Three Key Challenges Facing ISPs and Their Enterprise Clients
The enterprise IT leaders and teams your ISP supports face constantly shifting challenges. Too often, many are preoccupied with tactical firefighting to give sufficient thought the longer evolutionary arcs and greater effects on the business. Three such “below-the-water-line” challenges are highlighted below, along with suggestions to aid your ISP in helping their enterprise IT clients address those challenges effectively.
The Governance, Risk, and Compliance (GRC) Challenge
Changing regulations for everything from credit card processing to privacy requirements make two things clear: GRC is growing in importance worldwide, and successful management of GRC and operational transparency rely almost entirely on IT.
GRC is basically about accountability — to regulators, auditors, your board of directors, your investors, and to those who enforce compliance with best business practices. These can be defined by the business or based on industry guidelines such as ITIL (formerly the Information Technology Infrastructure Library), Control Objectives for Information and Related Technology (COBIT) or the Payment Card Industry Data Security Standard (PCI DSS). And, to the extent your business relies upon IT to do business, it must also rely upon IT to enable and support the accurate, timely reporting of what’s going on in the business to deliver such accountability.
At many enterprises and ISPs, dedicated GRC specialists rarely, if ever, have deep IT skills or deep relationships with those who run IT. And both the GRC and IT folks are often too busy firefighting and playing catch-up to engage with each other, until or unless an unexpected audit or large-scale data breach forces them to do so. And, by then, it’s a scramble to respond to requests or demands from auditors, regulators, and/or law enforcement.
Successful GRC management requires a proactive and holistic approach, and requires that IT be directly involved in development and execution. Evidence of this guidance is found in the recommendations of leading business advisors. For example, KPMG is a worldwide leader in both audit and GRC consulting and in IT. In its document entitled Governance, Risk and Compliance: Driving Value through Controls Monitoring*, the company advises that strategic, tactical, and operational GRC “controls monitoring tools” are essential to achieving a proactive, “big picture” view of GRC. Specifically, KPMG recommends that organizations take these three significant steps:
- Assess the organization’s current GRC maturity and identify its portfolio of key controls across the various compliance frameworks to which the business is subject.
- Select a tool to help monitor performance of these key controls.
- Build a “dashboard” to provide transparent performance reporting to decision makers and embed it within the regular business processes.
KPMG and other enterprise consultancies and advisory services also recommend integration of GRC controls monitoring, management, and reporting with Enterprise Resource Planning (ERP) solutions. But, truly successful, holistic GRC management and reporting efforts can also benefit greatly from integration with IT Service Management (ITSM) tools and processes at strategic, tactical, and operational levels as well.
Fortunately, modern ITSM tools are increasingly supporting features that enable closer integration of ITSM and GRC. For example, ServiceNow offers an IT GRC option that provides automation, integration, and flexible reporting that can ease and speed consolidation of GRC management and ITSM efforts in helpful ways. And the underlying ServiceNow Service Automation Platform can help enterprises to extend effective IT GRC management efforts to other areas of the business — notably change management.
But tools are only part of the solution. Effective relevant processes — and their adoption across the enterprise — are at least as critical as any tools. IT consultants and advisors are beginning to offer services that address GRC as well. One such company, Intréis, focuses specifically on what it calls “GRC-enabled ITSM,” and offers numerous services designed to help ServiceNow customers improve their efforts to integrate GRC and ITSM.
Your ISP can best help here by ensuring that its internal GRC management efforts, tools, and processes are effective and transparent. If your ISP offers consulting or advisory services, make sure these include credible, up-to-date information about GRC issues. And, if your ISP does not offer such services, consider partnering with a firm that does.
The Enterprise Service Management Challenge
Every enterprise activity is basically some combination of requests, efforts to fulfill those requests, and services that enable them. And at most (if not all) enterprises, most business-critical services are enabled and delivered via IT facilities. IT’s primary business value is therefore directly connected to its ability to enable, deliver, and manage the facilities and services that enable business-critical services. The single most-critical success factor for the majority of all enterprises is therefore the ability to manage those business-critical enterprise services, across the enterprise and the complete lifecycle of each and every service.
Success with enterprise service management requires effective deployment of processes and technologies proven effective and optimized for this essential task. In many (if not most) enterprises such proven processes and technologies likely already exist within the departments most experienced at successful delivery of enterprise services — in many enterprises, it is their ISP.
Replicating and scaling enterprise service management processes can empower a business with a single process-and-technology platform that is consistently effective across and even beyond the entire enterprise — arguably the most sure and sustainable path to competitive success for any company.
