1. Introduction
This article aims to offer targeted guidance rather than comprehensive coverage, focusing on essential topics for achieving quick wins in cloud, hybrid, and on-premises IT environments.
A primary function of IT management is to oversee and enhance all IT assets that drive and support business processes. This collection of assets, increasingly termed the "digital estate," encompasses various IT infrastructure technologies, including identities, devices, networking, client and server applications, and data.
2. Infrastructure: security, sustainability, affordability
In the broader context of digital estate, infrastructure must be fortified not only against cyberattacks but also in terms of high availability, business resilience, data integrity, access controls, and confidentiality. These fundamental security aspects are pivotal for sustained success and will be delineated across different data estate categories in section "Governance." It’s worth noting here that each topic should be tied to distinct metrics, such as RTO/RPO for data, MTBF/MTTR for systems, and MTTD/MTTR for SOC, to enable quantitative assessment.
Sustainability is not merely a prestigious pursuit. It underscores corporate social responsibility, drives cost optimization strategies, and eventually contributes to environmental protection. Enterprises should prioritize sustainable products with long-term life cycles, establish principles of reuse before recycling, and consider factors like energy consumption and carbon emissions when deploying cloud resources. For instance, they should prefer cloud platforms powered by renewables and minimize the ecological footprint of cloud workloads to only what is necessary, avoiding overprovisioning.
Affordability constitutes the third pillar of IT infrastructure management. Total Cost of Ownership (TCO) and Return on Investment (ROI) controls are essential for assessing the monetary impact of strategic goals. Alignment with business leadership, defining goals, establishing outcomes, and articulating financial considerations in collaboration with relevant stakeholders are crucial.
Conversely, cost reduction should not be pursued in isolation but as one of many principles to achieve realistic and affordable business goals. Other principles, such as simplification and optimization, will be discussed in section "Processes."
3. Governance: identities, data, applications
Within the data estate, three primary categories are identities, data, and applications.
As IT transitions to cloud solutions, protecting and securing IT environments has shifted from network protection to identity governance. Identities now encompass any authentication-enabled entity, including personal accounts, devices, service principals, registered apps, or API integrations. The Confidentiality, Integrity, and Availability (CIA) triad model, initially established for information security, is equally applicable to identity security and access management. The Zero Trust security model naturally extends the CIA model, and both should be applied complementarily.
Data, or electronic records, constitute the primary store of business information values, encompassing not only business documents but also code, configurations, event and audit logs, metrics, and diagnostics. To safeguard these values, build upon the CIA triad model and add resiliency as a fourth parameter. Business Resiliency (BR) methodology assumes breach and focuses on reducing or isolating the impact, mitigating damages, and rapidly restoring full operations, relying on mature backup and restore procedures. Additionally, Data Governance, Risk, and Compliance (GRC) methodology ensures alignment with industry standards and government regulations while safeguarding against data theft, disclosure, loss, privacy breaches, retention violations, or unauthorized access.
Applications serve as the primary carriers of business information processes. Alongside identity and data governance, IT management should establish application governance. Regardless of source and platform, application lifecycle management is crucial. Even when exclusively using Out-of-the-Box (OOB) applications and Software as a Service (SaaS) solutions, critical lifecycle areas such as planning, testing, deployment, operation, tracking, and monitoring are still relevant. These areas enforce defined company standards, mitigate the risk of shadow IT, provide foundations for vulnerability and patch management, and further safeguard data and identities.
In summary, the models and best practices outlined above are mutually indispensable, emphasizing that CIA, Zero Trust, BR, GRC, and lifecycle management are equally vital for all data estate categories.
4. Processes: standardization, simplification, optimization
When designing and implementing processes within IT functions, three fundamental principles should be considered: standardization, simplification, and optimization.
Standardization, aimed at delivering uniform, consistent, and repeatable methods of work, extends beyond mere compliance with industry regulations. Even in unregulated environments, it ensures consistent results over time and place, reducing the risk of misconfiguration or unexpected outcomes. By promoting operational alignment, standardization also lays the groundwork for improving quality, performance, and traceability.
