Storage services groups have two main goals: to offer great storage services to business units and end users, and to cut IT costs. Although achieving these goals should be a primary focus, the storage group doesn't work in a vacuum. Storage service plans need to be well coordinated with overall IT strategy, direction and initiatives. This is exactly where things get dicey. Years of hype, technology churn and marginal ROI are driving major changes in IT departments. Outside influences like regulatory compliance and security threats will receive more and more IT attention. And budget dollars, which once ran like water, will continue to be tight for a long time.
Before proceeding with any independent plans, storage service managers need to prepare for these impending changes. Three of the most important trends to get ready for are IT governance, security strategy and the budget crunch.
Restoring sanity in IT governance
Let's face it, the period of time from 1995 through 2000 amounted to a five-year fire drill. Those days are gone forever. CIOs realize that they need a much stricter regimen of processes and procedures to improve operations, lower costs and cope with complexity. IT governance defines every day processes and procedures like configuration management, change management, incident management, availability management, capacity management and service-level management in a step-by-step, detailed manner. The two most popular IT governance models are the Information Technology Infrastructure Library (ITIL) and the Control Objectives for Information and Related Technologies (CobiT).
These best practices aren't the sexy part of IT that vendors and analyst tend to talk about, but they do help companies improve upon IT services and reduce costs. The results can be impressive. After adding ITIL standards to IT operations, Proctor & Gamble reduced its IT operating costs by 8%, while Help Desk calls declined by 10%.
Before putting your own operations plan in place, storage service managers should find out if the company is planning on moving toward an ITIL or CobiT model. If the answer is yes, structure the storage operations processes and procedures with this in mind. This will require a full understanding of what information needs to be collected and documented, what metrics will be required and which other groups within IT the storage services group will be working with. Training will also be important. The CIO will probably foot the bill for global ITIL or CobiT training, but the storage services group may want to customize a training class for its own purposes.
If your firm has no plans to move toward formal corporate governance, it's still worthwhile to look at the ITIL and CobiT specifications as a potential best practice model. After a review, storage service managers may come up with a few good ideas of their own. After all, these are widely supported international standards.
Companies have embraced the Internet as a vital business and communications tools but these benefits come with a price--greater security risk. According to the CERT Coordination Center, a center of Internet security expertise, computer viruses alone cost companies $15 billion in 2001. Many firms felt this pain directly by way of unwanted guests like Code Red or Nimda.
In a recent Morgan Stanley survey of 225 CIOs, security was their number two priority. This is especially true for companies in regulated industries. For example, the Graham-Leach-Bliley bill places new security requirements on financial services firm, while the Health Insurance Portability and Accounting (HIPPA) Act of 1996 creates pressures on healthcare providers.
When it comes to information security, many companies and IT departments are in transition. In the past, security was viewed as a technology problem that firewalls, intrusion detection systems, and virus protection could address. Numerous firms now realize that a technology-based view of security was too narrow and have expanded their efforts to include a combination of physical security, corporate security policies, and cultural changes. Like corporate governance, companies look to outside standards such as ISO 17799 for guidance in this area. ISO 17799 is a comprehensive set of security best practices including business continuity planning, system development and maintenance, physical/environmental security and security policy.
What has all this security activity have to do with storage services? Plenty. Just as with ITIL and CobiT, security is bound to introduce the need for new processes and skills within the storage group:
- Storage devices and software will need to be tested and monitored for security vulnerabilities;
- When any vulnerability arises, devices will need to be assessed for risk and patched as necessary, which may mean taking storage offline at a moment's notice;
- The storage team will be required to participate in a security emergency response team to isolate problems, minimize damage and perform computer forensics;
- Physical security may need to be enhanced and supported by sophisticated authentication technologies like biometrics;
- Due to the sensitive nature of the corporate data, managers may be required to do extensive background checks on potential hires; and finally
- If your company plans on implementing ISO 17799, the storage services group will have to coordinate with the security officer on a whole new set of guidelines for business continuity planning.
If your company has a chief information security officer, (CISO) make sure you open communications with them to understand any impending changes that will impact the storage group. If there is a plan to go forward with ISO 17799, get familiar with the specification and get involved with the planning effort. Upfront planning will help the storage services group adjust strategy, amend budgets and factor new costs into its service offerings.
Welcome to the crunch
The days of double digit growth in the IT budget are gone for a while--if not forever. Recent surveys by Forrester Research and IDC project that IT budgets will remain flat in 2003. Given the uncertain economy and geopolitical instability, only a fool would venture a guess at what will occur in 2004. This means CIOs must do more with less and increase the efficiency of IT. In an Information Week survey of IT executives, 85% of CIOs said that getting better return on IT capital investment was among their top five priorities.
These financial trends have several important ramifications for storage services. First, storage service groups are competing for precious budget dollars with networking, application development, security, etc. According to Morgan Stanley, storage is low on the list. In its survey of CIOs, storage hardware ranked as their 12th priority, while storage software ranked 23rd.
To deal with this reality, make sure that plans for storage requirements, capacity growth and staffing are conservative and rigorous. Remember: There won't be any money in the kitty for surprises down the line. You should select key vendors and work with them for discount and financing options.
One other thing to bear in mind--the storage services group isn't in it alone. Every functional area within IT is impacted by the new fiscal policies. While this will drive competition for budget dollars, it also means that other groups will be developing similar service models to drive efficiency out of their own groups.
Smart storage service managers will check with peers to explore for new ideas and common ground. How will the networking group do its billing? What metrics will the systems group use to gauge customer satisfaction? How will telecom do reporting? The answers to these questions may help deliver storage services faster and cheaper while they establish consistency across disparate IT services.
The structure of IT is transforming and priorities are radically changing. This transformation will take place on a consistent shoestring budget for some time to come. Savvy storage service managers will stay ahead of these trends through a continuous effort of planning, training and cooperation with their peers.