Prevent Data Loss Across Cloud and Hybrid Environments

Leverage existing tools and focus on the data that matters most to your organization.

Analyst Perspective

Data loss prevention is an additional layer of protection

Driven by reduced operational costs and improved agility, the migration to cloud services continues to grow at a steady rate. A recent report by Palo Alto Networks indicates workload in the cloud increased by 13% last year, and companies are expecting to move an additional 11% of their workload to the cloud in the next 24 months1.

However, moving to the cloud poses unique challenges for cyber security practitioners. Cloud services do not offer the same level of management and control over resources as traditional IT approaches. The result can be reduced visibility of data in cloud services and reduced ability to apply controls to that data, particularly data loss prevention (DLP) controls.

It’s not unusual for organizations to approach DLP as a point solution. Many DLP solutions are marketed as such. The truth is, DLP is a complex program that uses many different parts of an organization’s security program and architecture. To successfully implement DLP for data in the cloud, an organization should leverage existing security controls and integrate DLP tools, whether newly acquired or available in cloud services, with its existing security program.

Bob Wilson
CISSP
Research Director, Security and Privacy
Info-Tech Research Group

Executive Summary

Info-Tech Insight

Data loss prevention is the outcome of a well-designed strategy that incorporates multiple, sometimes disparate, tools within your existing security program.

Your challenge

Protecting data is a critical responsibility for organizations, no matter where it is located.

45% of breaches occurred in the cloud (“Cost of a Data Breach 2022,” IBM Security, 2022).

It can take upwards of 12 weeks to identify and contain a breach (“Cost of a Data Breach 2022,” IBM Security, 2022).

• Compliance obligations will require organizations to protect certain data.
• All data states can exist in the cloud, and each state provides a unique opportunity for data loss.
• Insider threats, whether intentional or not, are especially challenging for organizations. It’s necessary to prevent illicit data use while still allowing work to happen.

Info-Tech Insight

Data loss prevention doesn’t depend on a single tool. Many of the leading cloud service providers offer DLP controls with their services and these controls should be considered.

Common obstacles

As organizations increasingly move data into the cloud, their environments become more complex and vulnerable to insider threats

• It’s not uncommon for an organization not to know what data they use, where that data exists, or how they are supposed to protect it.
• Cloud systems, especially software as a service (SaaS) applications, may not provide much visibility into how that data is stored or protected.
• Insider threats are a primary concern, but employees must be able to access data to perform their duties. It isn’t always easy to strike a balance between adequate access and being too restrictive with controls.

Insider threats are a significant concern

Info-Tech Insight

An insider threat management (ITM) program focuses on the user. DLP programs focus on the data.

Insight summary

DLP is not just a single tool. It’s an additional layer of security that depends on different components of your security program, and it requires time and effort to mature.

Organizations should leverage existing security architecture with the DLP controls available in the cloud services they use.

Data loss prevention is not a point solution

Data loss prevention is the outcome of a well-designed strategy that incorporates multiple, sometimes disparate tools within your existing security program.

Prioritize data

Start with the data that matters most to your organization.

Define an objective

Having a clearly defined objective will make implementing a DLP program much easier.

DLP is a layer

Data loss prevention is not foundational, and it depends on many other parts of a mature information security program.

The low hanging fruit is sweet

Start your DLP implementation with a quick win in mind and build on small successes.

DLP is a work multiplier

Your organization must be prepared to investigate alerts and respond to incidents.

Prevent data loss across cloud or hybrid environments

Data loss prevention is not a point solution.
It’s the outcome of a well-designed strategy that incorporates multiple, sometimes disparate tools within your existing security program.

Info-Tech Insight

Leverage existing security tools where possible.

Data loss prevention (DLP) overview

DLP is an additional layer of security.

DLP is a set of technologies and processes that provides additional data protection by identifying, monitoring, and preventing data from being illicitly used or transmitted.

DLP depends on many components of a mature security program, including but not limited to:

• Acceptable use policy
• Data classification policy and data handling guidelines
• Identity and access management

DLP is achieved through some or all of the following tactics:

• Identify: Data is detected using policies, rules, and patterns.
• Monitor: Data is flagged and data activity is logged.
• Prevent: Action is taken on data once it has been detected.

Info-Tech Insight

DLP is not foundational. Your information security program needs to be moderately mature to support a DLP strategy.

DLP approaches and methods

DLP uses a handful of techniques to achieve its tactics:

• Policy and access rights: Limits access to data based on user permissions or other contextual attributes.
• Isolation or virtualization: Data is isolated in an environment with channels for data leakage made unavailable.
• Cryptographic approach: Data is encrypted.
• Quantifying and limiting: Use or transfer of data is restricted by quantity.
• Social and behavioral analysis: The DLP system detects anomalous activity, such as users accessing data outside of business hours.
• Pattern matching: Data content is analyzed for specific patterns.
• Data mining and text clustering: Large sets are analyzed, typically with machine learning (ML), to identify patterns.
• Data fingerprinting: Data files are matched against a pre-calculated hash or based on file contents.
• Statistical Analysis: Data content is analyzed for sensitive data. Usually involves machine learning.

DLP has two primary approaches for applying techniques:

• Content-based: Data is identified through inspecting its content. Fingerprinting and pattern matching are examples of content-based methods.
• Context-based: Data is identified based on its situational or contextual attributes. Some factors that may be used are source, destination, and format.

Some DLP tools use both approaches.

Info-Tech Insight

Different DLP products will support different methods. It is important to keep these in mind when choosing a DLP solution.

Start by defining your data

Define data by answering the 5 “W”s

Who? Who owns the data? Who needs access? Who would be impacted if it was lost?
What? What data do you have? What type of data is it? In what format does it exist?
When? When is the data generated? When is it used? When is it destroyed?
Where? Where is the data stored? Where is it generated? Where is it used?
Why? Why is the data needed?

Use what you discover about your data to create a data inventory!

Compliance requirements

Compliance requirements often dictate what must be done to manage and protect data and vary from industry to industry.

Some examples of compliance requirements to consider:

• Healthcare - Health Insurance Portability and Accountability Act (HIPAA)
• Financial Services - Gramm-Leach-Bliley Act (GLBA)
• Payment Card Industry Data Security Standards (PCI DSS)

Info-Tech Insight

Why is especially important. If you don’t need a specific piece of data, dispose of it to reduce risk and administrative overhead related to maintaining or protecting data.

Classify your data

Data classification facilitates making decisions about how data is treated.

Data classification is a process by which data is categorized.

• The classifications are often based on the sensitivity of the data or the impact a loss or breach of that data would have on the organization.
• Data classification facilitates decisions about data handling and how information security controls are implemented. Instead of considering many different types of data individually, decisions are based on a handful of classification levels.
• A mature data classification should include a formalized policy, handling standards, and a steering committee.

Refer to our Discover and Classify Your Data blueprint for guidance on data classification.

Sample data classification schema

Info-Tech Insight

Data classification should be implemented as a continuous program, not a one-time project.

Understand data risk

Knowing where and how your data is at risk will inform your DLP strategy.

Data exists in three states, and each state presents different opportunities for risk. Different DLP methodologies will be appropriate for different states.

Data states

In use

• End-user devices
• Mobile devices
• Servers

In motion

• Cloud services
• Email
• Web/web apps
• Instant messaging
• File transfers

At rest

• Cloud services
• Databases
• End-user devices
• Email archives
• Backups
• Servers
• Physical storage devices

Causes of Risk

The most common causes of data loss can be categorized by people, processes, and technology.

Check out our Combine Security Risk Management Components Into One Program blueprint for guidance on risk management, including how to do a full risk assessment.

Prioritize your data

Know what data matters most to your organization.

Prioritizing the data that most needs protection will help define your DLP goals.

The prioritization of your data should be a business decision based on your comprehension of the data. Drivers for prioritizing data can include:

• Compliance-driven: Noncompliance is a risk in itself and your organization may choose to prioritize data based on meeting compliance requirements.
• Audit-driven: Data can be prioritized to prepare for a specific audit objective or in response to an audit finding.
• Business-driven: Data could be prioritized based on how important it is to the organization’s business processes.

Info-Tech Insight

It’s not feasible for most organizations to apply DLP to all their data. Start with the most important data.

Activity: Prioritize your data

Input: Lists of data, data types, and data environments
Output: A list of data types with an estimated priority
Materials: Data Loss Prevention Strategy Planner worksheet
Participants: Security leader, Data owners

1-2 hours

For this activity, you will use the Data Loss Prevention Strategy Planner workbook to prioritize your data.

1. Start with tab “2. Setup” and fill in the columns. Each column features a short explanation of itself, and the following slides will provide more detail about the columns.
2. On tab “3. Data Prioritization,” work through the rows by selecting a data type and moving left to right. This sheet features a set of instructions at the top explaining each column, and the following slides also provide some guidance. On this tab, you may use data types and data environments multiple times.

Click to download the Data Loss Prevention Strategy Planner

Activity: Prioritize your data

In the Data Loss Prevention Strategy Planner tool, start with tab “2. Setup.”

Next, move to tab “3. Data Prioritization.”

Click to download the Data Loss Prevention Strategy Planner

Determine DLP objectives

Your DLP strategy should be able to function as a business case.

DLP objectives should achieve one or more of the following:

• Prevent disclosure or unauthorized use of data, regardless of its state.
• Preserve usability while providing adequate security.
• Improve security, privacy, and compliance capabilities.
• Reduce overall risk for the enterprise.

Example objectives:

• Prevent users from emailing ePHI to addresses outside of the organization.
• Detect when a user is uploading an unusually large amount of data to a cloud drive.

Most common DLP use cases:

• Protection of data, primarily from internal threats.
• Meet compliance requirements to protect data.
• Automate the discovery and classification of data.
• Provide better data management and visibility across the enterprise.
• Manage and protect data on mobile devices.

Info-Tech Insight

Having a clear idea of your objectives will make implementing a DLP program easier.

Align DLP with your existing security program/architecture

DLP depends on many different aspects of your security program.
To the right are some components of your existing security program that will support DLP.

1. Data handling standards or guidelines: These specify how your organization will handle data, usually based on its classification. Your data handling standards will inform the development of DLP rules, and your employees will have a clear idea of data handling expectations.

2. Identity and access management (IAM): IAM will control the access users have to various resources and data and is integral to DLP processes.

3. Incident response policy or plan: Be sure to consider your existing incident handling processes when implementing DLP. Modifying your incident response processes to accommodate alerts from DLP tools will help you efficiently process and respond to incidents.

4. Existing security tools: Firewalls, email gateways, security information and event management (SIEM), and other controls should be considered or leveraged when implementing a DLP solution.

5. Acceptable use policy: An organization must set expectations for acceptable/unacceptable use of data and IT resources.

6. User education and awareness: Aside from baseline security awareness training, organizations should educate users about policies and communicate the risks of data leakage to reduce risk caused by user error.

Info-Tech Insight

Consider DLP as a secondary layer of protection; a safety net. Your existing security program should do most of the work to prevent data misuse.

Cloud service models

A fundamental challenge with implementing DLP with cloud services is the reduced flexibility that comes with managing less of the technology stack. Each cloud model offers varying levels of abstraction and control to the user.

Infrastructure as a service (IaaS): This service model provides customers with virtualized technology resources, such as servers and networking infrastructure. IaaS allows users to have complete control over their virtualized infrastructure without needing to purchase and maintain hardware resources or server space. Popular examples include Amazon Web Servers, Google Cloud Engine, and Microsoft Azure.

Platform as a service (PaaS): This service model provides users with an environment to develop and manage their own applications without needing to manage an underlying infrastructure. Popular examples include Google Cloud Engine, OpenShift, and SAP Cloud.

Software as a service (SaaS): This service model provides customers with access to software that is hosted and maintained by the cloud provider. SaaS offers the least flexibility and control over the environment. Popular examples include Salesforce, Microsoft Office, and Google Workspace.

Info-Tech Insight

Cloud service providers may include DLP controls and functionality for their environments with the subscription. These tools are usually well suited for DLP functions on that platform.

Different DLP tools

DLP products often fall into general categories defined by where those tools provide protection. Some tools fit into more than one category.

Cloud DLP refers to DLP products that are designed to protect data in cloud environments.

• Cloud access security broker (CASB): This system, either in-cloud or on-premises, sits between cloud service users and cloud service providers and acts as a point of control to enforce policies on cloud-based resources. CASBs act on data in motion, for the most part, but can detect and act on data at rest through APIs.
• Existing tools integrated within a service: Many cloud services provide DLP tools to manage data loss in their service.

Endpoint DLP: This DLP solution runs on an endpoint computing device and is suited to detecting and controlling data at rest on a computer as well as data being uploaded or downloaded. Endpoint DLP would be feasible for IaaS.

Network DLP: Network DLP, deployed on-premises or as a cloud service, enforces policies on network flows between local infrastructure and the internet.

• “Email DLP”: Detects and enforces security policies specifically on data in motion as emails.

Choosing a DLP solution

You will also find that some DLP solutions are better suited for some cloud service models than others.

DLP solution types that are better suited for SaaS: CASB and Integrated Tools

DLP solution types that are better suited for PaaS: CASB, Integrated Tools, Network DLP

DLP solution types that are better suited for IaaS: CASB, Integrated Tools, Network DLP, and Endpoint DLP

Your approach for DLP will vary depending on the data state you’ll be acting on and whether you are trying to detect or prevent.

Click to download the Data Loss Prevention Strategy Planner
Check the tab labeled “6. DLP Features Reference” for a list of common DLP features.

Activity: Plan DLP methods

Input: Knowledge of data states for data types
Output: A set of technical DLP policy rules for each data type by environment
Materials: The same Data Loss Prevention Strategy Planner worksheet from the earlier activity
Participants: Security leader, Data owners

1-2 hours

Continue with the same workbook used in the previous activity.

1. On tab “4. DLP Methods,” indicate the expected data state the DLP control will act on. Then, select the type of DLP control your organization intends to use for that data type in that data environment.
2. DLP actions are suggested based on the classification of the data type, but these may be overridden by manually selecting your preferred action.
3. You will find more detail on this activity on the following slide, and you will find some additional guidance in the instructional text at the top of the worksheet.
4. Once you have populated the columns on this worksheet, a summary of suggested DLP rules can be found on tab “5. Results.”

Click to download the Data Loss Prevention Strategy Planner

Activity: Plan DLP methods

Use tab “4. DLP Methods” to plan DLP rules and technical policies.

See tab “5. Results” for a summary of your DLP policies.

Click to download the Data Loss Prevention Strategy Planner

Implement your DLP program

Take the steps to properly implement your DLP program

1. It’s important to shift the culture. You will need leadership’s support to implement controls and you’ll need stakeholders’ participation to ensure DLP controls don’t negatively affect business processes.
2. Integrate DLP tools with your security program. Most cloud service providers, like Amazon, Microsoft, and Google provide DLP controls in their native environment. Many of your other security controls, such as firewalls and mail gateways, can be used to achieve DLP objectives.
3. DLP is best implemented with a crawl, walk, then run approach. Following change management processes can reduce friction.
4. Communicating controls to users will also reduce friction.

Info-Tech Insight

After a DLP program is implemented, alerts will need to be investigated and incidents will need a response. Be prepared for DLP to be a work multiplier!

