Incident Management in the Cloud

In the field of management of information technology services, SaaS or ‘in the cloud’ option often remain as under discussed topic. Most who are related to IT industry are used with some leading Incident Management system, yet many are unaware of offerings from the SaaS brothers of the Incident Management tools. In essence, such services which may lead to the downtime with minimal involvement of own IT setup avoiding large expenditure in OPEX model. In our other articles we highlighted OPEX model as the major benefit of any SaaS service. Operating expenses (OPEX) is the current costs to operate a product, business, or system whereas Expenditure on capital investment (CAPEX), refers to the costs of developing or providing non-consumable parts for the product or system. As like features, advantages, disadvantages of SaaS Incident Management is like any corporate SaaS services, Incident Management in the Cloud as a service segment also has similar elements to discuss. Unfortunately, not all CIOs are from the academic field of software engineering or deficit of experience, which often push them to adapt a modern incidence management solution. Unlike many other use cases of SaaS, here in Incidence Management in the Cloud services, privacy and security issues are not a matter of concern because of partial or complete abstraction of the production infrastructure from the service provider.

Basics on Incident Management

IT service management refers to a group of activities which are regulated by policies, organized and structured in processes and supporting procedures. Altogether the system enables an organization to plan, design, deliver, operate and control the IT services for the customers. IT service management is characterized by adopting a process approach towards management. As the focus is on client need, rather than a direct need of management of internal IT systems, stressing continual improvement is suggested. Most of the researches show that positive customer experience matters as high as 35%.

Incident Management is a lifecycle management process for all incidents to ensure normal operation of services and also includes restoring the services as quickly as possible. These two factors directly affect any business. The normal operation of the services is defined in the Service Level Agreement (SLA). Incident management is a process which is included in the ITIL and ISO 20000. Incidents can be classified like below example:

In general, the term Incident is a failure reported by a user. Incidents can be classified into three categories: Software, Hardware, and Service Request. Service request part not always viewed as incident, but rather as Change Requests. Incident management is the process of limiting those elements which are detrimental to the proper functioning of the business. Incident management is usually followed by a post-incident analysis in which it is determined how it appeared despite the precautions and controls put in place. Without effective problem management, an incident can quickly disrupt the business operations, computer security, information systems, employees, customer relationships, and other vital functions.

Since incident disruptions would cause loss for organizations, it is a concern of IT organizations to effectively implement incident management on the basis of cutting down the cost to avoid the occurrence of incident and guarantee the business continuity. There are model from some mature frameworks such as ITIL, COBIT and standards like ISO-IEC 20000 which are adopted in several organizations. Among them ITIL (Information Technology Infrastructure Library) being considered as the best-practice of IT Service Management.

Despite preparation, engagement of resources into operation, unwanted incidences unfortunately break the production system. Incidents can be loss of a function like failure to send email, failure of backup to be uploaded, a full-scale downtime or slow response time. Single Point Of Failure Analysis should be practiced on regular basis, as example outline of principle:

1. Mapping IT assets
2. Performing Impact Analysis of each
3. Assessing the Risk of loss of each component
4. Assessing factors might lead to failure
5. Testing mitigation of the problems

Advantages and Difficulties of Setting Up Incident Management

The implementation of incident management will reduce the impact of incidents on activities which will improve their performance. It will bring other benefits like faster detection and resolution to avoid the appearance of new incidents. In addition, it allows a better use of the resources of the company according to the events that are physical, human or intangible. The quality of the information will be improved thanks to the establishment of a database facilitating the handling of incidents. Finally, the implementation of incident management will bring improved user satisfaction.

The implementation of incident management within a company may encounter barriers that prevent it from becoming established and therefore from acting effectively within it. The first barrier is the resistance to change of employees of the organization. This resistance is natural and appears with every novelty in an organization. This resistance can be more or less strong depending on the implementation method within the company. In the case of incident management this may result in the service not being used by continuing to use the old method. The second barrier is the lack of commitment of the leaders who will thus grant less funds for this service. This will result in decreased efficiency of the service. The last barrier is more specific to SMEs and concerns the use of IT tools. In some of the SMEs use in-house IT tools which are limited to spreadsheets and therefore does not allow the application of incident management. This is disabling for the SME who does not have access to the important functions that could improve its functioning. However, one must be consistent with the size of the structure and use a reasonable incident management system in view of the company.

Incident Management in the Cloud

From the above discussion, we can realize that some of the SMEs with in-house IT tools are not using enough modern incident management and this factor easily can be mitigated to improve functioning. Most on-premise Incident Management software are intended for the large industries with dedicated hardware and manpower for only the incidence management part. It is beyond any doubt that SMEs are commonly unable to maintain such setup despite being knowledgeable enough around the basic theory discussed in this article. At worst, if the hardware, networking is not isolated with the intention of bringing down the cost, the incidence itself may involve the system’s alert functions and other way of communication for faster resolution. At this point, the question to consider SaaS based incidence management tool comes under question as SaaS known to deliver enterprise grade service at fraction of cost avoiding one-time setup cost. On this topic, several research papers published on reputed journals including IEEE.

Selection of SaaS Based Incident Management Tool

Do we recommend any specific company’s solution? In very short – NO. Any standard SaaS based incidence management provider’s website themselves will explain what is incident management, what services they offer, basic technical matters, which infrastructure they use and offer some whitepapers. It is important to consider few points while selecting a service SaaS based incidence management provider:

1. Easiness to use
2. Offered means of communication by the incidence management service they offer – email, text message, smartphone application for alerts and monitoring
3. Quality of webserver of the service provider
4. Over the phone assistance and consultation
5. Any free of cost trial
6. Industries they are experienced with
7. Easiness of integrity with other tools and presence of API

Without going in to details of STORM™ Change Management practice, we can highlight few points to consider while selecting a basic SaaS based Incident Management solution:

1. Single Point Of Failure Analysis
2. Monitoring & Alerting (monitor as much as possible – components, processes, communications, workflows, response time)
3. Finding Escalation Path and Hunt Group
4. Document Changes
5. Customer-Asset Mapping
6. Network Operations Centre
7. War Room
8. Status Page
9. Knowledge Base

Conclusion

Remember that failure is an event, not a person.
– Zig Ziglar

This webpage would be not readable without enforcing a robust incident management system. Importance of Incident Management system is an established component of IT services and industries which uses IT services for the sake of delivery of high quality service. From this article, we learned the basics of lifecycle management process, the practical difficulties for an average SME to adapt in-house incident management system and SaaS based incidence management system as cost effective yet enterprise grade solution. As like any SaaS services, a minimal security infrastructure of the company is required for implementation of the solution for better return of investment and avoid failures. If incidence management service frequently faces outage incidences, such service is definitely not worth to pay for.