Why should Operation managers worry about monitoring Changes in their environment? What is the benefit to them? What pain points shall change monitoring address?
We in GSX have long ago recognised the growing criticality of ITIL in regards to IT operations management, hence, in this post we shall step you through Change monitoring and its importance to IT Managers via ITIL and ITIL Operational Processes.
While Key ITIL Processes such as Availability Management, Capacity and Release Management also greatly benefit from having a change monitoring system in place, the positive impact of Change Monitoring can be immediately correlated to the operational processes.
Lets start with the obvious, Change Management
Change management impacts on ALL aspects of the organization, Operations and applications; the change management procedure can be very formalised or relatively straightforward, irrespective of the complexity there is one underlying fundamental, all changes are managed and authorised, there are no unauthorised changes. Without a change monitoring system in place how do you know that an unauthorised change has occurred? Are you reactive and only know about these changes when there is a security breech? Or when Service is negatively impacted? Or you fail an audit? Even if there are no unauthorised changes, how can you track and log authorised changes? Having a Change Monitoring System automatically monitor for changes to critical configuration items will strengthen and enforce your corporate Change Management procedure, unauthorised changes (Sometimes termed as black changes) can be quickly identified and addressed and if needed, backed out. Having an automated Change monitoring system in place is an incredibly powerful tool to assist in enforcing the organizations Change Management Policy, no matter how complex or how simple the policy or the organization is.
An event is an occurrence that has an impact on the management of the IT infrastructure or the delivery of the IT service, if an event has occurred you need to be able to track the root cause and rectify ASAP to mitigate any negative impact to the Service and hence the business. In Event Management it is critical to rapidly identify the root cause, having an effective change monitoring system in place can rapidly assist in identifying the change that generated the event (it is an authorised or unauthorised change) and is a key component in an event resolution and management.
Incident Management is an unplanned interruption to the service, normally resulting in a negative impact to the business, an incident can result from an event. Having a change monitoring (With alerting capabilities) in place, can be of tremendous assistance with your incident management process. Not only can it assist you identify the root cause of the incident, if you have real time alerting in place, you may catch the change and resolve the incident before the business even realises that there is an issue. All operations teams want to be in the position where they are proactive and identify and resolve incidents Before the business even realises that there was an issue Proactive incident management.
Problem management is closely linked with Incident Management, in brief, problem management includes the activities required to investigate and if possible resolve the root cause of incidents. Sometimes there is an obvious one to one relationship between a cause and an incident, something happens, it generates an incident, the cause is identified, fixed and the incident is closed, never to reoccur. However, sometimes incidents keep repeating without an obvious cause, here is where we recognise that we have similar incidents and identify that we have an underlying problem that is generating multiple incidents. Having a Change monitoring system in place can be of tremendous assistance with your problem management process and assist with rapidly identifying the problem root cause. For instance if you have a recurring incident that occurs at a specific time then it makes sense to go through your change management reports to see if there is any consistency with changes that were implemented around the same time.
We once had a reoccurring issue where customers lost access to a database around the same time every day. But when we investigated all access rights were correct and accurate. By setting alerts on the groups that managed access to those databases we identified that a scheduled rouge agent was removing and then re-adding user access at a specific time every day. If we had had a Change Monitoring system in place initially we would have found the agent before it had a negative impact on the business, but without implementing Change monitoring it would have taken a lot longer to identify and resolve the problem root cause and restore levels of service delivery to acceptable levels of quality.
Access management relates to ensuring that individuals have the required access use a service, at the level they are entitled to. A Change Monitoring system can support the Access Management process in multiple ways but there are two obvious and critical supports.
To ensure that those that those that have access to and are making changes to key configuration items, SHOULD actually have that level of access. To ensure that there are not individuals with incorrectly elevated admin levels of access that are making changes that are in turn granting incorrect levels of access to others.
In the instance that a change was made that resulted in an issue, a change monitoring system can assist in identifying who made the change, whether the individual who made the change was authorised to make this change and assist in assessing whether the individual that implemented a change that had a negative impact has the correct access levels relating to their position and experience.
Organizations are constantly changing and evolving at the individual, infrastructure and system level, without change an organization would stagnate, there needs to controls around change but these controls must be as flexible as possible, with minimum overhead, to ensure that an organisation can respond rapidly to changing markets. From an operational perspective, and, the Key Service Operational Management Processes the operational teams need a secure mechanism (such as 360) to assist with implementing approved change, but also require automated, flexible change monitoring systems in place to identify and track unauthorised changes, report on the implementation of authorised changes or give advance warning of un-anticipated changes before these changes negatively impact on the business.