Measure and improve

Metrics of effectiveness

DLP attempts to tackle the challenge of promptly detecting and responding to an incident.
To measure the effectiveness of your DLP program, compare the number of events, number of incidents, and mean time to respond to incidents from before and after DLP implementation.

Metrics that indicate friction

A high number of false positives and rule exceptions may indicate that the rules are not working well and may be interfering with legitimate use.
It’s important to address these issues as the frustration felt by employees can undermine the DLP program.

Tune DLP rules

Establish a process for routinely using metrics to tune rules.
This will improve performance and reduce friction.

Info-Tech Insight

Aside from performance-based tuning, it’s important to evaluate your DLP program periodically and after major system or business changes to maintain an awareness of your data environment.

Related Info-Tech Research

Research Contributors

Andrew Amaro
CSO and Founder
Klavan Physical and Cyber Security Services

Arshad Momin
Cyber Security Architect
Unicom Engineering, Inc.

James Bishop
Information Security Officer
StructureFlow

Michael Mitchell
Information Security and Privacy Compliance Manager
Unicom Engineering, Inc.

One Anonymous Contributor

Bibliography

Alhindi, Hanan, Issa Traore, and Isaac Woungang. "Preventing Data Loss by Harnessing Semantic Similarity and Relevance." jisis.org Journal of Internet Services and Information Security, 31 May 2021. Accessed 2 March 2023. https://jisis.org/wp-content/uploads/2022/11/jisis-2021-vol11-no2-05.pdf

Cash, Lauryn. "Why Modern DLP is More Important Than Ever." Armorblox, 10 June 2022. Accessed 10 February 2023. https://www.armorblox.com/blog/modern-dlp-use-cases/

Chavali, Sai. "The Top 4 Use Cases for a Modern Approach to DLP." Proofpoint, 17 June 2021. Accessed 7 February 2023. https://www.proofpoint.com/us/blog/information-protection/top-4-use-cases-modern-approach-dlp

Crowdstrike. "What is Data Loss Prevention?" Crowdstrike, 27 Sept. 2022. Accessed 6 Feb. 2023. https://www.crowdstrike.com/cybersecurity-101/data-loss-prevention-dlp/

De Groot, Juliana. "What is Data Loss Prevention (DLP)? Definition, Types, and Tips." Digital Guardian, 8 February 2023. Accessed 9 Feb. 2023. https://digitalguardian.com/blog/what-data-loss-prevention-dlp-definition-data-loss-prevention

Denise. "Learn More About DLP Key Use Cases." CISO Platform, 28 Nov. 2019. Accessed 10 February 2023. https://www.cisoplatform.com/profiles/blogs/learn-more-about-dlp-key-use-cases

Google. "Cloud Data Loss Prevention." Google Cloud Google, n.d. Accessed 7 Feb. 2023. https://cloud.google.com/dlp#section-6

Gurucul. "2023 Insider Threat Report." Cybersecurity Insiders, 13 Jan. 2023. Accessed 23 Feb. 2023. https://gurucul.com/2023-insider-threat-report

IBM Security. "Cost of a Data Breach 2022." IBM Security, 1 Aug. 2022. Accessed 13 Feb. 2023. https://www.ibm.com/downloads/cas/3R8N1DZJ

Mell, Peter & Grance, Tim. "The NIST Definition of Cloud Computing." NIST CSRC NIST, Sept. 2011. Accessed 7 Feb. 2023. https://csrc.nist.gov/publications/detail/sp/800-145/final

Microsoft. "Plan for Data Loss Prevention (DLP)." Microsoft 365 Solutions and Architecture Microsoft, 6 Feb. 2023. Accessed 14 Feb. 2023. https://learn.microsoft.com/en-us/microsoft-365/compliance/dlp-overview-plan-for-dlp

Nanchengwa, Christopher. "The Four Questions for Successful DLP Implementation." ISACA Journal ISACA, 1 Jan. 2019. Accessed 6 Feb. 2023. https://www.isaca.org/resources/isaca-journal/issues/2019/volume-1/the-four-questions-for-successful-dlp-implementation

Palo Alto Networks. "The State of Cloud Native Security 2023." Palo Alto Networks, 2 March 2023. Accessed 23 March 2023. https://www.paloaltonetworks.com/content/dam/pan/en_US/assets/pdf/reports/state-of-cloud-native-security-2023.pdf

Pritha. "Top Six Metrics for your Data Loss Prevention Program." CISO Platform, 27 Nov. 2019. Accessed 10 Feb. 2023. https://www.cisoplatform.com/profiles/blogs/top-6-metrics-for-your-data-loss-prevention-program

Raghavarapu, Mounika. "Understand DLP Key Use Cases." Cymune, 12 June 2021. Accessed 7 Feb. 2023. https://www.cymune.com/blog-details/DLP-key-use-cases

Sheela, G. P., & Kumar, N. "Data Leakage Prevention System: A Systematic Report." International Journal of Recent Technology and Engineering BEIESP, 30 Nov. 2019. Accessed 2 March 2023. https://www.ijrte.org/wp-content/uploads/papers/v8i4/D6904118419.pdf

Sujir, Shiv. "What is Data Loss Prevention? Complete Guide [2022]." Pathlock, 15 Sep. 2022. Accessed 7 February 2023. https://pathlock.com/learn/what-is-data-loss-prevention-complete-guide-2022/

Wlosinski, Larry G. "Data Loss Prevention - Next Steps." ISACA Journal, 16 Feb. 2018. Accessed 21 Feb. 2023. https://www.isaca.org/resources/isaca-journal/issues/2018/volume-1/data-loss-preventionnext-steps

Build an ITSM Tool Implementation Plan

Plan ahead with a step-by-step approach to ensure the tool delivers business value.

EXECUTIVE BRIEF

Analyst perspective

Take control of the wheel or you might end up in a ditch.

An ITSM tool implementation is a complex project with direct impact on IT’s ability to support the business. With that level of risk, you need to take control early on.

Yes, your vendor will support or execute the technical implementation, but they depend on you to tell them how to configure ITSM parameters and workflows that affect user interface, the ability to manage incidents, and governance over assets and IT changes.

If you leave the configuration completely to the vendor, at best you might get the same setup as in your old tool (and not realize the benefits that leadership is expecting). At worst you end up with default values that don’t fit your process needs, i.e., confusion and not realizing expected benefits.

A successful implementation requires early planning from a wide range of resources including ITSM tool experts (supported by the vendor), process experts, and a project manager to methodically step through the hundreds of parameters you will need to define before implementation.

Frank Trovato
Research Director, Infrastructure and Operations
Info-Tech Research Group

Executive Summary

Info-Tech Insight

As with any large project, a key step is tackling it one bite at a time – but also understanding the size of the whole meal. This is where organizations often fail with ITSM implementations: not understanding upfront the volume of work required for a successful implementation.

Your Challenge

Organizations implementing a new ITSM tool often face these pitfalls:

• Selecting the Wrong Resources: You need ITSM technology and process experts, because this is not just a technology project but also a process improvement opportunity. You will need to configure ITSM parameters and workflows in the new tool – which directly affects processes. Take advantage of that opportunity to fix pain points. For example, if your existing ticket categories are not effective, implement a better categorization scheme rather than just configure the same old, ineffective scheme.
• Over-Reliance on the Vendor to Optimize Your Tool: Yes, the vendor will typically install and set up the tool but they will not fix your processes for you. On installation day, if you are not prepared with the categories, ticket templates, and so on that you wish to configure, your vendor will just go with the default or migrate your old parameters from your old ITSM tool.
• Not Preparing for Data Migration: Data migration is complex. You need to determine what data to migrate, if any, and how that data will be mapped to the new environment. That takes planning and must be defined well before the vendor is ready to implement your tool.
• Insufficient IT and End-User Training: A link to the ITSM tool manual is not enough. Staff and users need training on how your processes will be executed in the new tool.

A survey of implementation challenges for ServiceNow’s customers

26% Resistance to change

43% Lacked a clear roadmap

38% Planning for resources

Source: Acorio, 2019

Info-Tech’s approach

Divide the implementation project into controllable phases for an effective implementation.

STOP: Use this blueprint after you have selected an ITSM solution

Leverage our SoftwareReviews service and related blueprints to assist with ITSM tool selection, and then use this blueprint to plan the implementation.

Info-Tech’s methodology to build an ITSM Tool Implementation Plan

Insight summary

Blueprint deliverables

This blueprint includes tools and templates to help you accomplish your goals:

ITSM Tool Implementation Checklist Identify the most common decisions you will need to make and prepare for your implementation project.	ITSM Tool Project Charter Template Review and edit the template to suit your project requirements
	ITSM Tool Deployment Plan Template Prioritize and prepare tool rollout plan
	ITSM Tool Training Schedule Use the checklist to create your new tool training roadmap

Blueprint benefits

Measured value from using this blueprint

Use this guide as an example to calculate your total cost savings from the ITSM tool implementation project.

Info-Tech offers various levels of support to best suit your needs

Diagnostics and consistent frameworks used throughout all four options

Guided Implementation

A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization. A typical GI is between 6 to 8 calls over the course of 3 to 6 months.

Phase 1

Identify Stakeholders, Scope, and Preliminary Timeline

This phase will walk you through the following steps:

1. Define scope
2. Define roles and responsibilities
3. Identify preliminary timeline

Step 1.1

Define scope

Activities

This step will walk you through the following activities:

• Define the scope of the implementation project
• Establish the future processes and functionalities the tool will support

This step involves the following participants:

• CIO
• IT Director/Manager
• Service Manager
• Project Manager and the project team

Outcomes of this step

• Specifying the implementation project
• Identifying the business units that are needed to support the project
• Defining the ongoing and future service management processes the tool will support

1.1.1 Use the Project Charter Template to capture scope, stakeholders, and timeline as outlined in Phase 1

Follow the instructions in Phase 1 (step 1.1, 1.2, and 1.3) to gather information needed to create a project charter to define project parameters.

Specific subsections are listed below and described in more detail in the remainder of this phase.

1. Project Overview: Includes deliverables, scope, milestones, and success metrics.
2. Governance and Management: Includes roles, responsibilities, and resource requirements.
3. Project Risks, Assumptions, and Constraints: Includes risks and mitigation strategies as well as any assumptions and constraints.
4. Project Sign-Off: Includes IT and executive sign-off (if required).

Download the ITSM Tool Implementation Project Charter Template

1.1.2 Leverage the Implementation Checklist to guide your preparation

The checklist tabs align to each phase of this blueprint.

• Phase 1 (Tab 1) – Identify Stakeholders, Scope, and Preliminary Timeline
• Phase 2 (Tab 2) – Prepare to Implement Incident Management and Service Request Modules
• Phase 3 (Tabs 3+4) – Prepare to Implement Additional ITSM Modules (e.g. Change Management)
• Phase 4 (deployment section in each tab) – Create a Deployment Plan (Communication, Training, Rollout)

Download the ITSM Tool Implementation Checklist

1.1.3 Review goals that drove the ITSM tool purchase

Identify the triggers for the selection and implementation of your new ITSM tool.

Whether this is your first ITSM tool or a replacement for your old tool, the project was likely triggered by pain points that must be addressed by the new tool to improve your service desk. Having a clear understanding of these pain points throughout the implementation of your new tool will help to prevent them from reoccurring.

Common ITSM pain points include:

1. Poor communication with end users on ticket status.
2. Lack of SLA automation to escalate issues to the appropriate channels.
3. Poor self-service options for end users to perform simple requests on their own.
4. Undeveloped knowledgebase for users to find answers to common issues.
5. Lack of reporting or mistrust in reporting data.
6. Lack of automation, including ticket templates.
7. Overcomplicated ticket categories resulting in categories being misused.
8. Overconfiguration prevents future upgrades.
9. Lack of integration with other tools.

If you haven't already selected an ITSM tool, leverage the IT Service Management Selection Guide to select the right tool.

Download the IT Service Management Selection Guide

1.1.4 Plan to interview staff to support organizational change management

Identify challenges with the existing tool and processes as well as potential objections to the new tool.

Incorporate this feedback in the implementation to drive buy-in and a successful rollout.

Implementing a new ITSM tool will force changes in how IT staff do their work:

• At a minimum, it means learning a new interface.
• It could also mean leveraging features that improve IT operations but could change the process or tasks for the staff.
• Their input on the current tool and process challenges can be critical for the project.
• Solving at least some of their challenges can help bring them onboard to use this tool properly and follow associated process changes.

Info-Tech Insight

Keep management in the loop through every stage of the implementation process. They are the ones who are paying for the software, so they need to be informed throughout implementation and feel that their needs and feedback are being heard to prevent pushback further into the implementation.

1.1.5 Identify the modules and features you will plan to implement

Consider these factors when deciding what modules and features you want to implement:

• Specific ITSM modules based on the recommended order and any unique business requirements
• Key features that drove the tool purchase and address key issues
• High-level process changes needed to address challenges and realize expected benefits from the new ITSM tool (e.g. if a key goal was automated ticket routing based on categories, then the project needs to include developing a good categorization scheme)

Recommended order for implementation:

1. Incident Management and Service Request

This is the core of service management and typically has the highest impact on the organization. Include knowledgebase development as part of this implementation.

2. Change Management

A foundational component of service management, it allows organizations to minimize disruptions to IT services when making changes to services and critical systems.

3. Asset Management

A foundational component of service management, it allows organizations to track their assets’ locations, how they are used, and when changes are made to them.

1.1.6 Determine if data migration is required

If you are switching from a previous ITSM tool, carefully weigh the pros and cons as well as the necessity of migrating historical transactional data before deciding to import it into the new tool.

Importing your old transactional data will allow you to track metrics over time, which can be valuable for data analysis and reporting purposes.

However, ask yourself what the true value of your data is before you import it.

You will not get value out of migrating the old data if:

• You have incomplete or inaccurate data (a high percentage of incidents did not have tickets created in the old system).
• The categorization of your old tickets was not useful or was used inconsistently.
• You plan on changing the ticket categorization in the new system.

“Don’t debate whether you can import your old data until you’ve made sure that you should.”

– Barry Cousins, Practice Lead at Info-Tech Research Group

Info-Tech Insight

If you decide to migrate your data, keep in mind that it can be a complex process and proper time should be budgeted for planning, structuring the data, and importing and testing it.

Step 1.2

Define roles and responsibilities

Activities

This step involves the following participants:

• CIO
• IT Director/Manager
• Service Manager
• Project Manager and the project team

Outcomes of this step

• Decision on whether to hire professional services for the implementation
• Clearly defined roles and responsibilities for the project

1.2.1 Identify key internal roles and responsibilities

Review the tasks outlined in the Implementation Checklist to help you identify appropriate roles and specific staff that will be needed to execute this project.

RACI = Responsible, Accountable, Consulted, and Informed

Assign individuals to roles through each step of the implementation project in the governance and management chart in the Project Charter Template.

Download the Project Charter Template

1.2.2 Key external roles and responsibilities

Determine whether you will engage professional services for the implementation.

Step 1.3

Identify preliminary timeline

Activities

This step involves the following participants:

• CIO
• IT Director/Manager
• Service Manager
• Project Manager and the project team

Outcomes of this step

• Specifying the target dates for the implementation project

1.3.1 Identify preliminary internal target dates

Identify high-level start and end dates based on the following:

• Existing process maturity
• Process changes required (to address process issues or to realize targeted benefits from the new tool)
• Data migration requirements (if any)
• Information to prepare for the implementation (review the Checklist Tool)
• Vendor availability to support implementation
• Executive mandates that have established specific milestone dates

Create an initial project schedule:

• Review the remaining phases of this blueprint for more details on the implementation planning steps.
• Review and update the Checklist Tool to suit your implementation goals and requirements.
• Assign task owners and target dates in the Checklist Tool.

