In the new “as a Service” Enterprise, we talk aggressively about Service Integration becoming a combinator of core enterprise services, contextual services, and utility services (see Simon Wardley’s mapping taxonomy). Core enterprise services, those that support the core industry: ERP for manufacturing, Core Banking for retail banks, Policy Management for insurance and the like; provide access to core transactional services that operate to the industry regulations and corporate policies. Contextual services are distinct differentiated services to engage employees, partners and customers that provide the “secret sauce” of value driven differentiation – things that we often discuss around co-creation, innovation and disruption. Diametrically opposed to these context services are utility services; services that are substantially undifferentiated, supporting multiple businesses and are provided as commodities: email, voice, IaaS, BURA, leveraging the scale of a demand-pool to reduce costs toward the cost of power + long term debt service.
As we begin to think about Service Integration and Management (SIAM)
I actually think that today’s paradigm is net-incomplete. Though we need to manage vendors/suppliers in service oriented and quantitative ways, we need to think more extensively about our approach. Namely, the usage of the Continuous Delivery model from the SDLC to help us operate within the aggressive cycle time needs of business and continuous improvement. What as a Service enterprises are really looking for is Managed Service Integrations (MSI) with full operational data commonly and consistently captured and analyzed. Where SIAM provides frameworks and processes for integration, supporting procurement, contracts, risk and governance, the digitization of SIAM really looks more like MSI a more automated, digital and quantitative process driven by full scope operational analytics.
For me, as we begin to discuss “Services” it becomes important to think about the end-state business and IT architecture and the natural move toward being a “Service Provider” to the business, and with this comes a strategy that begins to morph ITSM toward Operational Support Services (OSS) / Business Support Services (BSS)
and the desire to automate like crazy via aggressive operational analytics to guide this automation. This shift of an operating model toward massive automation, via consistency of deployed solutions, on top of substantially less differentiated platforms creates key economic advantages via OpEx and CapEx, but also results in higher predictability and thereby lower business risk. But this SP model does come at a cost, namely that hands need to come off keyboards as Continuous [Automated] Deployment
and Continuous Monitoring
emerge to improve ongoing operations via analytics on operational log data.
One of the key challenges, ongoing is the ever increasing complexity of the enterprise, SIAM is designed to address complexity via a governance strategy, but is still largely dependent on people, it’s achilles heel. My proposal is to create a fully digital, auditable and requirements driven (managed) set of enterprise service integrations. This approach requires a couple of core elements:
- Governance Risk and Compliance (GRC) platform,
- a declarative and automated delivery platform that can automate policy conformance and the placement of controls,
- the adoption of a programmatic release management paradigm – todays SIAM
- the systematic continuous logging of key operational services and controls
- analytic reporting can round trip to the GRC platform to expose the real-time risks.
- GOTO 1. The risks then generate the need to amend the delivery platform which then updates/upgrades/replaces current services… and the looping continues.
This virtuous cycle of consistent service improvement against both functional (business driven) integrations as well non-functional use-cases including things like regulation, corporate policy and contract conformance now become digitized, and continuously monitored and improved… in effect governing digital business services, decreasing operational risks, and overtly complying with appropriate policies.
With this in place investments in DevOps/Automated Orchestration, Policy Driven Cloud Management Platforms (like CSC Agility Platform), Release Management and Operational Logging / Analytic platforms (like the CSC BDPaaS,
SEIM: Splunk/ArcSight) and eGRC platforms (RSA Archer) all begin to fit together into a MSI future state.
The result: a continuously improving, fully digital, as a Service enterprise running fully compliant with industry regulations, corporate policies and business contracts.