps uses automation of the development and
testing toolchain where possible to increase the velocity of change. This promotes a faster cadence (or
cycle time) of CI/CD.
ITIL 4 acknowledges that a faster change velocity is critical for DevOps and is a requirement for many
organizations. ITIL 4 introduces a practice called change control (not to be confused with the change
management process). The purpose of change control is to ‘maximize the number of successful IT changes
by ensuring that risks have been properly assessed, changes have been authorized to proceed, and the
change schedule is properly managed’.
There are three types of change that are managed by change control:
zz standard changes
zz normal change
zz emergency change
This type of high-velocity service delivery can bring the following benefits:
However, market analysis undertaken by the CCC2 and the DevOps Agile Skills Association (DASA) shows
that:
many organisations attempt to introduce DevOps practices, only to be slowed down by:
If the organization is to adopt DevOps successfully, it will need to take an agile approach. Agile is a
timeboxed, flexible, and adaptive approach to IT that allows for a rapid response to change through the
collaboration of small, cross-functional teams. Agile ways of working give development teams autonomy
and allow them to self-organize, and the methodology promotes collaboration between customers, users,
and development teams at every opportunity.
From an ITIL perspective, SVS supports many approaches, such as Agile, DevOps and Lean, as well as
traditional process and project management, with a flexible value-oriented operating model. From a cloud
perspective, the on-demand self-service, rapid elasticity, and resource pooling characteristics of cloud-
based services are ideal for an Agile/DevOps environment.
It is important to consider how risks are managed when taking an Agile approach to software development,
as the risks are different to those faced with a waterfall model. Many controls and governance structures
that are required to manage risk under a waterfall model will have to be adapted and modified to work in
an agile CI/CD environment.
However, care must be taken to only apply Agile and DevOps to situations which are suitable for high
velocity, highly automated change. Just because an application can scale and change quickly does not
mean it would suit an Agile approach. For example, medical applications built on cloud-based services
which run life support systems for critical ill patients may not be suitable for high velocity change. Such
an application needs highly regulated, controlled and slow velocity change, to ensure no individual change
threatens the well-being of the patient.
2
The CCC conducts research on a continual basis. Research methods include; global surveys, industry analysis, expert panel
reviews and pre-and-post classroom surveys. Findings are also published in CCC reports and whitepapers.
Delayering and removing siloed work practices, allowing greater collaboration and automating workflows
help to create a more agile working environment, which leads to a more agile organization.
13. Summary
Technology is changing at a faster rate than at any other period in history. The fourth industrial revolution is
here and is evident all around us, both in our personal lives and at work. New technology is being adopted
at a faster rate than ever before. All of this new technology drives innovation, creates new and exciting
opportunities while challenging current, successful, business models. The only constant is change.
Changing technology and changing business models are causing the organization to recognize that it
also needs to change. Using the latest technologies with work practices from the past will not lead to
competitive advantage, nor will not drive innovation.
ITIL 4 provides a level of guidance the organization needs in order to address new service management
challenges and utilize the potential of modern technology. Cloud technology can help us provide a better
service for the customer, while potentially making savings for the organization. The onus is on us to make
the right choices for the right reasons to achieve the right results. Hopefully, this paper can help you
understand the choices you have to make.
14. References
AXELOS Global Best Practice: www.axelos.com/IT-Service-Management-ITIL/
AXELOS (2019) ITIL Foundation: ITIL 4 edition. The Stationery Office, London.
Mark is also the owner and Managing Director of consulting firm, Red
Circle Strategies which provides strategic, management and digital advisory,
consulting and education services.
Author of two books, Mark has written Professional Cloud Service Manager (PCSM), one of the core
certifications provided by the CCC and The Service Catalog published as part of the ITSM Best-Practice
library.
Mark is a professional keynote speaker, regularly asked to speak at conferences and events. Mark is a
former director at itSMF Ireland and a Fellow of the Irish Computer Society (FICS). Mark holds an MBA and
was one of the first people to be globally awarded the ITIL® Master accreditation.
The methodologies, including ITIL®, PRINCE2®, PRINCE2 Agile®, MSP®, RESILIA®, and its
newest addition AgileSHIFT® are adopted in more than 150 countries to improve employees’
skills, knowledge, and competence in order to make both individuals and organisations work
more effectively.
Visit www.AXELOS.com for the latest news about how AXELOS is ‘Making organizations
more effective’ and registration details to join AXELOS’ online community. If you have specific
queries, requests or would like to be added to the AXELOS mailing list please contact
Ask@AXELOS.com.
Reuse of any content in this White Paper is permitted solely in accordance with the permission
terms at https://www.axelos.com/policies/legal/permitted-use-of-white-papers-and-case-studies
Our Case Study series should not be taken as constituting advice of any sort and no liability is
accepted for any loss resulting from or use of or reliance on its content. While every effort is
made to ensure the accuracy and reliability of information, AXELOS cannot accept responsibility
for errors, omissions, or inaccuracies. Content, diagrams, logos, and jackets are correct at time
of going to press but may be subject to change without notice.