Change management is a vital aspect of how successful organizations operate because it is a form of a control valve for modifications to the environment that, in some way, impact business.
As technology has become ubiquitous in the daily operation of any business, it is ever more important not to underestimate the value that a formal change management process brings to an organization.
The concept of change management existed many decades before the development of information technology. Just look at early production lines and how they operated, consider how ‘modifications’ to the products on those lines were introduced. Do you think that Henry Ford allowed a mechanic to enter the Model-T production plant and change the size of screw on the engine-mounting block because he felt like it, or thought it would be better? No, of course he didn’t. Nor should we allow the Server Administrator to log into a production server and modify settings without proper assessment of risk, approval by business owners, planning for failed implementation and full documentation of the details of the modification.
Change is about business outcomes
IT has, at times, lost sight of the fact that it does not implement technology for itself. It implements technology for some ‘business outcome’ that the organization needs in order to be viable and competitive. If IT takes the approach that it ‘knows better’ and it ‘isn’t a big change’ without taking into account what the business needs and how a failed implementation might negatively impact the organization, then it may be eliminated or outsourced.
If the organization permits this cavalier attitude, then it may find itself losing market share, or worse, it may have to close its doors because it could not deliver products to consumers in a reliable and affordable manner. Regardless of industry or product, everyone wants to acquire and consume products or services with the least amount of hassle possible. If your organization can’t do that, then someone else will.
Let’s look a little deeper into why change management is so important and how it benefits the business.
With a growing dependency on data, nearly every business has become a slave to its ability to access information whenever and however it needs. Without access to data, a business could become frozen and unable to operate. Depending on the business’ industry, this could lead to regulatory and compliance violations, lawsuits and even loss of life.
Imagine, for instance, that you are the IT Director for a national grocery store retailer and it is November 1. For months, your server administrators have wanted to migrate some servers from the old operating system to a newer version. They have been unable to do so because the workload throughout the summer months was too great, and they could never add these migrations to the schedule.
After a series of meetings to discuss the migration, your business partners have given you the approval to plan the server migration; however, before executing the migration, your business partners have asked you to perform some tasks.
Risk Impact Assessment
Your business partners want to understand exactly what servers are affected by the migration. They have asked you to detail for them all the systems that run on these servers and which ones are directly impacted by the changes in the operating system. In addition, they want to know what systems in the enterprise leverage and/or communicate with those servers so they can understand what kind of secondary or tertiary impacts there might be.
These downstream and upstream impacts are the most difficult to assess, because you need to understand fully how these various systems work, the data they might share and the business process cycles to which they are tied. Understanding the full upstream business impact is where configuration management plays a major role. Change management is limited in its ability to perform a comprehensive impact assessment without configuration management. If you want to learn more about configuration management, then I suggest you read the book The CMDB Imperative by Carlos Casanova and Glenn O’Donnell. It does an excellent of job describing the full capability.
Tune into the next edition of this blog on change management as we discuss back-out planning and risk mitigation
Latest posts by Carlos Casanova (see all)
- Is Blockchain the Missing Link in Securing Internet of Things? - February 21, 2019
- Understanding the Active Cyber Defense Certainty Act – Should Companies Be Allowed to “Hack Back”? - December 7, 2018
- Cybersecurity – We Still Have a Long Way to Go! - July 24, 2018