Note: This is a preliminary schedule. Monitor progress as well as requirement changes, and adjust the scope or schedule as needed.

Update the columns in the Checklist Tool to plan and keep track of your implementation project.

1.3.2 Identify target dates for vendor involvement

Plan when you'll be ready for the vendor and identify the key points for when the vendor will come in.

Are dates already scheduled for tool installation/configuration/customization?

If yes:

• Clarify vendor expectations for those target dates (i.e. what do you have to have prepared in advance?).
• Determine options to adjust dates if needed.

If no:

• Defer scheduling until you have reviewed and updated the Implementation Checklist. The checklist will help you determine your readiness for vendor involvement.

Consider if the vendor will implement the ITSM tool in one go or if they will help setup the tool in stages. Keep in mind that ITSM implementation projects typically take anywhere from 9 weeks to 16 months and plan accordingly depending on the maturity of your processes and the modules and features you plan to implement.

Use your internal target dates to estimate when you'll be ready for the vendor to set up the tool and implement the setting that you've defined.

Phase 2

Prepare to Implement Incident Management and Service Request Modules

This phase will walk you through the following steps:

• Review your existing solution and challenges
• Plan ticket management and workflow implementation
• Plan data migration, knowledgebase setup, and integrations
• Plan the module rollout

Additional Info-Tech Research

The Implementation Checklist Tool summarizes what you need to prepare for the implementation. If you need more assistance with developing the underlying ITSM processes, use the tools, templates, and guidance in these blueprints.

Standardize the Service Desk

Build core elements of service desk operations, including incident management and service request workflows, ticket categorization schemes, and ticket prioritization rules.

Optimize the Service Desk With a Shift-Left Strategy

Implement tools such as an improved knowledgebase and self-service portal to enable lower tier support staff and end users to resolve incidents or fulfill service requests.

Incident and Problem Management

Develop a critical incident management workflow and create standard operating procedures for problem management.

Step 2.1

Review your existing solution and challenges

Activities

This step involves the following participants:

1. Service Manager and Service Desk Team
2. Project Manager and Core Project Team
3. Subject Matter Experts and Tool Administrator, if applicable

2.1.1 Configure your tool, don’t customize it

Your tool may require at least some basic configurations to align with your processes, but in most cases customization of the tool is not recommended.

Case Study

Consider the consequences of over-customizing your solution.

INDUSTRY: Education

SOURCE: IT Director

2.1.2 Review your existing process to identify opportunities for improvement

Documenting your existing processes is an effective method for also reviewing those processes and identifying inefficiencies. Take advantage of this project to fix your process issues.

1. Document your existing workflows for incident management and service requests.
2. Review your workflows to identify opportunities to optimize through process refinement (e.g. clarifying escalation guidelines) or by leveraging features in your new ITSM tool (e.g. improved workflow automation).
3. Similarly, review the challenges identified through stakeholder interviews: is there an opportunity address those challenges through process changes or leveraging your new ITSM tool?
4. Address those challenge and issues as you execute the tasks outlined in the Implementation Checklist Tool. For example, if inconsistent ticket routing was identified as a challenge due to a vague categorization scheme, that’s a driver to review and update your scheme rather than just carry forward your existing scheme.

Regardless of your existing ITSM maturity, this is an opportunity to review and optimize existing processes. Even the most-mature organizations can typically find an area to improve.

Case Study

Reviewing and defining processes before the implementation can be a project in itself.

INDUSTRY: Defense

SOURCE: Anonymous

Step 2.2

Plan ticket management and workflow implementation

Activities

This step involves the following participants:

1. Service Manager and Service Desk Team
2. Project Manager and Core Project Team
3. Subject Matter Experts and Tool Administrator, if applicable

Outcomes of this step

Tool is designed and configured to support service desk processes and organization needs.

Checklist overview

The ITSM Tool Implementation Checklist will help you estimate resources required to support demand, based on your ticket volume.

TAB 2	TAB 3	TAB 4
Incident and Service Modules Checklist	Change Management Modules	Asset Management Modules

How to follow this section:

The following slides contain a table that explains why each task in the module matters and what needs to be considered. Complete the checklist modules referring to this section.

2.2.1 Define ticket classification values

Ticket classification improves reporting, workflow automation, and problem identification.

Review your existing ticket classification values to identify what to carry forward, drop, or change. For example, if your categorization scheme has become too complex, this is your opportunity to fix it; don’t perpetuate ineffective classification in the new tool.

2.2.2 Define ticket templates for common incident types and service requests

Ticket templates are the backbone of automation. A common complaint is that tickets take too much time. However, a little planning can reduce the time it takes to create a ticket to less than a minute.

2.2.3 Plan your ticket intake channels

Consider possible ticket intake channels and evaluate their relevance to your organization.

2.2.4 Design a self-service portal

Map your processes to the tool by defining your ticket input, categories, escalations, and workflows.

Don’t forget about the client-facing side of the solution. It is important to build a self-serve portal that has an easy-to-use interface where the user can easily find the category for the help they’re looking for. It is also necessary to educate the users on where to find the portal or how to access it.

2.2.5 Plan your knowledgebase (KB) implementation in the new tool

Evaluate how onerous KB migration will be for you. Is this an opportunity to improve how the KB is organized?

2.2.6 Design your ticket status notification processes and templates

2.2.7 Identify required user accounts, access levels, and skills/service groups

2.2.8 Review and update your workflows and escalation rules

2.2.9 Identify desired reporting and relevant metrics to track

Documentation of key metrics of service desk performance and end-user satisfaction that you wish to improve through the new solution is key to evaluate the success of your implementation.

Step 2.3

Plan data migration and integrations

Activities

This step involves the following participants:

1. Service Manager and Service Desk Team
2. Project Manager and Core Project Team
3. Subject Matter Experts and Tool Administrator, if applicable

Outcomes of this step

• Decisions made around data migration, integrations, automation, and reporting.
• ITSM Tool Implementation Checklist

2.3.1 Create a data migration and archiving plan

2.3.2 Identify and plan required integrations

Consider and plan for any necessary integrations with other systems.

A major component of the implementation that should be carefully considered throughout is if and how to integrate your ITSM tool with other applications in the environment.

Step 2.4

Plan the module rollout

Activities

This step involves the following participants:

1. Service Manager and Service Desk Team
2. Project Manager and Core Project Team
3. Subject Matter Experts and Tool Administrator, if applicable

Outcomes of this step

Identify and plan for additional modules and features to be implemented

2.4.1 Repeat the methodology for additional ITSM modules, using the Checklists as a guide

The preparation completed in Phase 1 and 2 to this point provide a foundation for additional ITSM modules.

This blueprint starts with the incident management and service request modules as those are typically implemented first since they are the most impactful to day-to-day IT service management.

In addition, the methodology outlined in Phase 1 and 2 to this point provides a model to follow for additional ITSM modules:

• If you did not already account for additional modules in Phase 1, then repeat the steps in Phase 1 to define scope, stakeholders, and timeline.
• The Implementation Checklist Tool provides tabs for Change Management and Asset Management to outline the specific details for those topic areas, but they follow the same high-level steps as Phase 2 (e.g. review existing processes, design relevant workflows).
• If you are planning to implement other modules (e.g. Problem Management), create additional tabs in the Implementation Checklist Tool as needed, using the existing tabs as a base.

2.4.2 Leverage these blueprints to help you implement change and asset management modules

The Implementation Checklist Tool summarizes what you need to prepare for the implementation. If you need more assistance with developing the underlying ITSM processes, use the tools, templates, and guidance in the blueprints below.

Optimize IT Change Management

Define change management workflows, key roles, and supporting elements such as request-for-change forms based on best practices.

Implement Hardware Asset Management

Create an SOP and associated process workflows to streamline and standardize hardware asset management.

Implement Software Asset Management

Build on a strong hardware asset management program to also properly track and manage software assets. This includes managing software licensing, finding opportunities to reduce costs, and improving your software audit readiness.

Phase 3

Create a Deployment Plan (Communication, Training, Rollout)

This phase will walk you through the following steps:

1. Create a communication plan (for IT, users, and business leaders)
2. Create a training plan
3. Plan how you will deploy, monitor, and maintain the solution

ITSM Tool Training Schedule		ITSM Tool Deployment Plan Template
Use the template to document and plan the communications and training needs prior to deployment of the new tool.		Use the deployment plan template to document the strategy and decisions made for making the transition to the new ITSM tool.
	Download the ITSM Tool Training Schedule		Download the ITSM Tool Deployment Plan Template

Step 3.1

Create a communication plan (for IT, users, and business leaders)

Activities

This step involves the following participants:

1. CIO/IT Director
2. IT Manager
3. Service Manager

Outcomes of this step

Plan for communicating the change with business executives, service desk agents, and end users.

3.1.1 Ensure there is strong communication from management throughout the implementation and deployment

A common contributing factor for unsuccessful implementation is a lack of communication around training, transitioning, and deploying the new tool.

Common Pitfall:

Organizational communication and change management should have been ongoing and tightly monitored throughout the project. However, cut-over is a time in which critical communication regarding deployment and proper user training can be derailed when last-minute preparations take priority. Not only will general user frustration increase, but unintended process workarounds will emerge, eroding system effectiveness.

Mitigating Actions:

Deliver training for end users that will be engaged in testing. For all other users, deliver training prior to go-live to avoid the risk of training too early (where materials may not be ready or users are likely to forget what was learned). If possible, host quick refresher training a week or two prior to go-live.

Aim to communicate the upcoming go-live. The purpose of communication here is to reiterate expectations, complexities, and ramifications on business going forward. Alleviate performance anxiety by clearly stating that temporary drops in productivity are to be expected and that there will be appropriate assistance throughout the transition period.

Transition: Have the project/program manager remain on the project team for some time after deployment to oversee and assure smooth transition for the organization.

Complete training: Have a clear plan for training those users that were missed in the first round of training as well as a plan for ongoing training for those that require refresher training, for new joiners to your organization, and for any training requirements that result from subsequent upgrades.

3.1.2 Base your communications timeline on a classic change curve

It’s important to communicate the change ahead of the implementation, but also to reinforce that communication after implementation to recover from any resistance that occurs through the implementation itself.

Stages in a typical change curve:

1. Change is announced. Some people are skeptical and resistant, but others are enthusiastic. Most people are fence sitters; if they trust senior leadership, they will give the benefit of the doubt and expect change to be good.
2. Positive sentiment declines as implementation approaches. Training and other disruptions take people’s time and energy away from their work. Project setbacks and delays take credibility away from project leaders and seem to validate the efforts of saboteurs and skeptics.
3. Overall sentiment begins to improve as people adjust and see real progress made. Ideally, early successes or quick wins neutralize saboteurs and convert skeptics. At the very least, people will begin to accept and adapt to new realities.
4. If the project is successful and communication is reinforced after implementation, sentiment will peak and level out over time as people move on to other projects.

1. Honeymoon of “Uninformed Optimism”: Tentative support and enthusiasm for change before people have really felt or understood what it involves.
2. Backlash of “Informed Pessimism” (leading to “Valley of Despair”): People realize they’ve overestimated the benefits (or how soon they’ll be achieved) and underestimated the difficulty of change.
3. Valley of Despair and beginning of “Hopeful Realism”: Sentiment bottoms out and people begin to accept the difficulty (or inevitability) of change.
4. Bounce of “Informed Optimism”: More optimism and support when people begin to see bright spots and early successes.
5. Contentment of “Completion”: Change has been successfully adopted and benefits are being realized.

3.1.3 Communicate new processes

1. Communicate with business unit leaders and users:

• Focus on the benefits for end users to encourage buy-in for the change.
• Include preliminary instructions with a date for training sessions.

• Teach users how to contact the service desk and submit a ticket.
• Set expectations for IT’s response.
• Record all your training sessions so it can used for recursive training.

• IT must point users toward the new process, but ad hoc requests should still be expected at first. Deal with these politely but encourage all employees to use the new service desk ticketing process, if applicable.

• Continue to adjust communications if processes aren’t being followed to ensure SLAs can be met and improved.

“Communicate with your end users in phase 1 to let them know what will be changing, get feedback and buy-in, and inform them that training will be happening, then ensure you train them once the tool is installed. A lot of times we’ll get our tool set up but people don’t know how to use it."

– Director of ITSM Tools

Info-Tech Insight

If there is a new process for ticket input, consider using a reward system for users who submit a ticket through the proper channel ;(e.g. email or self-serve portal) instead of their old method (e.g. phone). However, if a significant cultural change is required, don’t expect it to happen right away.

Step 3.2

Create a training plan

Activities

This step involves the following participants:

• IT Director
• Project Manager
• Service Desk Manager

Outcomes of this step

• Training modules for different users of the tool.
• Assignment of training modules to users and schedule for completion.

3.2.1 Target training session(s) to the specific needs of your service desk and IT staff

Create targeted role-based training programs for your service desk analysts; they care about the portion of the solution they are responsible for, not the functionality that is irrelevant to their job.

Create and execute a role-based training program by conducting training sessions for targeted groups of users, training them on the functions they require to perform their jobs.

Use a table like this one to help identify which roles should be trained on which tasks within the ITSM tool.

The need for targeted training:

• IT personnel may challenge the need for training. They may feel they don’t require training on the use of tools or that they don’t have time to dedicate to training when there is so much work to be done.
• Providing targeted training focused on only the functions of the solution that each tier is responsible for can help to overcome that resistance.
• Targeted training may include basic training for level 1 technicians and more advanced in-depth training for administrators, power users, or level 2/3 technicians.

Info-Tech Insight:

Properly trained users promote adoption and improve results. Always keep training materials updated and available. New employees, new software integration, and internal promotions create opportunities for training employees to align the ITSM tool with their roles and responsibilities.

3.2.2 Provide training

Training must take place before deployment to ensure that both your service desk agents and end users will use the tool in the way it was intended and improve end-user satisfaction.

• Implementing a new ITSM tool will likely bring with it at least some degree of organizational and cultural change. It’s important to manage that change through proper training. Your training needs will vary depending on the maturity of the organization and the amount of cultural and process change being implemented.
• If this is your first ITSM solution with many new changes for staff to take on board, it will be important to dedicate training time not only before deployment but also several months after the initial installation, to allow staff to gain more experience with the new tool and processes and formulate questions they may not think to ask during implementation.
• A training plan should take into account not only training needs for the implementation project but also any ongoing training requirements that may be required. This may include:
  • Training for new personnel.
  • Training on any changes to the tool.
  • Training on any new processes the tool will support.
• Better agent training will lead to better performance and improved end-user satisfaction.

The blue graph line charts new-agent training hours against first contact resolution and the orange graph line charts the trendline for the dataset.

Source: MetricNet, 2012

3.2.3 Choose an appropriate training delivery method

Training should include use cases that focus on not only how the tool’s interface works but also how the tool should be used to support process activities.

1. Training through use cases highlights how the tool will support the user in role-based tasks.
2. If new processes are being introduced along with the tool, training should cover both in an integrated way.
3. Team leadership and management commitment ensures that all agents take their training seriously and are prepared for all use cases by the deployment date.

