Welcome to our new blog series on the topic of IT4IT. In this series, we would like to look at the topic of IT4IT from different angles. We will take a closer look at what is behind the term and the Open Group’s IT4IT framework, what practical experience we have had with it and what benefits you as a reader can gain from it.
IT4IT is a reference architecture for the management of information technology (IT). Companies use IT4IT as a framework to improve and manage IT by focusing on value chains.
The optimization of primary value chains from the procurement of materials to sales or after sales has already been accepted as a challenge in most companies and already has a high degree of maturity. In comparison, the automation and professionalization of the IT value chain is still largely in its infancy.
This is reflected in the high proportion of manual activities in standard processes such as the IT-related onboarding of new employees. Here, the configuration of new workstations often still requires many manual steps, which is time-consuming and costly.
On the other hand, security breaches have recently occurred, particularly in the areas of IT and data security, which have attracted a great deal of public attention. The actual damage to affected companies has often been significant, both financially and in terms of corporate image.
In order to tackle these and other problems, it is necessary to develop a holistic view of the company on the part of IT in order to gain transparency about the interaction of various IT processes. The best way to do this is to rely on existing standards such as the Open Group’s IT4IT framework.
IT4IT, Quo vadis Frameworks?
Recently, security gaps in IT and data security have become increasingly known. One example of this is the Log4j issue, which caused glaring security vulnerabilities only a short time ago. Such vulnerabilities are gateways for a variety of forms of attack (DDoS, integration into botnets, ransomware).
As a result, there is a risk that IT will become the single point of failure for the supported company. This affects not only the technology (e.g. firewalls), but also the underlying IT processes and corporate architecture in particular.
IT security certification alone (e.g. in accordance with ISO 27001) cannot provide a remedy, as it must be considered in an integrated manner. This requires effective management of all IT processes, which must work together optimally.
This quickly raises the question: How is it possible to successfully manage this high level of complexity? Appropriate frameworks provide the answers. An excellent approach here is IT4IT from The Open Group. While IT4IT provides a holistic view of the IT value chain and enables organizations to manage IT like a business, ITIL, COBIT, ISO/IEC 20000 and TOGAF provide specific guidance and best practices for managing different aspects of IT. Organizations can use IT4IT in conjunction with these frameworks to ensure they are managing their IT effectively and efficiently. Figure 1 shows how the known frameworks can be categorized in an end-to-end view.
The benefits of a comprehensive end-to-end view are as follows:
- Improved understanding: by analyzing a process from start to finish, you gain a deeper understanding of how the process works, and you can identify inefficiencies or bottlenecks that could impact its effectiveness.
- Increased efficiency: A holistic view of a process can help identify opportunities for automation and simplification, reducing the number of steps and handovers required and increasing the overall efficiency of the process.
- Improved coordination: An end-to-end view can help teams work together more effectively as it provides a shared understanding of the process and helps to identify areas where different teams need to work more closely together to ensure the process runs smoothly.
- More effective problem solving: By looking at a process as a whole, it becomes easier to identify the root cause of problems and develop more effective solutions that address the underlying issues rather than just treating the symptoms.
The last two points in particular are crucial. Once the foundation has been laid on the basis of this transparency, IT security certification can build on it with much greater impact.
In the next blog article in our “IT as a value chain” series, you will learn more about the process view of the IT4IT framework and what you need to consider if you want to set it up for your own company.