IT Service Management (ITSM) is a concept that is generally thought to apply only to large enterprises. It is typically associated with acronyms such as ITIL, CoBIT and ISO 20000, as well as expensive software solutions that are well outside of the budget of the majority of Small to Medium Enterprises (SMEs). However, at its heart, ITSM is simply the management of the IT environment against a predictable set of best practices, which improves efficiency and effectiveness and helps to reduce risk. These principles can be of enormous benefit to businesses of all sizes, particularly with regard to security, and can be applied cost effectively to offer enhanced value and Return On Investment (ROI).
IT is an important component of any business today, but it can also expose organisations to a number of risks, including data loss, loss or theft of sensitive customer information, a variety of malware aimed at stealing information, and more. Information is at the heart of the modern business, and must be protected. This is even more crucial with the impending enactment of the Protection of Personal Information (PoPI) Act. In a corporate environment, there are typically policies in place to govern what users can and cannot download and install, as well as to ensure that the latest security patches are installed, to minimise the risk of malware being introduced onto a network. In addition, backup and recovery practices are catered for, or even automated. However, this is often not the case in an SME environment, and yet the risk of security vulnerabilities, compromised information and data loss are the same across all sizes of enterprise.
In order to minimise the risk associated with IT – including the risk of data loss in all its various forms – there needs to be structure behind the way that IT is brought to the business. The way the entire IT function is delivered in the SME space needs to be addressed, to ensure that IT staff or outsourced suppliers can focus on delivering value-adding services, rather than constantly putting out fires. Following ITSM best practice protocol provides a proper support structure that assists with mitigating risk and safeguarding information.
For the majority of SMEs, it is not necessary to complete ITIL certification or to pursue ISO 20000 standards. Simply applying best practices in the smaller business, by bringing in certain elements of ITSM, can help to prevent problems from occurring. However, as IT is not the core business of many SMEs, understanding the various elements of the IT environment and how to apply best practices and standards can be a complex task. For this reason, SMEs often use outsourced IT service providers. In the pursuit of ITSM principles, it is advisable to use the services of a supplier with an understanding of both ITIL and ISO 20000 standards, as this will position them to be able to advise and implement the appropriate elements. Some of the aspects of ITSM best practice that are applicable to the SME include updating software and security solutions, ensuring critical patches are in place, standardising software versions and solutions, ensuring routers have secure passwords and more.
There are many components of IT, which typically differ from organisation to organisation, and often a specialist is required to ensure that IT is being maintained according to best practice, especially when it comes to security. By consulting with an expert provider geared towards the SME, smaller businesses can leverage the benefits of predictable IT within their organisation. These include enhanced security, reduced downtime and a stable, safeguarded IT environment. The principles of ITSM outline basic requirements that are necessary for any IT environment, and they can be implemented cost effectively to deliver immediate value to the SME organisation.
Dawie Bloomberg, Managing Director at Green Apple IT