Info-Tech Insight:

Ensure that the training demonstrates not only how the tool should be used, but also the benefits it will provide your staff in terms of improved efficiency and productivity. Users who can clearly see the benefits the tool will provide for their daily work will accept the tool more readily and promote it across the organization.

Step 3.3

Plan how you will deploy, monitor, and maintain the solution

Activities

This step involves the following participants:

• IT Director
• Project Manager
• Service Desk Manager

Outcomes of this step

Deployment plan, including a plan for cut-over from the old tool (if applicable), release of the new tool, and post-deployment support and maintenance of the tool.

3.3.1 Plan the transition from your old tool to ensure continual functionality

If you will have a transitional period during which the current tool will be used alongside the new tool, develop a clear plan for the transition to ensure continued service for your end users.

• If there will be an interim period during which only some aspects of the new ITSM tool are functional, you will need to determine how the new system and old systems will work together for that period of time. This may require creating interfaces as well as providing user documentation and/or SOPs on how the business processes will operate during the interim period.
• Cut-over is the period during which the changeover to the new system occurs. Cut-over activities need to be tightly choreographed for a successful deployment. If improperly planned, chaos may erupt when unforeseen issues are encountered during deployment, the deployment may be jeopardized, and the organization may encounter costly interruptions to its daily operations.
• Many organizations may leave any open tickets in the old tool until they are closed, which requires that tool run alongside the new tool for a transitional period. In this case, it is necessary to create guidelines around how long the open tickets will remain in the old system and ensure there is clear communication around these processes.

Be prepared for the transition:

1. Create a robust cut-over plan that includes when the old tool will be decommissioned, what activities are necessary during the cut-over, and what the contingency plan is in case of unforeseen issues.
2. Plan for and perform mock cut-overs to establish the timeline and dependencies for all steps that need to be performed to successfully complete the changeover. Do this to avoid any surprises or delays during the true cut-over period.
3. Establish cut-over logistics: Create a schedule for resources to work in shifts to avoid burn-out during cut-over, which can lead to lapses in judgment and easily avoidable mistakes. Allocate dedicated workspaces for cut-over activities, e.g. “war rooms” for the triage of issues.

3.3.2 Choose a cut-over approach that works for you

Approaches and insights from three case studies

3.3.3 Deploy the solution and any new processes simultaneously to ease the transition

Follow a deployment plan for introducing new processes alongside the new tool to ensure changes to both process and technology are adopted simultaneously.

If you’re introducing new processes alongside the new tool, it’s important to maintain the link between process and tool. Typically, the processes and tool should be deployed simultaneously unless there is a strong reason not to do so.

Deployment can be done as a big-bang or phased approach. The decision to employ a phased deployment depends on the number and size of business units the tool will support, as well as the organization’s geography and infrastructure (deployment locations).

Before deployment, conduct readiness assessments to understand whether:

The people are ready to accept the new system (have received the proper training and communications and understand how their jobs will change when the switch is flipped).

The technology is ready (test results are favorable, workarounds and a plan for closure have been identified for any open defects, and the system is performing as expected).

The data is ready (data for final conversion has been cleansed, and all conversions have been rehearsed).

The post-deployment support model is ready (infrastructure and technical support is in place, sites are ready, knowledge transfer has been conducted with the support organization, and end users understand procedures for escalation of issues).

3.3.4 Have a post-deployment support plan in place

Ensure that strong internal support for the project and tool will continue after deployment.

The stabilization period after a new software deployment can last between three and nine months, during which there may be continued training needs and fine-tuning of processes. Internal support from project leaders within your organization will be critical to recover from any dip in operational efficiency and deliver the benefits of the tool.

Consider the following to prepare better for your support plan:

What are the roles and responsibilities for ongoing tool administration support?

What level of support will exist to assist service desk staff after deployment?

How much time will project team resources devote to tackling upcoming issues and assisting with ongoing support?

Who will be responsible for ongoing training needs and documentation?

If your organization is spread across multiple locations, what level of support/assistance will be available at each site?

How will new code releases or system upgrades be managed and communicated?

Info-Tech Insight:

Deployment is only the first step in the system lifecycle. Full benefit realization from the tool requires ongoing investment and learning to be sustained. Unless processes and training are updated on an ongoing basis, benefits gained will start to decrease over time. If your service desk efficiency stagnates at the level it was at prior to implementation, the tool has failed to serve its objective.

Establish ongoing tool maintenance, improvement structures, and processes

People, processes, and organizations change over time, and your ITSM tool will need to change to meet expectations.

Develop and execute a plan for the maintenance of the solution and its infrastructure components.

Assign responsibility for ongoing maintenance. Hold regular meetings for the following activities:

1. Inspect data and reports.
2. Assess whether you’re meeting SLAs.
3. Predict any upcoming changes that may impact ticket volume (e.g. a new operating system or security patch).
4. Create new ticket templates for recurring or upcoming issues.
5. Create new knowledgebase articles.
6. Determine whether ticket categories are being used correctly.
7. Ask team if there are any problems with the tool.

3.3.5 Monitor success metrics defined in Project Charter

Revisit your goals for the solution and assess if they are being met by evaluating current metrics. If your goals have not yet been met, re-evaluate how to ensure the tool will deliver value.

Sample High-Level Goals:

1. Improved service desk efficiency
2. Improved end-user satisfaction
3. Improved self-service options for end users
4. Improved data and reporting capabilities

Related Info-Tech Research

Optimize IT Change Management

Define change management workflows, key roles, and supporting elements such as request-for-change forms based on best practices.

Standardize the Service Desk

Build core elements of service desk operations, including incident management and service request workflows, ticket categorization schemes, and ticket prioritization rules.

Optimize the Service Desk With a Shift-Left Strategy

Implement tools such as an improved knowledgebase and self-service portal to enable lower tier support staff and end users to resolve incidents or fulfill service requests.

Incident and Problem Management

Develop a critical incident management workflow and create standard operating procedures for problem management.

IT Service Management Selection Guide

Identify the best-of-breed solution to make the most of your investment and engage the right stakeholders to define success.

Analyze Your Service Desk Ticket Data

Develop a framework to track metrics, clean data, and put your data to use for pre-defined timelines.

Bibliography

Adiga, Siddanth. “10 Reasons Why ITSM Implementations Fail.” Could Strategy, 6 May 2015. Web.

Hastie, Shane, and Stéphane Wojewoda. “Standish Group 2015 Chaos Report.” InfoQ, 4 October 2015. Web.

“How to Manage Change in the Implementation of an ITSM Software.” C2, 20 April 2015. Web.

Lockwood, Meghan. “First Look: Annual ServiceNow Insight and Vision Executive Summary [eBook].” Acorio, 31 October 2019. Web.

Mainville, David. “7 Steps to a Successful ITSM Tool Implementation.” Navvia, 2012. Web.

Rae, Barclay. “Preparing for ITSM Tool Implementation.” Joe the IT Guy, 24 June 2015. Web.

Rae, Barclay. “Successful ITSM Tool Implementation.” BrightTALK, 9 May 2013. Webcast.

Rumburg, Jeffrey. “Metric of the Month: Agent Training Hours.” MetricNet, 2012. Web.

Develop Meaningful Service Metrics

Select IT service metrics that drive business value.

ANALYST PERSPECTIVE

Are you measuring and reporting what the business needs to know?

“Service metrics are one of the key tools at IT’s disposal in articulating and ensuring its value to the business, yet metrics are rarely designed and used for that purpose.

Creating IT service metrics directly from business and stakeholder outcomes and goals, written from the business perspective and using business language, is critical to ensuring that the services that IT provides are meeting business needs.

The ability to measure, manage, and improve IT service performance in relation to critical business success factors, with properly designed metrics, embeds IT in the value chain of the business and ensures IT’s focus on where and how it enables business outcomes.”

Valence Howden,
Senior Manager, CIO Advisory
Info-Tech Research Group

Our understanding of the problem

Executive summary

Situation

• IT organizations measure services from a technology perspective yet rarely measure services from a business goal/outcome perspective.
• Most organizations do a poor job of identifying and measuring service outcomes over the duration of a service’s lifecycle – never ensuring the services remain valuable and meet expected long-term ROI.

Complication

• IT organizations have difficulty identifying the right metrics to demonstrate the value of IT services to the business in tangible terms.
• IT metrics, as currently designed, reinforce division between the IT and business perspectives of service performance. They drive siloed thinking and finger-pointing within the IT structure, and prevent IT resources from understanding how their work impacts business value.

Resolution

• Our program enables IT to develop the right service metrics to tie IT service performance to business value and user experience.
• Ensure the metrics you implement have immediate stakeholder value, reinforcing alignment between IT and the business while influencing behavior in the desired direction.
• Make sure that your metrics are defined in relation to the business goals and drivers, ensuring they will provide actionable outcomes.

Info-Tech Insight

1. Service metrics are critical to ensuring alignment of IT service performance and business service value achievement.
2. Service metrics reinforce positive business and end-user relationships by providing user-centric information that drives responsiveness and consistent service improvement.
3. Poorly designed metrics drive unintended and unproductive behaviors, which have negative impacts on IT and produce negative service outcomes.

Service metrics 101

The majority of CIOs feel metrics relating to business value and stakeholder satisfaction require significant improvement

A significantly higher proportion of CIOs than CEOs feel that there is significant improvement necessary for business value metrics and stakeholder satisfaction reporting.

N=364 N=364 (Source: Info-Tech CIO-CXO Alignment Diagnostic Survey)

Meaningless metrics are a headache for the business

A major pitfall of many IT organizations is that they often provide pages of technical metrics that are meaningless to their business stakeholders.

Poorly designed metrics hurt IT’s image within the organization

By providing metrics that do not articulate the value of IT services, IT reinforces its role as a utility provider and an outsider to strategic decisions.

Articulate meaningful service performance that supports the achievement of business outcomes

Service metrics measure the performance of IT services and how they enable or drive the activity outcomes.

A business process consists of multiple business activities. In many cases, these business activities require one or more supporting IT services.

For each business process, business stakeholders and their goals and objectives should be identified. For each business activity that supports the completion of a business process, define the success criteria that must be met in order to produce the desirable outcome. Identify the IT services that are used by business stakeholders for each business activity. Measure the performance of these services from a business perspective to arrive at the appropriate service metrics.

Differentiate between different types of metrics

Stakeholders have different goals and objectives; therefore, it is critical to identify what type of metrics should be presented to each stakeholder.

Implementing service metrics is a key step in becoming a service provider and business partner

As a prerequisite, IT organizations must have already established a solid relationship with the business and have a clear understanding of its critical business-facing services.

At the very least, IT needs to have a service-oriented view and understand the specific needs and objectives associated with each stakeholder.

Once IT can present service metrics that the business cares about, it can continue on the service provider journey by managing the performance of services based on business needs, determine and influence service demand, and assess service value to maximize benefits to the business.

Which processes drive service metrics?

Both business relationship management (BRM) and service level management (SLM) provide inputs into and receive outputs from service metrics.

Business Relationship Management BRM works to understand the goals and objectives of the business and inputs them into the design of the service metrics. Service Metrics BRM leverages service metrics to help IT organizations manage the relationship with the business. BRM articulates and manages expectations and ensures IT services are meeting business requirements.

Which processes drive service metrics?

Both BRM and SLM provide inputs into and receive outputs from service metrics.

Service Level Management SLM works with the business to understand service requirements, which are key inputs in designing the service metrics. Service Metrics SLM leverages service metrics in overseeing the day-to-day delivery of IT services. It ensures they are provided to meet expected service level targets and objectives.

Effective service metrics will deliver both service gains and relationship gains

Effective service metrics will provide the following service gains:

• Confirm service performance and identify gaps
• Drive service improvement to maximize service value
• Validate performance improvements while quantifying and demonstrating business value
• Ensure service reporting aligns with end-user experience
• Achieve and confirm process and regulatory compliance
  Which will translate into the following relationship gains:
  • Embed IT into business value achievement
  • Improve relationship between the business and IT
  • Achieve higher customer satisfaction (happier end users receiving expected service, the business is able to identify how things are really performing)
  • Reinforce desirable actions and behaviors from both IT and the business

Don’t let conventional wisdom become your roadblock

Our three-phase approach to service metrics development

Let Info-Tech guide you through your service metrics journey

1	2	3
Design Your Metrics	Develop and Validate Reporting	Implement, Track, and Maintain
Start the development and creation of your service metrics by keeping business perspectives in mind, so they are fully aligned with business objectives.	Identify the most appropriate presentation format based on stakeholder preference and need for metrics.	Track goals and success metrics for your service metrics programs. It allows you to set long-term goals and track your results over time.

CIOs must actively lead the design of the service metrics program

The CIO must actively demonstrate support for the service metrics program and lead the initial discussions to determine what matters to business leaders.

1. Lead the initiative by defining the need
   Show visible support and demonstrate importance
2. Articulate the value to both IT and the business
   Establish the urgency and benefits
3. Select and assemble an implementation group
   Find the best people to get the job done
4. Drive initial metrics discussions: goals, objectives, actions
   Lead brainstorming with senior business leaders
5. Work with the team to determine presentation formats and communication methods
   Identify the best presentation approach for senior stakeholders
6. Establish a feedback loop for senior management
   Solicit feedback on improvements
7. Validate the success of the metrics
   Confirm service metrics support business outcomes

Measure the success of your service metrics

It is critical to determine if the designed service metrics are fulfilling their intended purpose. The process of maintaining the service metrics program and the outcomes of implementing service metrics need to be monitored and tracked.

Measure the success of your service metrics

It is critical to determine if the designed service metrics are fulfilling their intended purpose. The process of maintaining the service metrics program and the outcomes of implementing service metrics need to be monitored and tracked.

Demonstrate monetary value and impact through the service metrics program

Implementing and measuring a video conferencing service

Use these icons to help direct you as you navigate this research

Use these icons to help guide you through each step of the blueprint and direct you to content related to the recommended activities.

This icon denotes a slide where a supporting Info-Tech tool or template will help you perform the activity or step associated with the slide. Refer to the supporting tool or template to get the best results and proceed to the next step of the project.

This icon denotes a slide with an associated activity. The activity can be performed either as part of your project or with the support of Info-Tech team members, who will come onsite to facilitate a workshop for your organization.

Info-Tech offers various levels of support to best suit your needs

Diagnostics and consistent frameworks used throughout all four options

Develop meaningful service metrics to ensure business and user satisfaction

	1. Design the Metrics	2. Design Reports and Dashboards	3. Implement, Track, and Maintain
Best-Practice Toolkit	Defining stakeholder needs for IT based on their success criteria Derive meaningful service metrics based on identified IT services and validate with business stakeholders Validate metrics can be collected and measured Determine calculation methodology	Presentation format selected based on stakeholder needs and preference for information Presentation format validated with stakeholders	Identify metrics that will be presented first to the stakeholders based on urgency or impact of the IT service Determine the process to collect data, select initial targets, and integrate with SLM and BRM functions Roll out the metrics implementation for a broader audience Establish roles and timelines for metrics maintenance
Guided Implementations	Design metrics based on business needs Validate the metrics	Select presentation format Review metrics presentation design	Select and implement pilot metrics Determine rollout process and establish maintenance/tracking mechanism
Onsite Workshop	Module 1: Derive Service Metrics From Business Goals	Module 2: Select and Design Reports and Dashboards	Module 3: Implement, Track, and Maintain Your Metrics to Ensure Success
	Phase 1 Outcome: Meaningful service metrics designed from stakeholder needs	Phase 2 Outcome: Appropriate presentation format selected for each stakeholder	Phase 3 Outcome: Metrics implemented and process established to maintain and track program success

Workshop overview

Contact your account representative or email Workshops@InfoTech.com for more information.

