Wednesday, 7 November 2018

Change Management Or Configuration Management - Which ITIL Process Should Be Implemented First?

Sounds like a "Chicken or the Egg, which comes first?" question.

The idealists will say that both processes should be planned and implemented concurrently. Both are "control" processes and are closely linked as describe below:

Configuration Management provides information about the relationships of Configuration Items (CI) through the Configuration Management Database (CMDB) and therefore, provides Change Management with an understanding of the impact of changes to the CI.

Request for Change (RFC) and records of changes are supposed to be stored in the CMDB (depending on the scope of the CMDB). This enables tracking of progress of changes.
CMDB should only be updated if there is a corresponding approved RFC and completed Change.
Some may say that Configuration Management process should be implemented first. Some may even say it should be the first ITIL process to be implemented since this process underpins all other ITIL processes.

The fact is that many companies have implemented some form of Change Management process, without a formal Configuration Management process. In organizations that have implemented both processes, the maturity of their Change Management process is usually far more than the other.

How is this possible?

With a good CMDB, Change Management is able to conduct more effective impact assessment and to implement changes in a more controlled manner, resulting in a more stable environment.

However, good impact assessment can still be performed even without a CMDB. The knowledge of the CI relationships, state of the CI, history and other relevant information for impact assessment are in the heads of the persons responsible for the state of the CI (also known as CI Owners). The knowledge could also be documented somewhere by the CI Owners ("CMDB" in its raw form). A good impact assessment can still be done if the Change Manager is able to consult with or bring the right persons (i.e. CI Owners) to the Change Advisory Board meeting.

In any case, even with a functioning CMDB, the Change Manager should still consult and invite the CI Owners to help assess changes, especially complex changes as these CI Owners will be able to provide much more information, knowledge and wisdom than a mere CMDB.

The recording of RFC and change related information is an activity performed within the Change Management process. Storage of RFC and records of changes are possible without a formal Configuration Management process as long as records are properly kept and maintained using a document management tool or filing system.

In summary, it would be ideal to be able to plan and implement both processes concurrently. But if you are constrained by time, money or project resources, you may choose to postpone the Configuration Management process implementation and focus on getting Change Management process up and running first. Getting the benefits of an improved process earlier (Achieving Quick Wins) is an important consideration when you are on the IT Service Management (ITSM) journey. Also, with the Change Management process introduced, there is a better understanding of how to scope and plan the Configuration Management implementation to link both processes together later on.

Jeffrey Lee
Source: Link

Saturday, 27 October 2018

Planning an IT Service Management Assessment

There are many types of IT Service Management (ITSM) assessments that can be conducted. They could range from quick and inexpensive self-assessments to complex, detailed and expensive investigations led by ITSM consultants or experts. They can also be also classified as a compliance-based assessment or a maturity-based assessment or combination of both.

Compliance-based assessments are aimed at evaluating whether an organization meets some type of external or internal criteria. Examples of external criteria are ISO 20000 standard or some proprietary ITSM frameworks like HP ITSM Reference Model or Microsoft's MOF. Internal criteria could be the organisation's policies or documented procedural requirements. Compliance-based assessments are usually conducted by organisation that has already some degree of ITSM implementation.

Maturity-based assessments evaluate where an organization is located on a journey from one state or level to another. The areas being assessed are usually scored between maturity level of 0 and 5. Maturity level of zero means nothing is in place and maturity level of 5 means everything that needs to be done is in place and is working perfectly and there are mechanisms in place for adaptations to changes and continual improvement. Each level of maturity contains a list of criteria for each of the five levels above.  The criteria could include vision and leadership, process, people, tools and overall environment factors or culture.
 
Most organisations would not be aiming to reach the highest level of maturity but would instead focused on defining what level of maturity is needed to meet their business goals and determining which level of maturity they are currently at and what they must do to progress to the next level. Maturity-based assessments are useful for creating a known starting point for the planning and implementation team.
 
