Foundation Management defines the scope of a foundation by all of the technologies that contribute to the reliable, secure and compliant operation of the business. This definition requires ITFM to embrace all technologies regardless of who made them, what they are, or where they physically (or virtually) reside. All organizations have hardware and software from different vendors in their I.T. Infrastructure and most organizations have a mix of technology platforms. Because of this, Foundation Management cannot be achieved without the ability to bring any type of technology under systems-based management.
The specific scope of a given Foundation is most often determined by the flows of information that are available and relevant to the achieving of a business goal. That business goal can be anything that is important to the business.
In addition, ITFM is an essential part of the strategic CIO’s game plan behind providing the kind of leadership that addresses CXO concerns and supports the executive business role of the CIO. Foundation Management is a key imperative to protecting the organization’s Brand, delivering customer satisfaction, increasing margin, and by decreasing litigation and regulatory penalty vulnerability.
In this regard, Foundation Management serves to protect the organization from the occurrence of negative events that can lead to financial loss or reportable negative incidents while creating the forensic evidence to prove such events or incidents never occurred in the first place; shutting down misplaced, frivolous or opportunistic threats.
Flows of Information
ITFM recognizes that IT devices – both hardware and software – can produce information about their operational status, health, and activity in a number of different ways that often require specific technical capabilities in order to interact with that information. To meet this challenge, Foundation Management defines the management scope as “all flows of information relevant to the business goal at hand.”
The “flows of information” concept enables ITFM to embrace a much broader set of technology than infrastructure or systems approaches do traditionally do – increasing the organization’s ability to perform proactive response to conditions that can adversely affect business operations before the adverse affect actually occurs. This also opens the technology management practice to devices that are not normally considered part of the I.T. infrastructure though they are imminently relevant to business goals.
By extending the scope of ITFM to technology traditionally not considered part of the I.T. Infrastructure, any other device (hardware or software) that can “talk” can become part of the Foundation Management strategy.
For example, building security systems that may be an important part of an organization’s security and compliance practice can be incorporated into the Foundation. Fire alarms, power supplies, power delivery systems, lighting and HVAC may also be relevant and be incorporated into the Foundation to support systems reliability, threat detection, risk mitigation and cost management strategies.
The same may be the case for industry-specific devices such as medical equipment or distributed utility systems with “smart” controllers capable of generating flows of information. The discerning factor in Foundation Management is not so much what purpose a device services, but whether or not it can produce a flow of information, and if so, is that flow of information relevant to the business goal.
Considering that the scope of Foundation Management is driven by the flows of information that are available and relevant to a business goal, Foundation Management naturally extends across geographical boundaries. For Foundation Management to serve its purpose, both devices and people must be engaged in the Foundation wherever they may be – including multiple physical device locations, Cloud Computing centers, and people any where an internet connection exists.
This even extends to virtualization where virtual machines “move” under the virtualization paradigm to different physical devices as needed to balance load and efficiently use available resources. Foundation Management makes no assumptions as to where devices, applications or data resides. Instead, Foundation Management acts from the perspective that the devices, applications and data that form a Foundation must be managed as a coherent whole regardless of where they are, where they were or where they may be in the future.
In respect to people, Foundation Management meets the need for experts to provide Foundation oversight, conduct routine operations and perform remediation on the Foundation as a whole – or any part there of – regardless of where the expert is physically located. In this way, Foundation Management is able to reduce the cost of managing the Foundation with remote monitoring, management and remediation; provides the I.T. organization the tools it needs to develop a solid Foundation Management strategy; and supports even the most complex outsourcing scenarios with ease.
Building Block – Real-Time (milliseconds)
The term “real-time” no longer has a definitive meaning that can be referred to when this term is used. Instead, the term “real-time” must be defined for each use-case where it is employed.
For Foundation Management, that use-case is an elapsed time in milliseconds for detection of events that have occurred – applied across the entire Foundation.
This is necessary in order to ensure that the Foundation can detect the events that are likely to affect the reliable, secure and compliant operation of the business early enough to perform remediation that in most cases can avert a disruption to business operations.
Early detection often leads to remediation that is far less costly than the more extensive remediation efforts required to address issues in advancing stages of disorder or breakdown.
Further, Foundation Management recognizes that the process of Detect, Diagnose and Treat (for all devices in the Foundation) must be optimized to the greatest extent possible to maintain Foundation health. Foundation Management embeds an optimized business process for Detect, Diagnose and Treat in order to minimize the cost to support the Foundation while providing the highest service level possible.
Building Block – Forensic Evidence
Underpinning the entire concept of Foundation Management is the need to create comprehensive forensic evidence of events and actions. This is essential to the goals of security, compliance, and systems reliability.
The term “forensic evidence” is used to denote records that are universally time-stamped, digitally signed, and system recorded. Further, these records must be unalterable – so that they can serve as demonstrable and definitive evidence of what has actually transpired within the Foundation as a whole and on each and every device within the Foundation.
In Foundation Management, forensic evidence becomes a “living history” of the events that have occurred and actions that have been taken in relationship to these events. Foundation Management provides a baseline set of records that directly support the organization’s compliance and security objectives.
The importance of this aspect of Foundation Management cannot be overstated. These records are the front-line defense of the organization in protecting the organization from regulatory penalties and opportunistic litigation – situations that routinely have a high associated cost to the organization for combating these threats and an exorbitant cost when the organization loses to such challenges. For example, class-action lawsuits regarding data privacy can easily reach into the millions of dollars.
Building the forensic evidence of events and actions that occur in a Foundation provide that definitive set of records that can shut down opportunistic ligation and regulatory compliance probes cold. Not only does Foundation Management create these records, it also serves as the front-line defense to ensuring that the organization does acts in a way that meets operational requirements and resolves potential threats before they can become costly incidents of record.