As their experience in delivering and managing services grows, enterprise IT teams are increasingly positioned to be seen as effective brokers of enterprise services beyond IT. A critical success factor here is the ability of most IT leaders and their teams to collaborate, market, and evangelize at unprecedented levels.
Wherever possible, your ISPs can best help enterprise IT teams by sharing success stories regarding enterprise service delivery. These will add to your ISP’s credibility, and provide both useful guidance and encouragement to clients and prospects considering activity in this area. Don’t forget to share your own organization’s useful and relevant experiences and expertise.
The Hybrid Infrastructure Management Challenge
For some time, many have opined about whether the future of enterprise IT infrastructures lies “in the cloud” — and therefore largely in the hands of ISPs — or in premise-based servers and data centers. This is a false dichotomy. For many (if not most) enterprises, IT infrastructures will include both cloud- and premise-based elements for the foreseeable future.
There are several reasons for this. Effective cloud-based IT infrastructure solutions offer multiple advantages, including reduced capital expenses and management complexity. However, there are numerous types of cloud-based solutions. Some rely primarily on public cloud resources. Some run on cloud infrastructures built and operated by vendors. Some run on so-called “private clouds,” which can run on systems in data centers operated by vendors or by enterprises themselves. And some run on varying combinations of these alternatives, known collectively as “hybrid clouds.”
As is true for their meteorological namesakes, different types of computing cloud solutions have different specific strengths, weaknesses, benefits, and drawbacks. And striking the optimal balance of these for each specific enterprise can be a daunting task, often requiring skills or expertise scarce or non-existent within incumbent IT teams. This is why traditional and emerging enterprise IT vendors have solution and service portfolios that span multiple cloud technologies.
For example, in September 2014, HP announced the intention to acquire Eucalyptus, a provider of open source software that is compatible with AWS, the market-leading public cloud infrastructure offering, and designed to ease and speed creation of private clouds.
Meanwhile, many enterprise computing solutions running on traditional premise-based infrastructures continue to deliver significant business benefits. And many of these are already known and familiar to those running IT. This sometimes creates significant inertia, making such solutions economically, operationally, or politically difficult or impossible to replace. This is why multiple ITSM solution providers offer both premise- and cloud-based options, with degrees of integration that can vary greatly, often to the frustration of enterprise IT teams and their users.
Against a constantly evolving backdrop, enterprises face multiple related challenges, ranging from rapid growth to sudden significant downturns, changes in IT leadership to Merger and Acquisition (M&A) activities. Any and all of these can have significant effects on an enterprise’s IT infrastructure management strategies and solutions. Thus, building and managing IT infrastructures that take maximum advantage of best-in-class premise-based and cloud-based technologies grows in criticality and complexity.
Your ISP can best help here by ensuring that your enterprise clients have the most complete and up-to-date information available about their current infrastructures and how well (or poorly) they are supporting business operations. Your ISP can also provide valuable assistance to those enterprises seeking to assess or improve performance of their infrastructures. Examples of how your ISP can help range from performance of formal infrastructure assessments to recommendations and executions of performanceenhancing changes.
Knowledge: The Most Powerful Asset from ISP
Whether your enterprise clients face or will face one or all of these challenges, IT leaders and their teams at those enterprises need current, relevant knowledge to address them effectively. Your ISP should do all it can to help leverage the resources outlined below while crafting their responses to their specific challenge or challenges.
- Help enterprise clients to take advantage of relevant user communities, in person and online. Those who are on paths similar to those facing your enterprise clients may have the most relevant and helpful experience.
- Help enterprise clients to leverage incumbent consultants and advisors (or to engage with new ones). Make sure that your enterprise clients ask the consultants and advisors they work with now if there are others in their organizations with helpful expertise. And make sure that those clients ask plenty of pointed questions when interviewing potential professional services providers.
- Help enterprise clients to gather and take maximum advantage of incumbent “tribal knowledge.” If an enterprise client doesn’t already use a knowledge base, the above challenges may justify your recommendation that they build and use one. If your ISP already uses a knowledge base, your team’s experience can be directly helpful to your enterprise clients. If your ISP does not yet use a knowledge base, it may be time for your organization to consider one as well.
GRC, enterprise services, and ever-evolving hybrid infrastructures are all dynamic and significant challenges to IT leaders and teams at your ISP’s enterprise clients. The more that your ISP can do to help those clients to overcome these and related challenges as and even before they emerge, the more value your ISP can deliver to those clients. And that value can translate directly into higher customer satisfaction levels, more positive referrals and more revenues for your ISP.