The following further describes what would need to be assessed:
 
Vision and Leadership
Prior to the start of the ITSM assessment, the assessors would need to understand the business goals, IT goals, vision and mission and IT strategy. This is normally done through looking at documented IT strategy and plans and also interviews with the project sponsor and key executives.
 
Processes
Since IT Service Management is a process-based approach it is important to determine which processes are defined, documented and how much of it is in being practiced or followed currently. That is where best practice guidelines like ITIL, standards like ISO 20000, ISO 17999 or even proprietary frameworks like Microsoft's MOF and HP's ITSM Reference Model comes in handy as a reference or basis for comparison. Questionnaires or checklists to determine adequacy of the existing processes are usually derived from them and used.
 
Although external references are used for comparison, it is important to keep in mind that the assessment is not an audit. It aims to reveal which processes are in place or defined rather than to determine the degree of compliancy of existing processes to ITIL or ISO 20000. The assessment is usually focused on determining process maturity and gaps so that the findings can be used for service or process improvement planning.
 
Organization and People
Managing changes in organisation and people is the most difficult part of an ITSM implementation. The focus includes assessing organisation and people on areas that can help in planning the ITSM project and management of change activities later on. It should also identify what the constraints are so that the project can be more successful.
 
The assessment should check that roles and responsibilities are defined (e.g. RACI charts) for each process activity. It should also covers people's understanding of their roles, how they contribute to the organization's objectives and how they are measured and rewarded.
 
It is good to check on the availability of existing HR processes for performance management and development planning. The assessment could helps to identify the availability of skills and competency to perform the required tasks, the skills and experience required for the project as well as who has them.
The organisation charts will provide information of organisation structure, decision-making structure and authority levels that would be useful for project planning. It also identifies key stakeholders and potential supporters and resistors to change.
 
Technology
Technology is also a key factor in the project's success. When planning and implementing an ITSM strategy and defining end-to-end processes, technology and tools would play an important role. Tools are needed to support and enable the processes as well as for monitoring of the IT infrastructure and reporting. The aim is to determine what tools are needed to support the existing and future processes and infrastructure.
 
A good initial ITSM assessment should also take into account several technology factors, such as:

* Which processes and functionalities can be effectively supported now and more importantly, for the future.

* The level of process integration that should be available in the tool (e.g. the ability to link incidents to problems records, the availability of event monitoring tools and the ability of he event monitoring tools to automatically log specifically defined events as incidents).

* Need for a tool that supports easy knowledge capture, storage, searching, sharing, presenting and reviewing of knowledge and information.

* Need for a tool that supports easy data analysis, reporting and circulation of reports.
 
The aim of an initial ITSM assessment is to understand gaps and key issues and top priority areas which need to be addressed first and foremost to improve IT Service effectiveness and business value. Hence an initial ITSM assessment would usually be a maturity-based assessment, with a little of compliance-based assessment included as needed, especially in areas or processes that is found to be already in placed or matured to some degree. It is also usually done at a fairly detailed level.

For organisations new to ITSM, it should be conducted or led by experienced ITSM consultants. The ITSM consultants should have the aid of ready-made assessment tools with well-specified criteria and reporting features and would be expected to add value by suggesting viable solution approaches, possible project scope, estimated timeline and costs, products and services to address what needs to be done at each step of the ITSM project.

Source: Link
Author: Jeffrey Lee

Saturday, 20 October 2018

Implementing Problem Management

ITIL defines an "Incident" as any unplanned interruption to an IT service or reduction in the quality of an IT service and ITIL defines a "Problem" as the cause of one or more of those incidents. The primary objectives of taking on Problem Management are to prevent problems and resulting incidents from happening, to eliminate recurring incidents and to minimize the impact of incidents that cannot be prevented. Problem Management is dependent on a mature Incident Management process.

Although it is possible to start early with Problem Management, this process is highly integrated with Incident Management. So, it is best to implement Problem Management after you have implemented Incident Management. You will require incident data, impact, frequency and incident trends to help identify relevant and worthwhile Problems to work on eventually.

It is often possible to start with Problem Management activities, without having a formally defined Problem Management process. Rather than getting bogged down with the activities related to process design, implementation of supporting tools and documentation at the start of the project, consider going for quick wins. You could start with actions like the following:

* Identify the top 5 to 10 incidents

* If needed, provide guidance to incident management/service desk on how to record - incidents

* Find some problems and solve them!

A key activity in Problem Management is to look for the root cause of one or more incidents and recommend a permanent fix. Choosing the right people for the job is crucial. Analytical people with the right technology background are best given such roles. This need not be a permanent role. If fact, most organisation do not assign someone to be "THE Problem Manager". Problem managers are best identified and assigned based on the problem(s) at hand. Sometimes, a task force could be appointed, instead of a single person. Besides technical skills, the assigned Problem Manager(s) would preferably have problem-solving skills and experience with techniques like Kepner Tregoe, Pain-Value Analysis and using of Ishikawa diagrams to perform fault isolation and problem solving.

At some stage, the process would need to be designed, documented and formally rollout throughout the organisation. IT Infrastructure Library (ITIL) would provide an excellent framework and guidance for defining the process activities and steps. Roles and Responsibility for Problem Management needs to be formally defined and a process owner needs to be assigned for this process. The responsibility of the process owner would be to ensure that the process is documented, role and responsibilities are clear and well communicated, people are using the process and there is focus on continual improvement to the process. Reports and metrics have to be defined. Examples include:

* Number of Problems and Known Errors in a period by status, service or category.

* Percentage of Problems which have been solved per category and period.

* Average time taken to find root cause per category.

* Average resolution time of Problems and Known Errors per category.

* Effort invested in Problems pending resolution and expected effort required for closure per period (as measured by resolution time).

* Number of Problems that re-occur. Unlike Incident Management metrics like "percentage solved within target time",

Problem Management metrics are typically not included explicitly in Service Level Agreements (SLAs).

Setting up a Known Error Database (KEDB) is another key activity. A Known Error is a Problem that has a documented root cause and workaround or solution. The KEDB maintains information about problems (i.e., isolation and resolution procedures) and the appropriate workarounds, scripts, references to patches, FAQs and resolutions. The KEDB or knowledge database must facilitate flexible retrieval of information, preferably by keyword search.

However, the KEDB may not add much value if the Incident Management process is too immature to efficiently use them. Many organizations have set up a KEDB system, without real success, due to the fact that the Incident Management or Service Desk staff was too immature to help capture information and use the system to aid in first-line diagnostics. So, setting up a KEDB system in itself is not enough. A knowledge management mindset and culture is needed as well. Incentives and metrics would have to be introduced to motivate the right behaviour in Incident and Problem management staff.

Implement a tool to support the creation and tracking of Problem and Known Error records should be considered.  Given the close dependency between the Incident and Problem Management, integration of incident and problem management workflow and data records in the tool is important. Most commercially available tools like BMC's Remedy or HP's Service Manager comes with separately purchasable but integrated modules for Incident Management, Problem Management, Change Management and a Configuration Management Database (CMDB) to store the system management records and also Configuration Item (CI) information.

Lastly, like any other ITIL processes, the Problem Management process should then go through the Plan-Do-Check-Act cycles and improved and refined over time.



Source: Link
Source: Jeffrey Lee

Monday, 22 June 2015

IT Service Continuity Management: Why Is Operational Safeguarding Valuable?

IT Service Continuity Management: Why Is Operational Safeguarding Valuable?


IT services are designed to support one or more business technology areas by supplying the skillsets, physical hardware, applications, or processes necessary to accomplish an operation. Continuity management consists of planning and administering the risks associated with technologies used by a company. Professionals can be brought in to evaluate organizational values, potential threats, vulnerabilities, and determine a plan of action for disaster scenarios.

