Will ITIL make SOA governable?
The UK gave us the Beatles, Monty Python, Stephen Hawking, and now, ITIL. There's more interest brewing on this side of the Atlantic pond these days in the IT Infrastructure Library. Consultants are springing up all over the place, and lately, IBM Tivoli and other enterprise vendors have been talking up ITIL, baking methodologies into their service and infrastructure offerings. (A very good summary of the history, philosophy, and prospects for ITIL can be found in Government Technology magazine.)
ITIL, in the words of its sponsor (UK Office of Government Commerce), provides "a cohesive set of best practice, drawn from the public and private sectors internationally. It is supported by a comprehensive qualifications scheme, accredited training organizations, and implementation and assessment tools." The six key processes covered by ITIL include service desk, incident management, problem management, configuration management, change management, and release management.
ITIL is akin in many ways, especially in intent, to the ISO (International Standards Organization) process-improvement guidelines, which are designed to codify quality and service management within operations across the globe. Thus, it can be assumed if a data center with which you are contracting for services says it incorporates ITIL methodologies, it should meet some level of best practices, particularly around the six processes described in the first paragraph.
ITIL may even pave the way toward better SOA as well. The common thread between ITIL and SOA was articulated by a post by D.L. Tyler, who pointed out that ITIL makes it easier to implement SOA:
"Companies look to SOA for lots of reasons, to integrate systems, to create visibility, to standardize on XML, or whatever. Yet, no matter the purpose of the initiative or the desired end state, I have found it easier to implement SOA in environments that have ITIL/ITSM. Remember, SOA is not about Web services, it is about an approach that creates agility and responsiveness in both IT and business. That responsiveness to environmental conditions requires monitoring, reporting, and responding; ITIL/ITSM focuses on just that."
The bottom line: ITIL is all about governance, and SOA needs a good healthy dose of governance to move to the next level. Helping IT get its arms around multi-pronged issues such as versioning and change management can mean making that leap from Just a Bunch of Web Services (JBOWS) to SOA.
However, one industry observer says ITIL has grown too big, and too global, for its current home, and is hampered by barriers to entry and a general misunderstanding in the industry.
RedMonk's James Governor observes, for example, that ITIL is owned by UK Office of Government Commerce, which charges for ITIL reference materials. "ITIL has outgrown the OGC. It outgrew the public sector, and the UK long ago." Governor added an update that indicates that things may be improving on this front, as British Standard 15000 on IT Service Management, "which is aligned to ITIL, is being adopted as an international standard, ISO/IEC 20000, and future maintenance and development will be by an international working group."
ITIL is also encumbered by the fact that it is delivered as a whole library of books, meaning it has two barriers to participation -- cost and word length. "Isn't the fact ITIL comes in a bunch of big books a barrier enough, without introducing fees over a hundred bucks for one of them? Who ever reads a bunch of documentation-style writing these days anyway? We want small chunks of relevant content."
Vendors don't quite get ITIL either, Governor believes:
"The reason this issue is far from academic at the moment is because of the current mismatch between systems management software vendors selling to ITIL, and the market understanding of what it actually is.... ITIL provides a useful foundation for business IT alignment discussions but it is not a 'how-to' guide. There are no shortcuts... Note to enterprise buyers -- if a software company making a sales call tells you their product is 'ITIL-certified,' then cross them off the short list. Products can not be certified 'ITIL compliant.' People can be ITIL-certified, products can't. Any decent software vendor will know that and tell you so."
Another question may be how willing US-based organizations -- beyond the government sector and multinational corporations -- will be willing to follow best practices formulated through a UK government agency. In the rugged, frontier (or should we say entrepreneurial) atmosphere of many US markets, US government agencies can make recommendations, but unless they have the teeth of law or regulation behind them, these agencies are often urged to stay out of the way, and not tell constituents how to run their businesses. Plus, American businesses are not well known for marching in lockstep with one another.
As Government Technology put it, until recently, "while the rest of the world began to term ITIL the de facto standard for IT service management, most people in the United States had never even heard of it. In general, American IT was still the golden goose that could do no wrong, despite oftentimes failing to produce any measurable results."
An indicator of ITIL's adoption on these shores may be found in how much of a premium ITIL certification adds to the resume. The other measure of its success is how much visibility it sees in the vendor marketecture. Just remember James Governor's advice.