Strategic, tactical, and operational policies must be in place for IT managers and various business units to work cooperatively toward their respective goals.
By Dick Benton
Many organizations struggle to align IT and business units, yet we see a number of emotive terms used to characterize these often-misaligned relationships: armed camps, strange bedfellows, reluctant partners, and co-dependents. What triggers this misalignment? What causes IT to believe it is responding to real business unit needs when the business unit often sees the exact opposite, or at least a significant misalignment?
Where no chargeback model exists (the storage services are "free"), business units typically choose the highest levels of service. In a storage environment, for example, every business unit demands enterprise-level synchronous replication of its data to a remote hot site. Where a chargeback model does exist, business units typically select the lowest (cheapest) class of service for their storage, regardless of their responsibilities for functions such as disaster recovery.
In both instances, we have seen the IT team attempt to move the business unit to a more appropriate level of service, often with little success, because each group is operating from a different imperative. The IT group wants to provide what it believes is the "right" level of service. The business unit's imperatives tend to be more pragmatic, focusing on the business rather than the supporting infrastructure. In a chargeback environment, business units may see the IT infrastructure as overhead that eats away at the bottom line. In an environment with no chargeback mechanisms, business unit managers understandably select high levels of IT infrastructure support because there are no associated costs.
How do you avoid these situations and develop an enterprise view with both IT and business units aligned to common goals? In our experience, policies are the key to proper alignment of IT and various business units.
Policies are the internal "laws" of an organization, setting the rules and frameworks for cooperative effort. Developing effective policies requires an understanding of organizational imperatives, as well as the implementation of an infrastructure to continuously ensure that policies are in fact driving corporate goals.
Policies are unique to every organization, although there are many commonalities. We see policies falling into three categories: strategic, tactical, and operational.
Strategic policies define the basic rules of the organization's strategic imperatives, which, in the context of storage, might include the following:
- TCO and ROI of storage investments;
- Service levels provided to the business units;
- Performance of storage assets;
- Security of storage assets; and
- Data classification (tiers of service levels).
Some examples of strategic policies might include the following:
—Storage investment will be directly related to a business unit's bottom line contribution.
—Storage services will be offered to business units in tiers of service with a chargeback for each tier calculated from the corporate cost model.
—Business unit managers are solely responsible for determining and justifying the appropriate class of service required by their business operation. The cost of storage services will be included in any business case financial model.
Strategic storage policies provide a disciplined and documented framework of rules that govern both business units and the IT team.
This results in a substantial degree of alignment as these groups approach the negotiations needed to arrive at appropriate and policy-compliant levels of service. Without alignment at the strategic level, subsequent efforts at tactical and operational policies will fail.
Tactical policies are the laws that govern the storage environment and must be set within the framework of the strategic policies. Strategic policies drive the development of enabling tactical policies.
In a storage environment, tactical policies may set the rules regarding data classification, identification, protection, security, and change control.
Some examples of tactical policies might include the following:
—Data will be classified into one of three levels of tiered service offerings. Each tier will define the attributes of that service level for availability, growth, performance, backup, archiving, disaster recovery, security level (of data in production and data at rest), and end-of-life migration.
—On a regular basis, an automated storage resource tool will be used to identify owner, usage, and protection levels of every data file within the storage environment.
—All changes to the production environment will be subject to a change control procedure that subjects all changes to a formal authorization procedure requiring written approval for introduction into production. Changes will be categorized into classes of change impact so that the appropriate attention can be given to the most intrusive changes.
—Data shall be protected in accordance with the attributes defined for that class of service. All first-generation backup copies will be maintained within the automated tape library. Data scheduled for off-site storage will be copied to removable media for movement off-site. No primary backup media may be removed from the automated tape library without written permission of the IT operations director.
Tactical storage policies provide a disciplined and documented framework of rules that result in alignment of IT and business unit goals. If tactical policies are developed in the absence of the guidelines and framework of strategic policies, misalignment of IT and business unit goals is inevitable.
Operational policies set the rules that govern operational procedures. Once the tactical policies have been developed to implement the direction set by the strategic policies, operational policies can be developed to set the operational framework (rules) that govern how the tasks can be completed.
In reality, many IT organizations only have policies at the operational level, which often leads to misalignment with business units. It is not possible to develop operational policies that will promote alignment without the governance framework provided by the strategic policies and the infrastructure framework provided by the tactical policies.
Operational policies call out the rules that govern the operation of each process and related procedures. Operational policies for a storage environment might cover the following:
- Fabric changes, adds, deletes;
- Host changes, adds, deletes;
- Frame changes, adds, deletes;
- Environment monitoring; and
- Fault escalation.
An example of an operational policy is the following:
—Storage will be allocated in 9GB LUNs.
Many issues experienced by the enterprise in effective storage deployment can be traced back to inadequate alignment of business and IT. Policies are the key drivers of effective alignment.
Dick Benton is a senior consultant with GlassHouse Technologies (www.glasshousetech.com) in Framingham, MA.
How policies work
The diagram illustrates the relationship of policies as drivers of alignment between business units and IT.
Initially, strategic policies are set by senior executives. Once these policies have been agreed on and published, both IT and the business units have a solid base for aligning their joint efforts.
Once the strategic policies are clear, the two groups can develop tactical policies to set the basis for implementing the strategic imperatives. There is some debate as to whether class of service is a strategic policy or a tactical policy. Given the critical role that class of service plays in delivering tiered service levels, we see it as a bridging policy between the strategic and the tactical policies.
Business analysts can play a critical role in developing a class-of-service set that contains a pragmatic and cost-justified number of service levels, while still meeting the goals of the business units.
Class-of-service definitions drive the development of supportive tactical policies that will be aligned with the reference architecture designed to meet the business unit's needs.
If the reference architecture is developed in the absence of tactical policies, there is a risk that inappropriate technology will be selected—perhaps even a technology that is not capable of meeting the needs of the business units. Alignment is facilitated by ensuring tactical policies are in place and are used in the development of the reference architecture.
The alignment of tactical policies and the reference architecture enables development of appropriate operational policies, which support the development of operational procedures that actually execute storage provisioning and deployment. When the storage provisioning process completes with delivery and installation of the technology, the alignment from strategic policies through class-of-service policies and tactical policies drives the final alignment. Operational policies drive operational procedures designed to meet the goals of the corporation, business units, and the IT community.