Simplification is paramount for successful IT management and operations. Across project management, operational procedures, and infrastructure architecture, reducing complexity, dependencies, and redundancies guarantees rapid services, enhances manageability, and fosters greater observability and predictability.
Process optimization is essential for enhancing effectiveness. While greater effectiveness typically implies higher productivity in general business terms, in the context of IT management, optimization targets identifying inefficiencies, complexities, bottlenecks, or obstacles, and providing solutions to eliminate or mitigate them. It’s crucial to prioritize optimizing processes and technologies over people and headcounts.
In summary, these principles serve to improve the IT management stance, reciprocally enhancing operational excellence and performance.
5. Deliverables: reliability, continuity, future-proofness
While the term "deliverables" is commonly used in project or product management, IT management also delivers benefits and added value to the business. IT management provides a range of services, including support, operations, innovation, and digital transformation, which constitute deliverables. From a business standpoint, however, when enterprise leadership speaks about keeping systems operational, it primarily expects reliability in securing digital assets and achieving market success.
Reliability stands as the foremost aspect of deliverables, but it should also be enduring. On the one side, business continuity planning is crucial for ensuring the intended functionality of IT infrastructure, covering aspects such as availability, resiliency, and recovery. On the other side, continuity extends beyond maintaining operational stability to include consistency in architectural design and strategic principles.
A natural progression of continuity entails future-proofness and ensures that IT solutions are designed with long-term visions and predictions in mind. Sustainability can also be viewed from a future-proofness perspective. Other significant examples include agility, modernization, and innovation, but these principles should not be pursued as ends in themselves. Instead, they should be used judiciously and aligned with the operating model methodologies discussed below to adapt to evolving business needs.
In summary, IT management delivers stability and confidence by focusing on reliability, continuity, and future-proofness.
6. Operating Models: ITSM, ITOM, DevSecOps
To structure an effective operating model, best practices and methodologies like IT Service Management (ITSM) and IT Operations Management (ITOM) are indispensable.
When discussing ITSM, it is essential to examine two key points. First, services extend beyond mere support, which in itself caters to a diverse spectrum of customers, including internal and external users, business partners, infrastructure operators, developers, project managers and product owners. Second, service management and operations management (ITOM) are intricately interconnected in practice. While distinct in theory, ITOM relies on continuous feedback and collaboration with ITSM, while ITSM is grounded in operational best practices, procedural frameworks, prioritization, risk assessment, and performance measurement.
When integrating service and operations management into a unified IT collective, it’s important to recognize that frameworks such as COBIT, DevOps, and ITIL are not mutually exclusive; instead, they should be tailored and combined to suit business needs. Even older versions of ITIL cover the complete lifecycle model of IT services management, including operations, transition, design, and strategy. Processes such as incident, problem, change, release, project, knowledge, risk, and compliance management span a broad spectrum of IT management, but also demand considerable time and effort for implementation.
With the rise of security operations, the collaboration between Ops and security teams has led to the formation of unified SecOps teams. In this article, DevSecOps transcends mere principles and tools to provide security testing and integration into CI/CD pipelines and proposes a cultural shift where development, IT operations, and IT security teams work together, achieving personal, organizational, and technical integration. A unified DevSecOps model should prioritize automation with quality and security controls, enhancing development and delivery speed, flexibility, and performance.
In summary, an effective IT operating model emphasizes tight integration of functions rather than fragmentation. It also acknowledges that a single operational model framework may not fit all needs—an agile methodology suitable for project management may be less applicable for end-user support or security incident management.
7. Summary
This article aims to provide essential guidance for IT managers seeking to enhance their understanding of key concepts and methodologies in IT management. Through concise explanations and practical insights, it offers a structured overview of topics such as infrastructure, governance, processes, deliverables, and operating models, empowering IT architects and managers to make informed decisions and improve their effectiveness. By balancing comprehensiveness with accessibility, the article aims to serve as a valuable resource for an audience looking to navigate the complexities of IT management with confidence.