Information technology infrastructure library version 3 has been released, and periodicals and blogs are buzzing with questions such as: “How does this differ from version 2,” and “What is a configuration management system (CMS) versus a configuration management database (CMDB)?” While the fundamental process for ITIL implementation has not changed, stories of good and bad implementations keep spotlighting IT personnel as the most difficult aspect to control. This point was underscored at the Gartner IT Infrastructure, Operations and Management Summit 2007, Orlando, Florida with a poll from the ITIL session that asked more than 150 attendees what the primary driver of ITIL adoption is. Fifty-seven percent of respondents said the primary driver is to improve quality of services. However, of those polled, 30 percent of those polled said the most significant challenge to implementing ITIL is too much change in the IT culture.¹

Larger organizations establish change management boards that must authorize all changes in advance. These new boards add an additional level of complexity, as another oversight layer is introduced to govern change aspects of individual IT silos. Overcoming resistance from system administrators who are not ready to adopt a more formalized process - or are unwilling to give up control of their IT silo - can destabilize or even stall the most well thought out ITIL attempts. The market needs a change and configuration management tool that is integrated and capable of scaling across all IT resources to create holistic visibility into the infrastructure from a business services perspective. This tool should allow IT administrators to maintain control within their specific areas and not be a bundle of isolated management tools that bring low intrinsic value to delivering these services. Where do we start? Perhaps a bottom-up view will help.

According to, the definition of ITIL is as follows:

ITIL is a framework of best practice approaches intended to facilitate the delivery of high-quality information technology (IT) services. ITIL outlines an extensive set of management procedures that are intended to support businesses in achieving both high financial quality and value in IT operations. These procedures are supplier-independent and have been developed to provide guidance across the breadth of IT infrastructure, development and operations.²

It’s clear that the main activities of configuration management within the ITIL process are planning, identification, configuration control, status accounting and verification. They all lead to better controlling change in an increasingly complex and interdependent IT environment. Furthermore, following this process helps to ensure that a standardized method and procedure is used for handling changes, in order to minimize the impact of change-related problems upon the service quality of an organization.

However, it’s the holy grail element of managing change in physical, logical and virtual resources in a unified manner and at the right level of granularity that is so elusive. What’s needed is a tool that scales across all IT silos (network, server, applications and virtualization) and allows each individual silo administrator to maintain their unique perspective relative to governance. The outcome of their governance should then be shared with a federated CMDB so holistic decisions can be made regarding business services. This approach makes sense to both small and large companies and has its focus in the right place - business services. ITIL is effective in both small companies and large companies, though for different reasons. Small companies use ITIL to define the different roles an IT person may have to play in the context of IT service management. Large companies use ITIL to improve communications between disparate groups. Drivers are different too. For big companies, it's compliance mandates such as Sarbanes-Oxley Act (SOX), Payment Card Industry (PCI) or Health Insurance Portability and Accountability Act (HIPAA). Small companies want to use ITIL to increase their competitiveness and improve processes. IT staff in organizations that adopt ITIL version 3 are less focused on technology; they are more focused on the business and business outcomes and linking them back to the technology. There will always be a layer of technology managers whose main focus is technical, but the number of those people overall will decrease.3

People First, Tools Second

Perhaps a glimpse into a recent customer installation will help illustrate how new change and configuration management tools help people as well as processes. The customer is a large retail chain with over 600 stores and operations worldwide. They are trying to manage more than 10,000 connected devices throughout the IT infrastructure. The business challenges for the global operations are:

  • Lowering the cost of PCI data security standard (DSS) compliance,
  • Preventing security breaches,
  • Automating manual processes and
  • Breaking down the silos of IT operations.

The security group responsible for PCI compliance has to work with various silos of IT operations throughout network (i.e., Windows servers, Linux servers and Solaris groups), each of which controls access to the devices and data in their individual domains. There is a rigorous manual change management process that is followed. Yet, the lack of visibility into the global network and absence of an operational CMDB makes response to the self-assessment questionnaire of PCI DSS a challenge.

The customer needed a solution for managing change that provided automation with visibility and control in a manner that integrated smoothly with people, process and technology. In the short-term, the customer was simply seeking to lower the company’s cost of achieving PCI compliance. However, the benefits of continuous compliance apply to any operational or regulatory compliance requirements.

Successful deployment of automation projects will yield short-term and long-term benefits. In the short term, it should provide immediate relief in terms of visibility, reporting and compliance. In the longer term, it should result in higher availability of business services, which means lowering of business risk from IT through better customer satisfaction and efficiency of operations.

Anyone embarking on ITIL projects should follow the following steps to help alleviate the personal politics and create a more unified flow of data across all IT domains:

  • Clearly define a measurable objective for the project (e.g., achieve PCI compliance by end of the year).
  • Do an assessment of the tangible benefits. If you won't see any difference within six months, the project is too broad in scope.
  • Create a task force and assign team members to "own" specific tasks and processes.
  • Ensure effective communication between task force staff members. Publicize the progress results within the organization.

To get the IT staff on the same page, measure results. It gets attention and applies some pressure on the team for positive results.

Get the CIO to champion your efforts - empowering the entire team to succeed.


  1. Bridget Botelho. “Gartner Analyst Warns against common ITIL traps.”,289142,sid80_gci1260522,00.html
  2. “What is ITIL.”
  3. Megan Santosus. "ITIL v3 contributor Reflects on IT's changing focus,", June 5, 2008

Register or login for access to this item and much more

All Information Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access