Develop Meaningful Service Metrics to Ensure Business and User Satisfaction

PHASE 1

Design the Metrics

Step (1): Design the Metrics

This step involves the following participants:

• CIO
• Business Relationship Manager (BRM)
• Service Level Manager (SLM)

Outcomes of this step

• Defined stakeholder needs for IT based on their success criteria
• Identified IT services that are tied to the delivery of business outcomes
• Derived meaningful service metrics based on identified IT services and validated with business stakeholders
• Validated that metrics can be collected and measured
• Determined calculation methodology

Phase 1 outline

Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

Guided Implementation 1: Design the Metrics

Proposed Time to Completion (in weeks): 4 weeks

Design your service metrics – overview

Step 1 Derive your service metrics Metrics Worksheet

Step 2 Validate your metrics Metrics Worksheet

Step 3 Confirm with stakeholders Metrics Tracking Sheet

Defined IT Service Metrics

Derive your service metrics from business objectives and needs

Derive your service metrics

This workbook guides the development and creation of service metrics that are directly tied to stakeholder needs.

This process will ensure that your service metrics are designed with the business perspective in mind so they are fully aligned with business objectives.

Who are the relevant stakeholders? What are the goals and pain points of your stakeholders? What do the stakeholders need to know? What does IT need to measure? What are the appropriate IT metrics? Download the Metrics Development Workbook.

Determine your stakeholders

Identify goals and pain points of your stakeholders

What do the stakeholders need to know?

What do I need to measure?

Derive service metrics

Validate your metrics

Once appropriate service metrics are derived from business objectives, the next step is to determine whether or not it is viable to actually measure the metrics.

Determine if you can measure the identified metric

Determine if you can measure the identified metric

Create the calculation to measure it

Determine how to calculate the metrics.

Define the actions to be taken for each metric

Validate the confirmed metrics with the business

INPUT: Selected service metrics, Discussion with the business

OUTPUT: Validated metrics with the business

Materials: Metrics with calculation methodology

Participants: IT and business stakeholders, Service owners

INSTRUCTIONS

1. Once you have derived the appropriate metrics and established that the metrics are measurable, you must go back to the targeted stakeholders and validate that the selected metrics will provide the right information to meet their identified goals and success criteria.
2. Add confirmed metrics to the Metrics Tracking Tool, in the Metrics Tracking Plan tab.

Example: Measuring the online banking service at a financial institution

Design service metrics to track service performance and value

If you want additional support, have our analysts guide you through this phase as part of an Info-Tech Workshop

Book a workshop with our Info-Tech analysts:

To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team. Info-Tech analyst will join you and your team onsite at your location or welcome you to Info-Tech's historic Toronto office to participate in an innovative onsite workshop. Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

The following are sample activities that will be conducted by Info-Tech analysts with your team:

1.1		Determine stakeholder needs, goals, and pain points The onsite analyst will help you select key stakeholders and analyze their business objectives and current pain points.
1.2		Determine the success criteria and related IT services The analyst will facilitate a discussion to uncover the information that these stakeholders care about. The group will also identify the IT services that are supporting these objectives.

If you want additional support, have our analysts guide you through this phase as part of an Info-Tech Workshop

Book a workshop with our Info-Tech analysts:

1.5		Derive the service metrics Based on the key performance indicators obtained in the previous page, derive meaningful business metrics that are relevant to the stakeholders.
1.6		Validate the data collection process The analyst will help the workshop group determine whether the identified metrics can be collected and measured. If so, a calculation methodology is created.
1.7		Validate metrics with stakeholders Establish a feedback mechanism to have business stakeholders validate the meaningfulness of the metrics.

Develop Meaningful Service Metrics to Ensure Business and User Satisfaction

PHASE 2

Design Reports and Dashboards

Step (2): Design Reports and Dashboards

This step involves the following participants:

• Business Relationship Manager
• Service Level Manager
• Business Stakeholders

Outcomes of this step

• Presentation format selected based on stakeholder needs and preference for information
• Presentation format validated with stakeholders

Phase 2 outline

Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

Guided Implementation 2: Design Reports and Dashboards

Proposed Time to Completion (in weeks): 3 weeks

Design the reports – overview

Step 1 Understand the pros and cons of different reporting styles

Step 2 Determine your reporting and presentation style Presentation Format Selection

Step 3 Design your metrics reports

Validated Service Reports

The reports must also display information in a way that generates actions. If your stakeholders cannot make decisions, kick off activities, or ask questions based on your reports, then they have no value.

Determine the right presentation format for your metrics

Most often, metrics are presented in the following ways:

Dashboard (PwC. “Mega-Trends and Implications.”)	Infographic (PwC. “Healthcare’s new entrants.”)
Report (PwC Blogs. “Northern Lights.”)	Scorecard (PwC. “Annual Report 2015.”)

Understand the advantages and disadvantages of each reporting style – Dashboard

A dashboard is a reporting method that provides a dynamic at-a-glance view of key metrics from the perspective of key stakeholders. It provides a quick graphical way to process important performance information in real time.

Dashboards present real-time metrics that can be accessed and viewed at any time

(Source: PwC. “Mega-Trends and Implications.”)

Metrics presented through online dashboards are calculated in real time, which allows for a dynamic, current view into the performance of IT services at any time.

Understand the advantages and disadvantages of each reporting style – Infographic

An infographic is a graphical representation of metrics or data, which is used to show information quickly and clearly. It’s based on the understanding that people retain and process visual information more readily than written details.

Infographics allow for completely unique designs

(Source: PwC. “Healthcare’s new entrants…”)

There is no limit when it comes to designing an infographic. The image used here visually articulates the effects of new entrants pulling away the market.

Understand the advantages and disadvantages of each reporting style – Formal Report

A formal report is a more structured and official reporting style that contains detailed research, data, and information required to enable specific business decisions, and to help evaluate performance over a defined period of time.

Formal reports provide a detailed view and analysis of performance

(Source: PwC Blogs. “Northern Lights: Where are we now?”)

An effective report incorporates visuals to demonstrate key improvements. Formal reports can still contain visuals, but they are accompanied with detailed explanations.

Understand the advantages and disadvantages of each reporting style – Scorecard

A scorecard is a graphic view of the progress and performance over time of key performance metrics. These are in relation to specified goals based on identified critical stakeholder objectives.

Scorecards provide a time-bound summary of performance against defined goals

(PwC. “Annual Report 2015.”)

Scorecards provide a summary of performance that is directly linked to the organizational KPIs.

Determine your report style

In this section, you will determine the optimal reporting style for the service metrics.

This guide contains four questions, which will help IT organizations identify the most appropriate presentation format based on stakeholder preference and needs for metrics.

Who is the relevant stakeholder? What are the defined actions for the metric? How frequently does the stakeholder need to see the metric? How does the stakeholder like to receive information?
Download the Metrics Presentation Format Selection Guide.

Determine your best presentation option

INPUT: Identified stakeholder and his/her role

OUTPUT: Proper presentation format based on need for information

Materials: Metrics Presentation Format Selection Guide

Participants: BRM, SLM, Program Manager

After deciding on the report type to be used to present the metric, the organization needs to consider how stakeholders will consume the metric.

There are three options based on stakeholder needs and available presentation options within IT.

1. Paper-based presentation is the most traditional form of reporting and works well with stakeholders who prefer physical copies. The report is produced at a specific time and requires no additional IT capability.
2. Online documents stored on webpages, SharePoint, or another knowledge management system could be used to present the metrics. This allows the report to be linked to other information and easily shared.
3. Online dashboards and graphics can be used to have dynamic, real-time reporting and anytime access. These webpages can be incorporated into an intranet and allow the user to view the metrics at any time. This will require IT to continuously update the data in order to maintain the accuracy of the metrics.

Design your metric reports with these guidelines in mind

1. Stakeholder-specificThe report must be driven by the identified stakeholder needs and preferences and articulate the metrics that are important to them.
2. ClarityTo enable decision making and drive desired actions, the metrics must be clear and straightforward. They must be presented in a way that clearly links the performance measurement to the defined outcome without leading to different interpretations of the results.
3. SimplicityThe report must be simple to read, understand, and analyze. The language of the report must be business-centric and remove as much complexity as possible in wording, imaging, and context.

Be sure to consider access rights for more senior reports. Site and user access permissions may need to be defined based on the level of reporting.

Metrics reporting on the video conferencing service

If you want additional support, have our analysts guide you through this phase as part of an Info-Tech Workshop

Book a workshop with our Info-Tech analysts:

To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team. Info-Tech analyst will join you and your team onsite at your location or welcome you to Info-Tech's historic Toronto office to participate in an innovative onsite workshop. Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

The following are sample activities that will be conducted by Info-Tech analysts with your team:

2.1		Understand the different presentation options The onsite analyst will introduce the group to the communication vehicles of infographic, scorecard, formal report, and dashboard.
2.1		Assess stakeholder needs for information For selected stakeholders, the analyst will facilitate a discussion on how stakeholders would like to view information and how the metrics can be presented to aid decision making.

If you want additional support, have our analysts guide you through this phase as part of an Info-Tech Workshop

Book a workshop with our Info-Tech analysts:

2.2

Select and design the metric report Based on the discussion, the working group will select the most appropriate presentation format and create a rough draft of how the report should look.

Develop Meaningful Service Metrics to Ensure Business and User Satisfaction

PHASE 3

Implement, Track, and Maintain Your Metrics

Step (3): Implement, Track, and Maintain Your Metrics

This step involves the following participants:

• Service Level Manager
• Business Relationship Manager
• Service Metrics Program Manager

Activities in this step

• Determine the first batch of metrics to be implemented as part of the pilot program
• Create a process to collect and validate data, determine initial targets, and integrate with SLM and BRM functions
• Present the metric reports to the relevant stakeholders and incorporate the feedback into the metric design
• Establish a standard process and roll out the implementation of metrics in batches
• Establish a process to monitor and track the effectiveness of the service metrics program and make adjustments when necessary

Phase 3 outline

Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

Guided Implementation 3: Implement, Track, and Maintain Your Metrics

Proposed Time to Completion (in weeks): 4 weeks

Implement, Track, and Maintain the Metrics

Step 1 Run your pilot Metrics Tracking Tool

Step 2 Validate success Metrics Tracking Tool

Step 3 Implement your metrics program in batches Metrics Tracking Tool

Active Service Metrics Program

This allows you to validate your approach and make refinements to the implementation and maintenance processes where necessary, prior to activating all service metrics.

Track the performance of your service metrics

The Metrics Tracking Tool will enable you to track goals and success metrics for your service metrics programs. It allows you to set long-term goals and track your results over time.

There are three sections in this tool: Metrics Tracking Plan. Identify the metrics to be tracked and their purpose. Metrics Tracking Actuals. Monitor and track the actual performance of the metrics. Remediation Tracking. Determine and document the steps that need to be taken to correct a sub-performing metric.

Select pilot metrics

INPUT: Identified services, Business feedback

OUTPUT: Services with most urgent need or impact

Materials: Service catalog or list of identified services

Participants: BRM, SLM, Business representatives

To start the implementation of your service metrics program and drive wider adoption, you need to run a pilot using a smaller subset of metrics.

INSTRUCTIONS

To determine the sample for the pilot, consider metrics that:

• Are related to critical business services and functions
or
• Address known/visible pain points for the business
or
• Were designed for supportive or influential stakeholders

Metrics that meet two or more criteria are ideal for the pilot

Collect and validate data

INPUT: Identified metrics

OUTPUT: A data collection mythology, Metrics tracking

Materials: Metrics

Participants: SLM, BRM, Service owner

You will need to start collection and validation of your identified data in order to calculate the results for your pilot metrics.

INSTRUCTIONS

1. Initiate data collection
   • Use the data sources identified during the design phase and initiate the data collection process.
2. Determine start date
   • If historical data can be retrieved and gathered, determine how far back you want your measurements to start.
3. Compile data and validate
   • Ensure that the information is accurate and up to date. This will require some level of data validation and audit.
4. Run the metric
   • Use the defined calculation and source data to generate the metrics result.
5. Record metrics results
   • Use the metrics tracking sheet to track the actual results.

Determine initial targets

INPUT: Historical data/baseline data

OUTPUT: Realistic initial target for improvement

Materials: Metrics Tracking Tool

Participants: BRM, SLM, Service owner

INSTRUCTIONS

Identify an initial service objective based on one or more of the following options:

1. Establish an initial target using historical data and trends of performance.
2. Establish an initial target based on stakeholder-identified requirements and expectations.
3. Run the metrics report over a defined period of time and use the baseline level of achievement to establish an initial target.

The target may not always be a number - it could be a trend. The initial target will be changed after review with stakeholders

Integrate with SLM and BRM processes

INPUT: SLM and BRM SOPs or responsibility documentations

OUTPUT: Integrate service metrics into the SLM/BRM role

Materials: SLM / BRM reports

Participants: SLM, BRM, CIO, Program manager, Service manager

The service metrics program is usually initiated, used, and maintained by the SLM and BRM functions.

INSTRUCTIONS

Ensure that the metrics pilot is integrated with those functions by:

1. Engaging with SLM and BRM functions/resources
   • Identify SLM and BRM resources associated with or working on the services where the metrics are being piloted
   • Obtain their feedback on the metrics/reporting
2. Integrating with the existing reporting and meeting cycles
   • Ensure the metrics will be calculated and available for discussion at standing meetings and with existing reports
3. Establishing the metrics review and validation cycle for these metrics
   • Confirm the review and validation period for the metrics in order to ensure they remain valuable and actionable

Generate reports and present to stakeholders

INPUT: Identified metrics, Selected presentation format

OUTPUT: Metrics reports that are ready for distribution

Materials: Metrics Presentation Format Selection Guide

Participants: BRM, SLM, CIO, Business representatives

INSTRUCTIONS

Once you have completed the calculation for the pilot metrics:

1. Confirm the report style for the selected metrics (as defined in Phase 2)
2. Generate the reporting for the pilot metrics
3. Present the pilot metric reports to the identified BRM and SLM resources who will present the reporting to the stakeholders
4. Gather feedback from Stakeholders on metrics - results and process
5. Create and execute remediation plans for any actions identified from the metrics
6. Initiate the review cycle for metrics (to ensure they retain value)

Plan the rollout and implementation of the metrics reporting program

INPUT: Feedback from pilot, Services in batch

OUTPUT: Systematic implementation of metrics

Materials: Metrics Tracking Tool

Participants: BRM, SLM, Program manager

Upon completion of the pilot, move to start the broader implementation of metrics across the organization:

INSTRUCTIONS

1. Identify the service metrics that you will implement. They can be selected based on multiple criteria, including:
   • Organizational area/business unit
   • Service criticality
   • Pain points
   • Stakeholder engagement (detractors, supporters)
2. Create a rollout plan for implementation in batches, identifying expected launch timelines, owners, targeted stakeholders, and communications plans
3. Use the implementation plan from the pilot to roll out each batch of service metrics:
   • Collect and validate data
   • Determine target(s)
   • Integrate with BRM and SLM
   • Generate and communicate reports to stakeholders

Maintain the service metrics

INPUT: Feedback from business stakeholders

OUTPUT: Modification to individual metrics or to the process

Materials: Metrics Tracking Tool, Metrics Development Workbook

Participants: CIO, BRM, SLM, Program manager, Service owner

Once service metrics and reporting become active, it is necessary to determine the review time frame for your metrics to ensure they remain useful.

