Discussion with VP – IT Global Infrastructure (Pharma/Healthcare)

a few days back, I had a chance to talk to VP – IT Infrastrucure of one of the leading global bio/pharmaceutical services organization.

the discussion was around topics around some of the leading challenges being faced by his organization in IT Infrastructure space. some of them at were discussed in length were specifically around – providing a degree of confidence to the senior management that the IT assets were configured as per the corporate “gold standard” and any configuration change on the IT assets, reporting and manageing the risk arising out of the deviations/exceptions and providing satisfactory reports to the auditors.

interestingly enough, this is a pan-vertical requirement and also exists at various levels of IT management layers:-

  1. the CIO wants to be “aware” of the risk to the organization due to (mis)configuration of IT assets and manage it effectively.
  2. the VP wants to track the degree of conformance to corporate baseline or “gold standards” and translate it to business risk to enable the CIO.
  3. the director of technology towers (networks, systems etc) wants to have a real time (or near real time) view of the asset configuration compliance to established baselines. they want to be notified in case there is any deviation or exception, especially for those assets that are critical for their compliance and regulatory requirements (to the extent that some of the IT assets are tagged as “sox critical” etc).
  4. the manager and the engineers grapple with the problem of actually tracking the configuration of the IT assets under their control, recouncile the deviations against change and configuration processes and tickets (in remedy/service IT or any tool implemented for change and configuration management)

there are many white papers floating on the net providing guidance around best practices and processes. there are also the tools available in the market which can facilitate the configuration tracking, compliance and deviations (a.ka – configurtion drift tracking). however they work only if the established processes are stanardized across the organization and are followed to the letter (need to say, i know it!!).

in my opinion, the challenge gets complicated, more often than not, due to:-

  1. dynamic business requirements – they keep on coming and at times do not have the specifics for IT teams would like them to have.
  2. urgency of provisioning a business requirement – havent we all heard of  “i want it as of yesterday!”.
  3. complexity of IT environment – scale, different assets, different teams and their “ways of working”.
  4. legacy assets – unable to enforce configuration guidelines and track the deviations.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: