Managing by value, and measuring value in quantifiable business terms, allows you to overcome these issues. With an open dialog, business leaders can make more informed decisions regarding IT investments, and this leads to IT pursuing those things that have the most value to the enterprise―a win-win scenario that maximizes the value of IT resources.
Determining Service Value
To understand how to manage IT operations and activities based on service value, you must understand where IT value originates―at the boundaries of the enterprise. IT services are simply lubricants to business transactions. IT value becomes visible when the enterprise is able to better serve the marketplace and outperform competitors.
The quest for BSM begins by examining the boundary between the enterprise and its marketplace. IT service value arises from the interplay between the enterprise and the marketplace in two ways. First, IT services provided to employees facilitate the interaction of commerce between the enterprise and the marketplace. In this model of service delivery, the IT service has an indirect impact on enterprise profitability. Second, IT services may also be offered as enterprise products directly to the marketplace as well. In this case they can have a direct impact upon enterprise profitability.
It is important to remember that the purpose for valuing an IT service is to make resource allocation decisions. Also recall that IT services can have a strategic impact on the enterprise and its marketplace. When we combine these two points it becomes clear that the IT organization ought to focus on those services which have the most opportunity to improve the business outcomes desired and expected of the enterprise.
Understanding Service Value
IT services represent potential risks to the business. Of course, IT services also represent potential benefit to the business, but for the purposes of IT service valuation it is important to understand what can happen to the enterprise and its marketplace should be IT service fail to perform as required.
From a business viewpoint, the higher the risk, the higher the value of the IT services. While this may seem strange to IT managers, this is how average business managers consider IT: as a risk. Generally accepted risk management frameworks include three major types of risks that IT services face. These risks to IT services represent risks to the business, and thus contribute to IT service valuation.
The components of IT service value (ordered by risk) are:
- Confidentiality: A security principle that requires that data should only be accessed by authorized people.
- Integrity: A security principle that ensures data and resources are only modified by authorized personnel and activities.
- Availability: Ability of an IT service to perform its agreed function when required.
Confidentiality – From an IT service valuation perspective confidentiality refers to the requirements for an IT service and the business processes it underpins, supports, or creates with regard to maintaining closed or controlled distribution of information, output or artifacts. An example of a confidentiality issue might be the disclosure of service artifacts to unintended or unauthorized parties.
Integrity – Integrity refers to the modification of data without the awareness of appropriate change management control. Examples of integrity issues include malicious modification of data, for example by a hacker. Another example might include the unintended modification of data by a user—perhaps misspelling a name.