INSTRUCTIONS

1. Confirm and establish a review time frame with stakeholders (e.g. annually, bi-annually, after organizational or strategic changes).
2. Meet with stakeholders by the review date to discuss the value of existing metrics and validate:
   • Whether the goals associated with the metrics are still valid
   • If the metric is still necessary
   • If there is a more effective way to present the metrics
3. Track actions based on review outcomes and update the remediation tracking sheet.
4. Update tracking sheet with last complete review date.

Maintain the metrics

Based on the outcome of the review meeting, decide what needs to be done for each metric, using the following options:

Ensuring metrics remain valuable

If you want additional support, have our analysts guide you through this phase as part of an Info-Tech Workshop

Book a workshop with our Info-Tech analysts:

To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team. Info-Tech analyst will join you and your team onsite at your location or welcome you to Info-Tech's historic Toronto office to participate in an innovative onsite workshop. Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

The following are sample activities that will be conducted by Info-Tech analysts with your team:

3.1		Select the pilot metrics The onsite analyst will help the workshop group select the metrics that should be first implemented based on the urgency and impact of these metrics.
3.2		Gather data and set initial targets The analyst will help the group create a process to gather data, measure baselines, and set initial targets.

If you want additional support, have our analysts guide you through this phase as part of an Info-Tech Workshop

Book a workshop with our Info-Tech analysts:

3.5		Generate the reports and validate with stakeholders The Info-Tech analyst will help the group establish a process to receive feedback from the business stakeholders once the report is generated.
3.6		Implement the service metrics program The analyst will facilitate a discussion on how to implement the metrics program across the organization.
3.7		Track and maintain the metrics program Set up a mechanism to ensure the success of the metrics program by assessing process adherence and process validity.

Insight breakdown

Insight 1

Service metrics are critical to ensuring alignment of IT service performance and business service value achievement.

Insight 2

Service metrics reinforce positive business and end-user relationships by providing user-centric information that drives responsiveness and consistent service improvement.

Insight 3

Poorly designed metrics drive unintended and unproductive behaviors that have negative impacts on IT and produce negative service outcomes.

Summary of accomplishment

Knowledge Gained

• Follow a methodology to identify metrics that are derived from business objectives.
• Understand the proper presentation format based on stakeholder needs for information.
• Establish a process to ensure the metrics provided will continue to provide value and aid decision making.

Processes Optimized

• Metrics presentation to business stakeholders
• Metrics maintenance and tracking

Deliverables Completed

• Metrics Development Workbook
• Metrics Presentation Format Selection Guide
• Metrics Tracking Tool

Research contributors and experts

Related Info-Tech research

	Design & Build a User-Facing Service Catalog The user-facing service catalog is the go-to place for IT service-related information.
	Unleash the True Value of IT by Transforming Into a Service Provider Earn your seat at the table and influence business strategy by becoming an IT service provider.

Bibliography

Pollock, Bill. “Service Benchmarking and Measurement: Using Metrics to Drive Customer Satisfaction and Profits.” Aberdeen Group. June 2009. http://722consulting.com/ServiceBenchmarkingandMeasurement.pdf

PwC. “Mega-Trends and Implications.” RMI Discussion. LinkedIn SlideShare. September 2015. http://www.slideshare.net/AnandRaoPwC/mega-trends-and-implications-to-retirement

PwC. “Healthcare’s new entrants: Who will be the industry’s Amazon.com?” Health Research Institute. April 2014. https://www.pwc.com/us/en/health-industries/healthcare-new-entrants/assets/pwc-hri-new-entrant-chart-pack-v3.pdf

PwC. “Northern Lights: Where are we now?” PwC Blogs. 2012. http://pwc.blogs.com/files/12.09.06---northern-lights-2--summary.pdf

PwC. “PwC’s key performance indicators

Select a Security Outsourcing Partner

Outsource the right functions to secure your business.

Analyst Perspective

Understanding your security needs and remaining accountable is the key to selecting the right partner.

The need for specialized security services is fast becoming a necessity to most organizations. However, resource challenges will always mean that organizations will still have to take practical measures to ensure that the time, quality, and service that they require from outsourcing partners have been carefully crafted and packaged to elicit the right services that cover all their needs and requirements.

Organizations must ensure that security partners are aligned not only with their needs and requirements, but also with the corporate culture. Rather than introducing hindrances to daily operations, security partners must support business goals and protect the organization’s interests at all times.

And as always, outsource only your responsibilities and do not outsource your accountability, as that will cost you in the long run.

Danny Hammond
Research Analyst
Security, Risk, Privacy & Compliance Practice
Info-Tech Research Group

Executive Summary

Info-Tech Insight

Mitigate security risks by developing an end-to-end process that ensures you are outsourcing your responsibilities and not your accountability.

Your Challenge

This research is designed to help organizations select an effective security outsourcing partner.

• A security outsourcing partner is a third-party service provider that offers security services on a contractual basis depending on client needs and requirements.
• An effective outsourcing partner can help an organization improve its security posture by providing access to more specialized security experts, tools, and technologies.
• One of the main challenges with selecting a security outsourcing partner is finding a partner that is a good fit for the organization's unique security needs and requirements.
• Security outsourcing partners typically have access to sensitive information and systems, so proper controls and safeguards must be in place to protect all sensitive assets.
• Without careful evaluation and due diligence to ensure that the partner is a good fit for the organization's security needs and requirements, it can be challenging to select an outsourcing partner.

Outsourcing is effective, but only if done right

• 83% of decision makers with in-house cybersecurity teams are considering outsourcing to an MSP (Syntax, 2021).
• 77% of IT leaders said cyberattacks were more frequent (Syntax, 2021).
• 51% of businesses suffered a data breach caused by a third party (Ponemon, 2021).

Common Obstacles

The problem with selecting an outsourcing partner isn’t a lack of qualified partners, it’s the lack of clarity about an organization's specific security needs.

• Most organizations do not have a clear understanding of their current security posture, their security goals, and the specific security services they require. Without a clear understanding of their needs, organizations may struggle to identify a partner that can meet their requirements.
• Breakdowns and lack of communication can be a significant obstacle, especially when clear lines of communication with partners, including regular check-ins, reporting, and incident response protocols, have not been clearly established.
• Ensuring that security partner's systems and processes integrate seamlessly with existing systems can be a challenge for most organizations. This is in addition to making sure that security partners have the necessary access and permissions to perform their services effectively.
• Adhering to security policies is rarely a priority to users, as compliance often feels like an interference to daily workflow. For a lot of organizations, security policies are not having the desired effect.

Source: IBM, 2022 Cost of a Data Breach; N=537.

Info-Tech’s methodology for selecting a security outsourcing partner

Determine your responsibilities

Determine what responsibilities you can outsource to a service partner. Analyze which responsibilities you should outsource versus keep in-house? Do you require a service partner based on identified responsibilities?

Scope your requirements

Refine the list of role-based requirements, variables, and features you will require. Use a well-known list of critical security controls as a framework to determine these activities and send out RFPs to pick the best candidate for your organization.

Manage your outsourcing program

Adopt a program to manage your third-party service security outsourcing. Trust your managed security service providers (MSSP) but verify their results to ensure you get the service level you were promised.

Select a Security Outsourcing Partner

Blueprint benefits

Insight summary

Overarching insight: You can outsource your responsibilities but not your accountability.

Determine what to outsource: Assess your responsibilities to determine which ones you can outsource. It is vital that an understanding of how outsourcing will affect the organization, and what cost savings, if any, to expect from outsourcing is clear in order to generate a list of responsibilities that can/should be outsourced.

Select the right partner: Create a list of variables to evaluate the MSSPs and determine which features are important to you. Evaluate all potential MSSPs and determine which one is right for your organization

Manage your MSSP: Align the MSSP to your organization. Adopt a program to monitor the MSSP which includes a long-term strategy to manage the MSSP.

Identifying security needs and requirements = Effective outsourcing program: Understanding your own security needs and requirements is key. Ensure your RFP covers the entire scope of your requirements; work with your identified partner on updates and adaptation, where necessary; and always monitor alignment to business objectives.

Measure the value of this blueprint

After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.

Overall Impact: 8.9 /10

Overall Average Cost Saved: $22,950

Overall Average Days Saved: 9

Info-Tech offers various levels of support to best suit your needs

DIY Toolkit
"Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful."

Guided Implementation
"Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track."

Workshop
"We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place."

Consulting
"Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

Diagnostics and consistent frameworks are used throughout all four options.

Data and Analytics Trends Report 2023

SOONER OR LATER, YOU WILL BE IN THE DATA BUSINESS!

Nine Data Trends for 2023

In this report, we explore nine data use cases for emerging technologies that can improve on capabilities needed to compete in the data-driven economy. Use cases combine emerging data trends and modernization of existing capabilities.

1. VOLUME
   • Data Gravity
2. VELOCITY

• Democratizing Real-Time Data

• Augmented Data Management

• Identity Authenticity

• Data Monetization

• Adaptive Data Governance

• AI-Driven Storytelling & Augmented Analytics

• Data Marketplace

• DevOps – DataOps – XOps

VOLUME

Data Gravity

Trend 01 Demand for storage and bandwidth continues to grow

When organizations begin to prioritize data, they first consider the sheer volume of data, which will influence data system design. Your data systems must consider the existing and growing volume of data by assessing industry initiatives such as digital transformation, Industry 4.0, IoT, consumer digital footprint, etc.

VOLUME

Data Gravity

Data attracts more data and an ecosystem of applications and services

SharePoint, OneDrive, Google Drive, and Dropbox offer APIs and integration opportunities for developers to enhance their products.

Social media platforms thought about this early by allowing for an ecosystem of filters, apps, games, and effects that engage their users with little to no additional effort from internal resources.

VOLUME

Data Gravity

Focus on data gravity and avoid cloud repatriation

Data gravity is the tendency of data to attract applications, services, and other data. A growing number of cloud migration decisions will be made based on the data gravity concept. It will become increasingly important in data strategies, with failure potentially resulting in costly cloud repatriations.

Emerging technologies and capabilities:

Data Lakehouse, Data Mesh, Data Fabric, Hybrid Data, Cloud Data, Edge Computing

Source: CIO, 2022

VOLUME

Data Gravity

What worked for terabytes is ineffective for petabytes

When compared to on-premises infrastructure, cloud computing is less expensive and easier to implement. However, poor data replication and data gravity can significantly increase cloud costs to the point of failure. Data gravity will help organizations make better cloud migration decisions.

It is also critical to recognize changes in the industry landscape. The goal of data processing and analytics is to generate the right data for users to act on. In most cases, the user is a human being, but in the case of autonomous driving (AD), the car takes on the role of the user (DXC Technology).

To avoid cloud repatriation, it will become prudent for all organizations to consider data gravity and the timing of cloud migration.

VELOCITY

Democratizing Real-Time Data

Trend 02 Real-time analytics presents an important differentiator

The velocity element of data can be assessed from two standpoints: the speed at which data is being generated and how fast the organization needs to respond to the incoming information through capture, analysis, and use. Traditionally data was processed in a batch format (all at once or in incremental nightly data loads). There is a growing demand to process data continuously using streaming data-processing techniques.

Emerging technologies and capabilities:

Edge Computing

VELOCITY

Democratizing Real-Time Data

Make data accessible to everyone in real time

• 90% of an organization’s data is replicated or redundant.
• Build API and web services that allow for live access to data.
• Most social media platforms, like Twitter and Facebook, have APIs that offer access to incredible amounts of data and insights.

VELOCITY

Democratizing Real-Time Data

Trend in Data Velocity

Data democratization means data is widely accessible to all stakeholders without bottlenecks or barriers. Success in data democratization comes with ubiquitous real-time analytics. Google highlights a need to address democratization in two different frames:

1. Democratizing stream analytics for all businesses to ensure real-time data at the company level.
2. Democratizing stream analytics for all personas and the ability of all users to generate real-time insights.

Emerging technologies and capabilities:

Data Lakehouse, Streaming API Ecosystem, Industry 4.0, Zero-Copy Cloning

Nearly 70% of all new vehicles globally will be connected to the internet by 2023.

Source: “Connected light-duty vehicles,” Statista, 2022

VELOCITY

Democratizing Real-Time Data

Enable real-time processing with API

In the past, data democratization has largely translated into a free data set and open data portals. This has allowed the government to freely share data with the public. Also, the data science community has embraced the availability of large data sets such as weather data, stock data, etc. In the future, more focus will be on the combination of IoT and steaming analytics, which will provide better responsiveness and agility.

Many researchers, media companies, and organizations now have easy access to the Twitter/Facebook API platform to study various aspects of human behavior and sentiments. Large technology companies have already democratized their data using real-time APIs.

Thousands of sources for open data are available at your local municipalities alone.

6G will push Wi-Fi connectivity to 1 terabyte per second! This is expected to become commercially available by 2030.

VARIETY

Augmented Data Management

Trend 03 Need to manage unstructured data

The variety of data types is increasingly diverse. Structured data often comes from relational databases, while unstructured data comes from several sources such as photos, video, text documents, cell phones, etc. The variety of data is where technology can drive business value. However, unstructured data also poses a risk, especially for external data.

VARIETY

Augmented Data Management

Employ AI to automate data management

New tools will enhance many aspects of data management:

• Data preparation, integration, cataloging, and quality
• Metadata management
• Master data management

Enabling AI-assisted decision-making tools

VARIETY

Augmented Data Management

Trend in Data Variety

Augmented data management will enhance or automate data management capabilities by leveraging AI and related advanced techniques. It is quite possible to leverage existing data management tools and techniques, but most experts have recognized that more work and advanced patterns are needed to solve many complex data problems.

Emerging technologies and capabilities:

Data Factory, Data Mesh, Data Fabric, Artificial Intelligence, Machine Learning

VARIETY

Augmented Data Management

Data Fabric vs. Data Mesh: The Data Journey continues at an accelerated pace

More Unstructured Data

95% of businesses cite the need to manage unstructured data as a problem for their business.

VERACITY

Identity Authenticity

Trend 04 Veracity of data is a true test of your data capabilities

Data veracity is defined as the accuracy or truthfulness of a data set. More and more data is created in semi-structured and unstructured formats and originates from largely uncontrolled sources (e.g. social media platforms, external sources). The reliability and quality of the data being integrated should be a top concern. The veracity of data is imperative when looking to use data for predictive purposes. For example, energy companies rely heavily on weather patterns to optimize their service outputs, but weather patterns have an element of unpredictability.

VERACITY

Identity Authenticity

Veracity of data is a true test of your data capabilities

• Stop creating your own identity architectures and instead integrate a tried-and-true platform.
• Aim for a single source of truth for digital identity.
• Establish data governance that can withstand scrutiny.
• Imagine a day in the future where verified accounts on social media platforms are available.
• Zero-trust architecture should be used.

VERACITY

Identity Authenticity

Trend in Data Veracity

Veracity is a concept deeply linked to identity. As the value of the data increases, a greater degree of veracity is required: We must provide more proof to open a bank account than to make friends on Facebook. As a result, there is more trust in bank data than in Facebook data. There is also a growing need to protect marginalized communities.