IT Service Continuity Management (ITSM) can also be centered on the licensing, agreement, and maintenance of third party implemented solutions to supply continuous availability. The goal is to identify and monitor risks to prepare a company for any type of situation with possible impact on utilized services. ITSM is a preventive measure used to make certain the minimum service levels can always be provided. This is accomplished by taking measures to reduce associated disaster risks and making plans to accommodate recovery needs.

Managed Services: Abundant Protection Options for Evolving Enterprises
ITSM is a managed service designed to improve the reliability of systems or processes used by a business. Multiple concepts have made it easier for providers to supply a straightforward solution in regards to process or information protection. Delivered assistance includes:
  • Systems Administration
  • Managed Security
  • Storage Services
  • Monitoring Assistance
  • Networking
  • Data Replication
Supplied knowledge can be used to leverage various aspects of an infrastructure, technology, and business continuity. Providers make it simple to have a redundant environment in place for disaster preparedness. These secure environments are available whenever needed by an organization. Professionals have the capability to support critical systems or applications necessary to maintain business operations.

Administration support allows a company to have a consistently efficient server or application environment. Hardware or software can be configured quickly, deployed, and maintained as needed. Managed security assists with the protection of vital information from any type of internal or external threat. Managed services include firewall management, intrusion detection, potential weakness identification, and continuous monitoring. Companies use measures such as offsite copies to make sure information is available regardless of the disaster scenario. Off-site providers can not only store the data, but also manage the hardware and configurations needed to keep a business operating when a problem occurs.

Monitoring identifies potential or existing problems involving a specific system, database, or process. Network assistance entails the monitoring of traffic or connectivity to create solutions for improved connectivity, reduced costs, or better performance. Data replication services help a company ensure critical data can be recovered in real-time to prevent the halting of important applications, loss of information, or integrity issues.

IT service continuity management is a diverse area where the offered assistance depends on precise organizational needs. An abundant amount of help is supplied to increase the dependability of vital operational components. ITSM is used to align support needs with solutions for risk minimization. Organizations gain a combination of proactive and reactive procedures geared toward preparing for unforeseeable complications. While these measures can seem like a costly investment, it is often necessary for companies with vital systems or information that cannot be compromised under any circumstances.

Author: Delina R. Cunningham
Source: Link

How IT Departments Make Money?

How IT Departments Make Money?

One of the biggest challenges that the person with the CIO job has is that the department that they are responsible for is more often than not viewed as being a cost centre. What this means is that the IT department spends and spends and spends and never seems to actually bring in any money.  Now I know that we all know all about the importance of information technology; however, to the rest of the company IT sure can seem like a big black hole. However, things are changing and some CIOs are discovering ways that the IT department can actually generate money for the company.

How Waste Management Sells Its Services

Over at Waste Management, they haul trash to the dump. They haul a great deal of trash. Last year the company earned US$13.5B hauling trash. However, even when you are making that much money, you still would like to be able to make more. That's why Waste Management's CIO decided that it was time for the company to launch an ecommerce site.

The purpose of the Waste Management ecommerce site is to allow their residential and business customers to purchase additional services from the company. These services can include such things as renting dumpsters as well as getting quotes for both trash pickup and recycling services that are offered by the company.

What makes the Waste Management ecommerce site unique is that it has been designed and is being run by the IT department. What this means is that the IT staff that have been assigned to run the ecommerce site now have sales quotas assigned to them that they have to fill. In order to accomplish this, the IT department plans on adding new products to this site every two months!

From Trash Man To Logistics Consultant

The ecommerce website is only the first step in Waste Management's plans to transform their IT department into a profit canter. They plan on putting the IT department in the centre of additional customer-facing revenue-generating projects.

Waste Management's IT department is planning on putting mobile devices on their fleet of trash trucks. This will allow them to measure such things as load weights, the route that each truck travels, along with how much time is spent at customer sites and at landfills. This will produce a great deal of data that can be combined with the customer related data that the company already collects.
Once the IT department has all of this data, they plan on transforming the company from just being a trash hauler to now being a logistics consultant to their customers. With the data that they've collected, they believe that they can start to make recommendations to their customers regarding how they can change their trash habits so that they can save money and recycle more.

What All Of This Means For You

IT departments exist to serve the rest of the company. That's why in the past, the IT department was treated like a cost centre and nobody really worried about where the money was going. As things got tighter, IT budgets got squeezed and now IT departments are being expected to generate revenue just like every other department in the company.

Over at Waste Management, they've gotten very creative with their IT department. They've created an ecommerce site that the IT department is now in charge of in order to sell more of the company's services. They are also trying to transform the company from being a simple waste hauler to now being a logistics provider for firms.

Revenue opportunities exist for every IT department. As the person in the CIO position, you need to learn to keep your eyes open in order to spot where the revenue opportunities for your IT department lie. Get good at finding out how your IT department can generate money and soon enough your IT department will be making more than it spends!

Author: Dr. Jim Anderson
Source: Link

Saturday, 23 August 2014

Business Relationship Management

Business Relationship Management

Whether you're a business owners with a brick and mortar business, online business, MLM or a home based business, building a good business relationship with your clients or customers is extremely important. It will bring more financial success and encourage an honest service.
                              
Administrative assistant: When looking about building and maintaining a good business relationship with your customers, there are 6 areas which should be looked at. The first one is empathizing with customers. When you first meet with your client, they usually have a problem. Sometimes big and sometime small, you have to be sensitive to their issue at hand.
                         
Second is remembering the little things about your conversation with your customers. When there is meeting, they will share some information about themselves which will indicate they like and what they don't like, make a note. Sometime they will even share something which they like to do during their personal time. You can also make a note and on your way back from the meeting, you can start thinking about what you could do or send them that would be related. Anything which will be related will help build that relationship.
                          
When you are committing anything in the meeting, you have to do without fail. It should be timely and the deliver should be kept in promise. This will go a long way towards building a long lasting relationship. When you fail to deliver, that client is looking for another provider the minute you missed that deadline.
                        
During your meeting with your client, it is very important that expectations are very clear. It is most important that your client make his expectations clear. You have to be very loyal to them. Don't play games and be upfront. This will also go a long way in building your relationship with your customers.
                             
By making some mistake, admit to it immediately and apologize sincerely. Your customer will appreciate your honesty and will not hold it against you.
                       
Business relationship management is not easy but when done correctly, it pays dividend like no others. Take your time and make sure you are taking the steps to building a good lasting relationship.
Author: Peachtree
Source: Link

Tuesday, 29 July 2014

What is Knowledge Management?

What is Knowledge Management?

                         
Knowledge Management focuses on the organization-specific body of knowledge and skills that result from the organizational learning processes and is concerned with both flow of knowledge and the making of profits.  ‘Knowledge Flow' represents the ways in which knowledge is transferred from people to people, or from people to a knowledge database. Knowledge Management is intended to capture an organization's collective expertise and distribute it to "wherever it can achieve the biggest payoff".

Knowledge Management is about storing and sharing the accumulated collective understanding and expertise within an organization regarding its processes, techniques and operations.  Because it treats knowledge as a key resource Knowledge Management is a key component of intellectual capital, which allows HR practitioners to influence the area of people management.

One of the major requirements for Knowledge Management is to integrate the link between people management practices and organizational performance in professionally-run organizations.  The organization has to monitor how HR contributes to the creation of tangible value in the form of knowledge-based outputs.  For instance, in professional service organizations, the knowledge held by their staff is the key to the development of intellectual capital.  Such organizations "sell their people because of the value they add to their clients".

Though the concept of Knowledge Management is of recent origin, interest in it has grown rapidly with the development of information technology (IT).  Accordingly, a Knowledge Management system will require carefully prepared, structured management information systems (MIS) in which information is recorded, stored and made available to those who need it.


The essence of Knowledge Management then, is the need to have designated ‘knowledge developers' to design the computer software to control the knowledge database, and the ‘learning options' that will guide users in finding, at any given time, information that will serve their personal development and  work needs.

A sophisticated Knowledge Management system aims not just at information-sharing, but also in meshing the assumptions and beliefs of the learner.  Tacit Knowledge—expertise that is stored in people's heads—can be clarified and shared with others, eventually becoming ‘newly created knowledge', which is understood and accepted throughout the organization.

Depending upon a person's position within the organization, and his/her viewpoint, encouraging a team approach to sharing knowledge and skills may benefit all employees, or may even prove to be a strategy by which the senior management can extract individuals' key knowledge in order to take advantage of  the ‘knowledge creation pool' existing within the organization.  However, in an organization which is aggressively competitive and rewards individual achievement rather than teamwork, employees may be reluctant to share their ideas for a new service with their manager, simply to avoid the manager receiving a performance bonus for someone else's idea(s).
Therefore, an organizational climate of trust and mutual respect would seem to be essential in developing effective Knowledge Management Systems.

Finally, knowledge creation in an organization assumes that employees, especially at the middle and senior levels, actually know more than what they are perceived to know, even though they may not provide solutions to all of the organization's ills.  Hence, the imperative for organizations will be to create an organizational climate wherein tacit knowledge can replace existing/traditional systems of knowledge-sharing; such a climate necessitates systematic training interventions appearing alongside the routine scheme of things.  This will offer exciting new horizons for HR practitioners and managers at all levels, ultimately contributing to enhanced employee performance and organizational well-being and effectiveness.

Author: Team Careertunity
Source: Link

Friday, 11 July 2014

Benefits of Release Management

Benefits of Release Management


In today's scenario with globally distributed teams, there needs to be proper collaboration and automated processes in place for the successful launch of any software.  Manual build, test and deployment processes can be expensive, risky and error-prone. If you need to build software fast and reliably to meet changing business goals - without compromising on quality you need to have proper release management processes in place.          

Release management  is a software engineering process that is used by organization for the development, testing, deployment and support of software releases. This process combines the traditional project management with System Development Lifecycle (SDLC) and IT Service Management (ITSM) practices. A software project before it is finally released goes through a series of processes based on good release management i.e. build a detailed plan of software implementation process.

Release Management helps maintain and track different versions of your project deliverables, along with their planned and actual release schedule and the requirements, task, bugs, changes to be resolved in each different release. It helps improve the productivity and quality of product, unifies disparate and distributed teams and provides better visibility into each change and control over the flow of changes as they flow from build to release in the project lifecycle.
        
Automating release management provides you with traceability across the software development lifecycle. You can not only maintain software integrity, reduce costs and risk but also control changes, improve business availability and simplify software audits. You know exactly where your project is heading and can identify and correct the bottlenecks faster.

Automating release management reduces the manual effort and helps developers and IT operations plan and collaborate on the software release right from the beginning and not at the end of a development phase. This helps management continuously identify and quantify risks, even as the application changes and release reliably and predictably.

This is not only applicable to software development, but also to any type of project where some "milestones" need to be reached. The goal of release management is to deploy application changes into production without disrupting the business.Automating release management provides you with traceability across the software development lifecycle. You can not only maintain software integrity, reduce costs and risk but also control changes, improve business availability and simplify software audits.

Author: lisasmith
Source: Link

Thursday, 10 July 2014

5 Strategies for ITSM Change Management

5 Strategies for ITSM Change Management


Nowadays businesses are faced with everlasting opposition, varying conditions and enlarged customer requirements. To remain practicable and economical, their IT and services organizations must be in total affiliation with the tactical aims of the company.
        
In commerce, this means that IT has to be an associate in bringing value to the customer. One of the central objections of doing this is to guarantee, that changes are implemented without disturbing the delivery of that use to the customer. While no tactic can promise complete achievement, a uniform Change Management process with evidently definite duties and responsibilities, intensifies the chances that the business objectives and aims are effectively attained, and confines the possibility of upsetting and costly errors in implementation. Here is a compiled list of the top five tips to use when implementing an ITSM Change Management process.

1. Make Achievements Clear
Many companies fight back with ITSM in general and Change Management in particular. The most ordinary misapprehension is the supposition that implementing Change Management will mend issues that are associated to Release Management or Configuration Management.

2. Articulate The Benefits
A top-down executive method is the most effective way of bringing Change Management to your company. Inform the clients and the employees about the benefits in detail, which can be extremely useful in executing Change Management.
        
 3. Recognize The Business
Normally, higher-ranking executives put out goals and objectives for the coming year. Individual production units then settle on what activities they need to take, to collaborate with them. But how can IT find out what these objectives are? With necessary research finished, there is loads of work to do. Asking is one thing, but it has to be supported by dedication from those influenced.

4. Know Information Technology
Though IT has to be all over the commerce side to determine goals and line up to existing activities, the opposite doesn't essentially hold true. It isn't compulsory for industry executives to get caught up in all the information of how different processes are executed, much less how the original expertise infrastructure works.

5. Describe What A Change Is
The most central concept to pass on is that everything in the IT world can have a change aspect to it. This can be true if you are implementing Change Management in an undeveloped, silo-structured corporation.

Author: Eli Shemluck
Source: Link

Friday, 20 June 2014

Basics of Access Management for IT Web Infrastructure

Basics of Access Management for IT Web Infrastructure


Access management, or web access management, is a part of identity management that defines access to resources on the web, using techniques like authentication and authorization to determine a user's identity. It makes access to resources and information easier by providing a one-time sign in, and defining different roles to different users depending upon the extent of access they have been provided. In larger websites, a single sign-in after proper authentication and authorization allows users to access other parts and resources of the website as well. Usually, the SAML protocol is used to interchange secure information between the servers.                

In most cases, like in emails or social networking websites, it is done by asking for a username and password but in more secure environments, like internet banking, access tokens are provided to generate a one-time password. In a networking environment access management becomes imperative, given the security and privacy concerns. Social media websites make heavy use of access management, by determining what part of a user's profile has to be displayed to which section of the user's network.

How Is It Implemented?
Access management is a type of identity management, which in turn falls under the umbrella of IT security, and therefore it uses the fundamentals and concept of identity management. The sign-in is a two-step process, which includes:
  • Authentication: This proves the genuineness of the user's identity, and
  • Authorization: This determines the extent of access to be given to the user.
After this process is complete, further services may be implemented and provided by the IT staff, like:
  • Auditing: This enables a log creation that records the log in details and history of a user, the attempts of a user to gain access to the resources, and any successful/unsuccessful attempts to perform administrative functions.
  • Reporting: This gives a report of all the access-related activities to the IT staff and the user (optional).



How Does It Work?
Access management works in two ways, depending upon its architecture. The two types of architecture are:
  • Plug-in (also known as web agent)
  • Proxy
Plugins are different programs installed on a particular server and are implemented each time a request is made for a particular webpage. This type of architecture is customizable according to the exact needs of a web server. The major drawback of this type of architecture is that a different plugin is required for each type and version of a server for different platforms. Proxy servers, on the other hand, route all the requests to the back-end application server through a proxy server.

How Does It Help?
Many a time, it could be hassle for users to provide their login details and extensively authenticate their credentials on multiple websites during the course of a day. Access management software helps them store their credentials securely, thereby providing them with a cookie, which is a temporary token, for authorization to all the protected resources with a single sign-in. This not only saves a lot of time and effort for the users but also streamlines the entire process for the IT staff.

Is It Costly?
The purchase price may be significant, but after that the maintenance price is negligible as compared to the purchasing price. Many a time, high-end hardware is needed to effectively execute access management software, because the response time needs to be quick or else the website risks losing visitors the next time. Hidden costs include centralized administration and regulatory compliance. It needs to comply with major audit requirements in order to provide firewall-like security.


Author: Arun Mehta
Source: Link