The amount of value that an organization derives from technology is in direct proportion to the level of control that the organization wields over that technology through effective IT management.
By control, I’m not talking about your typical access control or network protection or locking systems down for security, even though these things are worthy of discussion. What I’m talking about is the effective management of all the technology assets in an organization — enabling IT to unlock true business value.
A fundamental law of systems management is that you cannot manage what you cannot see. In order to maximize control and obtain effective control of technology systems, it is vital to have an automated asset management system in place. This is as true for IT operations as it is for information security, and businesses need both. All business assets need to be considered, including mobile and other remote assets.
Once you know what assets you have at the hardware and software level, it is important for you to know what those assets are doing—both from a real-time and historically perspective. While real-time capture is often seen as the holy grail of systems and network management, there is considerable value in being able to look at historical trends and patterns.
Detailed analysis of historical data is easier and less expensive to obtain, as compared to real-time analysis, and can reveal things that initially escaped notice. Either way, the capture and management of systems, network, and application logs is a vital part of the visibility puzzle.
With the visibility of the network in good shape, it is now time to establish policies that govern the use of the assets and the data they manipulate. Access control is only a small part of this picture. Of equal or greater importance is traffic shaping, quality of service, and capacity management. This is more about ensuring that the right people can reach the services they need in the right way and at the right time, than it is about preventing people from getting to things.
Good policy management at the technology level should be little more than the technical implementation of existing business policies which govern the organization’s operations. Tools which support both operational controls and information security controls will provide IT with the most leverage in this aspect of management.
Monitoring & Reporting
Another fundamental rule of IT governance is that if you aren’t monitoring it, then it isn’t actually happening. There are different levels of monitoring that need to be done, from your basic up/down systems monitoring, to the tracking of performance metrics and end-user experience, to compliance monitoring.
Reporting also has a broad range, from real-time (or near real-time) dashboards that provide a summary of operational status, to detailed daily, weekly, and monthly reports of all aspects of an operation. Monitoring and reporting both play a role in overall visibility.
Tying it All Together
Thankfully, it is becoming easier to obtain robust IT management suites that bring together all of these elements, enabling increasingly burdened technology teams to comprehensively see and manage all of the assets for which they are responsible.
Without the necessary tools to automate these activities, IT will struggle in its efforts to add value to the organization. With the right, integrated tools in place, IT can not only see, manage, and report upon the health of the organization and its technology, but it can enable the organization to rapidly adjust to changing business requirements.
Andrew S. Baker is the president and founder of BrainWave Consulting Company, LLC where he provides Virtual CIO services for small/medium businesses. See Andrew’s complete social presence at XeeMe.com\AndrewBaker