Emerging technologies and capabilities:

Zero Trust, Blockchain, Data Governance, IoT, Cybersecurity

VERACITY

Identity Authenticity

The identity discussion is no longer limited to people or organizations. The development of new technologies, such as the IoT phenomenon, will lead to an explosion of objects, from refrigerators to shipping containers, coming online as well. If all these entities start communicating with each other, standards will be needed to establish who or what they are.

The IoT market is expected to grow 18% to 14.4 billion in 2022 and 27 billion by 2025.

Source: IoT Analytics, 2022

VALUE

Data Monetization

Trend 05 Not Many organization know the true value of their data

Data can be valuable if used effectively or dangerous if mishandled. The rise of the data economy has created significant opportunities but also has its challenges. It has become urgent to understand the value of data, which may vary for stakeholders based on their business model and strategy. Organizations first need to understand ownership of their data by establishing a data strategy, then they must improve data maturity by developing a deeper understanding of data value.

VALUE

Data Monetization

Start developing your data business

• Blockbuster ran its business well, but Netflix transformed the video rental industry overnight!
• Big players with data are catching up fast.
• You don’t have to be a giant to monetize data.
• Data monetization is probably closer than you think.
• You simply need to find it, catalog it, and deliver it.

VALUE

Data Monetization

Trend in Data Value

Data monetization is the transformation of data into financial value. However, this does not imply selling data alone. Monetary value is produced by using data to improve and upgrade existing and new products and services. Data monetization demands an organization-wide strategy for value development.

Emerging technologies and capabilities:

Data Strategy, Data Monetization Strategy, Data Products

Netflix uses big data to save $1 billion per year on customer retention.

Source: Logidots, 2021

VALUE

Data Monetization

Data is a strategic asset

Data is beyond currency, assets, or commodities and needs to be a category
of its own.

• Data always outlives people, processes, and technology. They all come and go while data remains.
• Oil is a limited resource. Data is not. Unlike oil, data is likely to grow over time.
• Data is likely to outlast all other current popular financial instruments, including currency, assets, or commodities.
• Data is used internally and externally and can easily be replicated or combined.

Data monetization is currently in the speculative territory, which is unacceptable. It should instead be guided by sound data management theory.

VIRTUE

Adaptive Data Governance

Trend 06 Five Core Virtues: Resilience, Humility, Grit, Liberal Education, Empathy (Forbes, 2020)

We have become more and more dependent on data, analytics, and organizational protection policies. Data virtue is about leveraging data securely and ethically. This topic has become more critical with the advent of GDPR, the right to be forgotten, and related regulations. Data governance, which seeks to establish an oversight framework that manages the creation, acquisition, integrity, security, compliance, and quality of data, is essential for any organization that makes decisions about data.

VIRTUE

Adaptive Data Governance

Encourage noninvasive and automated data governance

• Data governance affects the entire organization, not just data.
• The old model for data governance was slow and clumsy.
• Adaptive data governance encourages faster decision making and a more collaborative approach to governance.
• Agile data governance allows for faster and more flexible decision making.
• Automated data governance will simplify execution across the organization.
• It is great for compliance, quality, impact tracking, and cross-referencing and offers independence to data users.

VIRTUE

Adaptive Data Governance

Trend in Data Virtue

Adaptive data governance encourages a flexible approach that allows an organization to employ multiple data governance strategies depending on changing business situations. The other aspect of adaptive data governance is moving away from manual (and often slow) data governance and toward aggressive automation.

Emerging technologies and capabilities:

AI-Powered Data Catalog and Metadata Management,
Automated Data Policy Enforcement

VIRTUE

Data Governance Automation

Simple and easy Data Governance

Tools are not the ultimate answer to implementing data governance. You will still need to secure stakeholders' buy-in and engagement in the data process. Data governance automation should be about simplifying the execution of roles and responsibilities.

“When you can see where your data governance strategy can be improved, it’s time to put in place automation that help to streamline processes.”

Source: Nintex, 2021

VISUALIZATION

AI-Driven Storytelling & Augmented Analytics

Trend 07 Automated and augmented data storytelling is not that far away

Today, data storytelling is led by the user. It’s the manual practice of combining narrative with data to deliver insights in a compelling form to assist decision makers in engaging with data and analytics. A story backed by data is more easily consumed and understood than a dashboard, which can be overwhelming. However, manual data storytelling has some major shortcomings.

Problem # 1: Telling stories on more than just the insights noticed by people

Problem # 2: Poor data literacy and the limitations of manual self-service

Problem # 3: Scaling data storytelling across the business

VISUALIZATION

AI-Driven Storytelling & Augmented Analytics

Use AI to enhance data storytelling

• Tableau, Power BI, and many other applications already use
  AI-driven analytics.
• Power BI and SharePoint can use AI to generate visuals for any SharePoint list in a matter of seconds.

VISUALIZATION

AI-Driven Storytelling & Augmented Analytics

Trend in Data Visualization

AI and natural language processing will drive future visualization and data storytelling. These tools and techniques are improving rapidly and are now designed in a streamlined way to guide people in understanding what their data means and how to act on it instead of expecting them to do self-service analysis with dashboards and charts and know what to do next. Ultimately, being able to understand how to translate emotion, tropes, personal interpretation, and experience and how to tell what’s most relevant to each user is the next frontier for augmented and automated analytics

Emerging technologies and capabilities:

AI-Powered Data Catalog and Metadata Management,
Automated Data Policy Enforcement

VISUALIZATION

Data Storytelling

Augmented data storytelling is not that far away

Emotions are a cornerstone of human intelligence and decision making. Mastering the art of storytelling is not easy.

Industry experts predict the combination of data storytelling with augmented and automated techniques; these capabilities are more than capable of generating and automating parts of a data story’s creation for end users.

The next challenge for AI is translating emotion, tropes, personal interpretation, and experience into what is most essential to end users.

Source: Yellowfin, 2021

VIRALITY

Data Marketplace

Trend 08 Missing data marketplace

Data virality measures data spread and popularity. However, for data virality to occur, an ecosystem comparable to that of traditional or modern digital marketplaces is required. Organizations must reevaluate their data strategies to ensure investment in appropriate data domains by understanding data virality. Data virality is the exact opposite of dark data.

Dark data is “all the information companies collect in their regular business processes, don’t use, have no plans to use, but will never throw out.”

Source: Forbes, 2019

VIRALITY

Data Marketplace

Make data easily accessible

• Making data accessible to a broader audience is the key to successful virality.
• Data marketplaces provide a location for you to make your data public.
• Why do this? Contributing to public data marketplaces builds credibility, just like contributing to public GitHub projects.
• Big players like Microsoft, Amazon, and Snowflake already do this!
• Snowflake introduced zero-copy cloning, which allows users to interact with source data without compromising the integrity of the original source.

VIRALITY

Data Marketplace

Trend in Data Virality

The data marketplace can be defined as a dynamic marketplace where users decide what has the most value. Companies can gauge which data is most popular based on usage and decide where to invest. Users can shop for data products within the marketplace and then join these products with other ones they’ve created to launch truly powerful data-driven projects.

Emerging technologies and capabilities:

AI-Powered Data Catalog and Metadata Management,
Automated Data Policy Enforcement

“Data is like garbage. You’d better know what you are going to do with it before you collect it.”

– Mark Twain

VIRALITY

Data Marketplace

Journey from siloed data platforms to dynamic data marketplaces

Data remains a complex topic due to many missing foundational components and infrastructure. Interoperability, security, quality, discoverability, speed, and ease are some of those missing foundational components that most organizations face daily.

Data lacks an ecosystem that is comparable to those of traditional assets or commodities. Data must be available in open or closed data marketplaces to measure its value. These data marketplaces are still in their infancy.

“Data markets are an important component of the data economy that could unleash the full potential of data generated by the digital economy and human activity in general.”

Source: ITU Journal, 2018

VISCOSITY

DevOps – DataOps – XOps

Trend 09 Increase efficiency by removing bottlenecks

Compared to water, a fluid with a high viscosity flows more slowly, like honey. Data viscosity measures the resistance to flow in a volume of data. The data resistance may come from other Vs (variety, velocity, etc.).

VISCOSITY

DevOps – DataOps – XOps

Increase efficiency by removing bottlenecks

Consider XOps for a second. It makes no difference what X is. What's important is matching operational requirements to enterprise capabilities.

• For example, Operations must meet the demands of Sales – hence SalesOps
  or S&Op.
• Development resources must meet the demands of Operations – hence DevOps.
• Finally, Data must also meet the demand of Operations.

These Operations guys are demanding!!

VISCOSITY

DevOps – DataOps – XOps

Trend in Data Viscosity

The merger of development (Dev) and IT Operations (Ops) started in software development with the concept of DevOps. Since then, new Ops terms have formed rapidly (AIOps, MLOps, ModelOps, PlatformOps, SalesOps, SecOps, etc.). All these methodologies come from Lean manufacturing principles, which seek to identify waste by focusing on eliminating errors, cycle time, collaboration, and measurement. Buzzwords are distractions, and the focus must be on the underlying goals and principles. XOps goals should include the elimination of errors and improving efficiencies.

Emerging technologies and capabilities:

Collaborative Data Management, Automation Tools

VISCOSITY

DataOps → Data Observability

Data observability, a subcomponent of DataOps, is a set of technical practices, cultural norms, and architecture that enables low error rates. Data observability focuses on error rates instead of only measuring data quality at a single point in time.

What’s next? Go beyond the buzzwords.

Avoid following trends solely for the sake of following them. It is critical to comprehend the concept and apply it to your industry. Every industry has its own set of problems and opportunities.

Highlight the data trends (or lack thereof) that have been most beneficial to you in your organizations. Follow Info-Tech’s approach to building a data practice and platform to develop your data capabilities through the establishment of data goals.

Research Authors

Rajesh Parab Director, Research & Advisory Data and Analytics	Chris Dyck Research Lead Data and Analytics

“Data technologies are rapidly evolving. Understanding what’s possible is critical. Adapting to these upcoming data trends requires a solid data management foundation.”

– Rajesh Parab

Contributing Experts

Carlos Thomas Executive Counselor Info-Tech Research Group	John Walsh Executive Counselor Info-Tech Research Group

Bibliography

Bean, Randy. “Why Becoming a Data-Driven Organization Is So Hard.” Harvard Business Review, 24 Feb. 2022. Accessed Oct. 2022.
Brown, Annie. “Utilizing AI And Big Data To Reduce Costs And Increase Profits In Departments Across An Organization.” Forbes, 13 April 2021.
Accessed Oct. 2022.
Burciaga, Aaron. “Five Core Virtues For Data Science And Artificial Intelligence.” Forbes, 27 Feb. 2020. Accessed Aug. 2022.
Cadwalladr, Carole, and Emma Graham-Harrison. “Revealed: 50 million Facebook profiles harvested for Cambridge Analytica in major data breach.”
The Guardian, 17 March 2018. Accessed Aug. 2022.
Carlier, Mathilde. “Connected light-duty vehicles as a share of total vehicles in 2023.” Statista, 31 Mar. 2021. Accessed Oct. 2022.
Carter, Rebekah. “The Ultimate List of Big Data Statistics for 2022.” Findstack, 22 May 2021. Accessed Oct. 2022.
Castelvecchi, Davide. “Underdog technologies gain ground in quantum-computing race.” Nature, 6 Nov. 2023. Accessed Feb. 2023.
Clark-Jones, Anthony, et al. “Digital Identity:” UBS, 2016. Accessed Aug 2022.
“The Cost of Bad Data – Infographic.” Pragmatic Works, 25 May 2017. Accessed Oct. 2022.
Demchenko, Yuri, et al. “Data as Economic Goods: Definitions, Properties, Challenges, Enabling Technologies for Future Data Markets.“ ITU Journal: ICT Discoveries, Special Issue, no. 2, vol. 23, Nov. 2018. Accessed Aug 2022.
Feldman, Sarah. ”20 Years of Quantum Computing Growth.” Statista, 6 May 2019. Accessed Oct. 2022.
“Genomic Data Science.” NIH, National Human Genome Research Institute, 5 April 2022. Accessed Oct. 2022.

Bibliography

Hasbe, Sudhir, and Ryan Lippert. “The democratization of data and insights: making real-time analytics ubiquitous.” Google Cloud, 15 Jan. 2021.
Accessed Aug. 2022.
Helmenstine, Anne. “Viscosity Definition and Examples.” Science Notes, 3 Aug. 2021. Accessed Aug. 2022.
“How data storytelling and augmented analytics are shaping the future of BI together.” Yellowfin, 19 Aug. 2021. Accessed Aug. 2022.
“How Netflix Saves $1B Annually using AI?” Logidots, 24 Sept. 2021. Accessed Oct. 2022
Hui, Kenneth. “The AWS Love/Hate Relationship with Data Gravity.” Cloud Architect Musings, 30 Jan. 2017. Accessed Aug 2022.
ICD. “The Growth in Connected IoT Devices Is Expected to Generate 79.4ZB of Data in 2025, According to a New IDC Forecast.” Business Wire, 18 June 2019. Accessed Oct 2022.
Internet of Things (IoT) and non-IoT active device connections worldwide from 2010 to 2025” Statista, 27 Nov. 2022. Accessed Nov. 2022.
Koch, Gunter. “The critical role of data management for autonomous driving development.” DXC Technology, 2021. Accessed Aug. 2022.
Morris, John. “The Pull of Data Gravity.” CIO, 23 Feb. 2022. Accessed Aug. 2022.
Nield, David. “Google's Quantum Computer Is 100 Million Times Faster Than Your Laptop.” ScienceAlert, 9 Dec. 2015. Accessed Oct. 2022.
Redman, Thomas C. “Seizing Opportunity in Data Quality.” MIT Sloan Management Review, 27 Nov. 2017. Accessed Oct. 2022.
Segovia Domingo, Ana I., and Álvaro Martín Enríquez. “Digital Identity: the current state of affairs.” BBVA Research, 2018. Accessed Aug. 2022.

Bibliography

“State of IoT 2022: Number of connected IoT devices growing 18% to 14.4 billion globally.” IOT Analytics, 18 May 2022. Accessed. 14 Nov. 2022.
Strod, Eran. “Data Observability and Monitoring with DataOps.” DataKitchen, 10 May 2021. Accessed Aug. 2022.
Sujay Vailshery, Lionel. “Edge computing market value worldwide 2019-2025.” Statista, 25 Feb. 2022. Accessed Oct 2022.
Sujay Vailshery, Lionel. “IoT and non-IoT connections worldwide 2010-2025.” Statista, 6 Sept. 2022. Accessed Oct. 2022.
Sumina, Vladimir. “26 Cloud Computing Statistics, Facts & Trends for 2022.” Cloudwards, 7 June 2022. Accessed Oct. 2022.
Taulli, Tom. “What You Need To Know About Dark Data.” Forbes, 27 Oct. 2019. Accessed Oct. 2022.
Taylor, Linnet. “What is data justice? The case for connecting digital rights and freedoms globally.“ Big Data & Society, July-Dec 2017. Accessed Aug 2022.
“Twitter: Data Collection With API Research Paper.” IvyPanda, 28 April 2022. Accessed Aug. 2022.
“Using governance automation to reduce data risk.” Nintex, 15 Nov. 2021. Accessed Oct. 2022
“Volume of data/information created, captured, copied, and consumed worldwide from 2010 to 2020, with forecasts from 2021 to 2025.” Statista, 8 Sept. 2022. Accessed Oct 2022.
Wang, R. “Monday's Musings: Beyond The Three V's of Big Data – Viscosity and Virality.” Forbes, 27 Feb. 2012. Accessed Aug 2022.
“What is a data fabric?” IBM, n.d. Accessed Aug 2022.
Yego, Kip. “Augmented data management: Data fabric versus data mesh.” IBM, 27 April 2022. Accessed Aug 2022.

Define Your Digital Business Strategy

After a major crisis, find your place in the digital economy.

Info-Tech Research Group

Info-Tech is a provider of best-practice IT research advisory services that make every IT leader’s job easier.

35,000 members sharing best practices you can leverage

Millions spent developing tools and templates annually

Leverage direct access to over 100 analysts as an extension of your team

Use our massive database of benchmarks and vendor assessments

Get up to speed in a fraction of the time

Analyst Perspective

Build business resilience and prepare for a digital economy.

Dana Daher
Senior Research Analyst

To survive one of the greatest economic downturns since the Great Depression, organizations had to accelerate their digital transformation by engaging with the Digital Economy. To sustain growth and thrive as the pandemic eases, organizations must focus their attention on building business resilience by transforming how they deliver value today.
This requires a value-driven approach to digital transformation that is capable of identifying what aspects of the business to transform, what technologies to embrace, what processes to automate, and what new business models to create. And most importantly, it needs to unify digital possibilities with your customer experiences.
If there was ever a time for an organization to become a digital business, it is today.

Executive Summary

Your Challenge

• Your organization has difficulty adapting new technologies or rethinking the existing business models.
• Your management lacks a framework to rethink how your organization delivers value today, which causes annual planning to become an ideation session that lacks focus.
• There is uncertainty on how to meet evolving customer needs and how to compete in a digital economy.

Common Obstacles

• Your organization might approach digital transformation as if we were still in 2019, not recognizing that the pandemic resulted in a major shift to an end-to-end digital economy.
• Your senior-most leadership thinks digital is "IT's problem" because digital is viewed synonymously with technology.
• On the other hand, your IT team lacks the authority to make decisions without the executives’ involvement in the discussion around digital.

Info-Tech’s Approach

• Design a strategy that applies innovation to your business model, streamline and transform processes, and make use of technologies to enhance interactions with customers and employees.
• Use digital for transforming non-routine cognitive activities and for de-risking key elements of the value chain.
• Create a balanced roadmap that improves digital maturity and prepares you for long-term success in a digital economy.

Info-Tech Insight

After a major crisis, focus on restarting the growth engine and bolstering business resilience.

Your digital business strategy aims to transform the business

Digital Business Strategy

• Looks for ways to transform the business by identifying what technologies to embrace, what processes to automate, and what new business models to create.
• Unifies digital possibilities with your customer experiences.
• Accountability lies with the executive leadership.
• Must involve cross-functional participation from senior management from the different areas of the organization.

IT Strategy

• Aims to identify how to change, fix, or improve technology in support of the organization’s business strategy.
• Accountability lies with the CIO.
• Must involve IT management and gather strategic input from the business.

Becoming a digital business

Automate tasks to free up time for innovation.

Business activities (tasks, procedures, and processes, etc.) are used to create, sell, buy, and deliver goods and services.

When we convert information into a readable format used by computers, we call this digitization (e.g. converting paper into digital format). When we convert these activities into a format to be processed by a computer, we have digitalization (e.g. scheduling appointments online).

These two processes alter how work takes place in an organization and form the foundation of the concept digital transformation.

We maintain that digital transformation is all about becoming a “digital business” – an organization that performs more than 66% of all work activities via executable code.

As organizations take a step closer to this optimal state, new avenues are open to identify advances to promote growth, enhance customer experiences, secure sustainability, drive operational efficiencies, and unearth potential future business ventures.

Key Concepts:

Digital: The representation of a physical item in a format used by computers

Digitization: Conversion of information and processes into a digital format

Digitalization: Conversion of information into a format to be processed by a computer

Why transform your business?

COVID-19 has irrefutably changed livelihoods, businesses, and the economy. During the pandemic, digital tools have acted as a lifeline, helping businesses and economies survive, and in the process, have acted as a catalyst for digital transformation.

As organizations continue to safeguard business continuity and financial recovery, in the long term, recovery won’t be enough.

Although many pandemic/recession recovery periods have occurred before, this next recovery period will present two first-time challenges no one has faced before. We must find ways to:

• Recover from the COVID-19 recession.
• Compete in a digital economy.

To grow and thrive in this post-pandemic world, organizations must provide meaningful and lasting changes to brace for a future defined by digital technologies. – Dana Daher, Info-Tech Research Group

We are amid an economic transformation

What we are facing today is a paradigm shift transforming the ways in which we work, live, and relate to one another.

In the last 60 years alone, performance and productivity have been vastly improved by IT in virtually all economic activities and sectors. And today, digital technologies continue to advance IT's contribution even further by bringing unprecedented insights into economic activities that have largely been untouched by IT.

As technological innovation and the digitalization of products and services continue to support economic activities, a fundamental shift is occurring that is redefining how we live, work, shop, and relate to one another.

These rapid changes are captured in a new 21st century term:

The Digital Economy.

90% of CEOs believe the digital economy will impact their industry. But only 25% have a plan in place. – Paul Taylor, Forbes, 2020

Analyst Perspective

Become a Digital Business

Kenneth McGee
Research Fellow

Today, the world faces two profoundly complex, mega-challenges simultaneously:

1. Ending the COVID-19 pandemic and recession.
2. Creating strategies for returning to business growth.

Within the past year, healthcare professionals have searched for and found solutions that bring real hope to the belief the global pandemic/recession will soon end.

As progress towards ending COVID-19 continues, business professionals are searching for the most effective near-term and long-term methods of restoring or exceeding the rates of growth they were enjoying prior to 2020.

We believe developing a digital business strategy can deliver cost savings to help achieve near-term business growth while preparing an enterprise for long-term business growth by effectively competing within the digital economy of the future.

The Digital Economy

The digital economy refers to a concept in which all economic activity is facilitated or managed through digital technologies, data, infrastructure, services, and products (OECD, 2020).

The digital economy captures decades of digital trends including:

• Declining enterprise computing costs
• Improvements in computing power and performance; unprecedent analytic capabilities
• Rapid growth in network speeds, affordability, and geographic reach
• High adoption rates of PCs, mobile, and other computing devices

These trends among others have set the stage to permanently alter how buying and selling will take place within and between local, regional, national, and international economies.

The emerging digital economy concept is so compelling that the world economists, financial experts, and others are currently investigating how they must substantially rewrite the rules governing how taxes, trade, tangible and intangible assets, and countless other financial issues will be assessed and valued in a digital economy.

Download Info-Tech’s Digital Economy Report

Signals of Change

The digital economy captures technological developments transforming the way in which we live, work, and socialize

Technological evolution

Info-Tech’s approach to digital business strategy

A path to thrive in a digital economy.

1. Identify top value chains to be transformed
2. Identify a digitally enabled growth opportunity
3. Transform stakeholder journeys
4. Build a digital transformation roadmap

Info-Tech Insight

Pre-pandemic digital strategies have been primarily focused on automation. However, your post-pandemic digital strategy must focus on driving resilience for growth opportunities.

The Info-Tech difference:

• Understand how your organization creates value today to identify opportunities for digital transformation.
• Leverage strategic foresight to evaluate how complex trends can evolve over time and identify opportunities to leapfrog competitors.
• Design a journey map to empathize with your customers and identify opportunities to streamline or enhance existing and new experiences.
• Create a balanced roadmap that improves digital maturity and prepares you for long-term success in a digital economy.

A digital transformation starts by transforming how you deliver value today

As digital transformation is an effort to transform how you deliver value today, it is important to understand the different value-generating activities that deliver an outcome for and from your customers.

We do this by looking at value streams –which refer to the specific set of activities an industry player undertakes to create and capture value for and from the end consumer (and so the question to ask is, how do you make money as an organization?).

Our approach helps you to digitally transform those value streams that generate the most value for your organization.

Higher Education Value stream

Recruitment → Admission → Student Enrolment → Instruction & Research → Graduation → Advancement

Local Government Value Stream

Sustain Land, Property, and the Environment → Facilitate Civic Engagement → Protect Local Health and Safety → Grow the Economy → Provide Regional Infrastructure

Manufacturing Value Stream

Design Product → Produce Product → Sell Product

Visit Info-Tech’s Industry Coverage Research to identify your industry’s value streams

Assess your external environment to identify new value generators

Assessing your external environment allows you to identify trends that will have a high impact on how you deliver value today.

Traditionally, a PESTLE analysis is used to assess the external environment. While this is a helpful tool, it is often too broad as it identifies macro trends that are not relevant to an organization's addressable market. That is because not every factor that affects the macro environment (for example, the country of operation) affects a specific organization’s industry in the same way.

And so, instead of simply assessing the macro environment and trying to project its evolution along the PESTLE factors, we recommend to:

• Conduct a PESTLE first and deduce, from the analysis, what are possible shifts in six characteristics of an organization’s industry, or
• Proceed immediately with identifying evolutionary trends that impact the organization’s direct market.

Info-Tech Insight

While PESTLE is helpful to scan the macro environment, the analysis often lacks relevance to an organization’s industry.

An analysis of evolutionary shifts in five industry-specific characteristics would be more effective for identifying trends that impact the organization

A Market Evolution Trend Analysis (META) identifies changes in prevailing market conditions that are directly relevant to an organization’s industry, and thus provides some critical input to the strategy design process, since these trends can bring about strategic risks or opportunities.
Shifts in these five characteristics directly impact an organization:

ORGANIZATION

• Customer Expectations
• Talent Availability
• Regulatory System
• Supply Chain Continuity
• Technological Landscape

Capture existing and new value generators through a customer journey map

As we prioritize value streams, we break them down into value chains – that is the “string” of processes that interrelate that work.

However, once we identify these value chains and determine what parts we wish to digitally transform, we take on the perspective of the user, as the way they interact with your products and services will be different to the view of those within the organization who implement and provide those services.

This method allows us to build an empathetic and customer-centric lens, granting the capability to uncover challenges and potential opportunities. Here, we may define new experiences or redesign existing ones.

A digital transformation is not just about customer journeys but also about building business resilience

Pre-pandemic, a digital transformation was primarily focused around improving customer experiences. Today, we are facing a paradigm shift in the way in which we capture the priorities and strategies for a digital transformation.

As the world grows increasingly uncertain, organizations need to continue to focus on improving customer experience while simultaneously protecting their enterprise value.

Ultimately, a digital transformation has two purposes:

1. The classical model – whereby there is a focus on improving digital experiences.
2. Value protection or the reduction of enterprise risk by systematically identifying how the organization delivers value and digitally transforming it to protect future cashflows and improve the overall enterprise value.

Key deliverable:

Digital Business Strategy Presentation Template

A highly visual and compelling presentation template that enables easy customization and executive-facing content.

*Coming in 2022

Blueprint deliverables

The Digital Business Strategy Workbook supports each step of this blueprint to help you accomplish your goals:

Initiative Prioritization

Use the weighted scorecard approach to evaluate and prioritize your opportunities and initiatives.

Roadmap Gantt Chart

Populate your Gantt chart to visually represent your key initiative plan over the next 12 months.

Journey Mapping Workbook

Populate the journey maps to evaluate a user experience over its end-to-end journey.

Info-Tech offers various levels of support to best suit your needs

DIY Toolkit

“Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”

Guided Implementation

“Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

Workshop

“We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

Consulting

“Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

Diagnostics and consistent frameworks used throughout all four options

Guided Implementation

What does a typical GI on this topic look like?

A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.
A typical GI is between 8 to 12 calls over the course of 2 to 4 months.

Workshop Requirements

Business Inputs

Gather business strategy documents and find information on:

• Business goals
• Current transformation initiatives
• Business capabilities to create or enhance
• Identify top ten revenue and expense generators
• Identify stakeholders

Interview the following stakeholders to uncover business context information:

• CEO
• CIO

Download the Business Context Discovery Tool

Optional Diagnostic

• Assess your digital maturity (Concierge Service)

Visit Assess Your Digital Maturity

Phase 1

Identify top value chains to be transformed

• Understand the business
• Assess your business ecosystem
• Identify two value chains for transformation

This phase will walk you through the following activities:

Understand how your organization delivers value today and identify value chains to be transformed.

This phase involves the following participants:

A cross-functional cohort across all levels of the organization.

Outcomes

• Business ecosystem
• Existing value chains to be transformed

Step 1.1

Understand the business

Activities

• Review business documents.

Identify top value chains to be transformed

This step will walk you through the following activities:

In this section you will gain an understanding of the business context for your strategy.

This step involves the following participants:

A cross-functional cohort across levels in the organization.

Outcomes of this step

Business Context

Understand the business context

Understanding the business context is a must for all strategic initiatives. A pre-requisite to all strategic planning should be to elicit the business context from your business stakeholders.

1.1 Understand the business context

Objective: Elicit the business context with a careful review of business and strategy documents.

1. Gather the strategy creation team and review your business context documents. This includes business strategy documents, interview notes from executive stakeholders, and other sources for uncovering the business strategy.
2. Brainstorm in smaller groups answers to the question you were assigned:
   • What are the strengths and weaknesses of the organization?
   • What are some areas of improvement or opportunity?
   • What does it mean to have a digital business strategy?
3. Discuss the questions above with participants and document key findings. Share with the group and work through the balanced scorecard questions to complete this exercise.
4. Document your findings.

Assess your digital readiness with Info-Tech’s Digital Maturity Assessment

Input

• Business Strategy Documents
• Executive Stakeholder Interviews

Output

• Business Context Information

Materials

• Collaboration/ Brainstorming Tool (whiteboard, flip chart, digital equivalent)

Participants

• Executive Team

Step 1.2

Assess your business ecosystem

Activities

• Identify disruptors and incumbents.

Info-Tech Insight

Your digital business strategy cannot be formulated without a clear vision of the evolution of your industry.

Identify top value chains to be transformed

This step will walk you through the following activities:

In this section, we will assess who the incumbents and disruptors are in your ecosystem and identify who your stakeholders are.

This step involves the following participants:

A cross-functional cohort across levels in the organization.

Outcomes of this step

Business Ecosystem

Assess your business ecosystem

Understand the nature of your competition.

Learn what your competitors are doing.

To survive, grow, or transform in today's digital era, organizations must first have a strong pulse on their business ecosystem. Learning what your competitors are doing to grow their bottom line is key to identifying how to grow your own. Start by understanding who the key incumbents and disruptors in your industry are to identify where your industry is heading.

Incumbents: These are established leaders in the industry that possess the largest market share. Incumbents often focus their attention to their most demanding or profitable customers and neglect the needs of those down market.

Disruptors: Disruptors are primarily new entrants (typically startups) that possess the ability to displace the existing market, industry, or technology. Disruptors are often focused on smaller markets that the incumbents aren’t focused on. (Clayton Christenson, 1997)

’Disruption’ specifically refers to what happens when the incumbents are so focused on pleasing their most profitable customers that they neglect or misjudge the needs of their other segments.– Ilan Mochari, Inc., 2015

Example Business Ecosystem Analysis