Managing information technology has been, and still is, a significant challenge for both enterprises and their service providers. The Information Technology Infrastructure Library (ITIL), developed almost 30 years ago by the UK Government, has helped by providing a management framework and process guidance which have become de facto standards. Numerous ITIL-aligned products are now available (ServiceNow and BMC Remedy, for example) and many IT practitioners have been trained and certified as ITIL experts.
The 2011 updates to ITIL preceded the advent of cloud-based solutions and agile development. As a result, Axelos, the company that oversees ITIL progress, has decided to publish a new update in 2018. The press release states that “While building on the established core of best practice in the existing ITIL guidance, the update will offer new and explicit practical content focusing on the optimum integration of ITIL with complementary practices, such as DevOps, Agile and Lean.”
Some experts, however, believe ITIL has passed its “best before” date and should be phased out. The question is whether ITIL is still relevant, still provides value and is a suitable foundation for the next generation of IT management and, if not, then why not?
The modern IT environment
To answer these questions, it helps to consider how the IT industry has evolved since the late 1980s when ITIL v1 was first published. A quite dramatic change has occurred since the days of mainframes and minicomputers – ‘modern’ IT is now service-oriented, software-driven, distributed, virtualized, containerized and increasingly automated. Enterprises are combining traditional systems with private clouds, public clouds, hybrid clouds and multi-clouds, all of which add to the overall complexity of IT operations and administration. Modern IT infrastructure can also helping to accelerate the pace of change by enabling more flexible and responsive methods of software development and deployment. To support this change, IT managers must increase systems agility, security, scalability, automation and intelligence, while also distributing day-today control across multiple service providers. It’s not surprising that ITIL needs a re-fresh!
According to Kurt Milne, a marketing manager at Cisco, ITIL represents an era when change was the biggest cause of failure and strict change control was needed to protect IT operations. Uptime was the key performance indicator. But modern IT environments, using Kubernetes with microservices and containers, for example, are now enabling an IT model that supports continuous change, automated deployment and replaceable components. Rather than debug software in production, it can be replaced at the component level – something that could not be done easily with large monolithic applications.
The diagram below was used in ITIL 2011 to illustrate the relationships between ITIL’s core guidance topics. The implied model is functional and siloed, i.e., a model based on a sequential plan-build-deploy paradigm. Today, “mass collaboration” using agile methods and team-based DevOps projects is changing the management model.
The debate among experts is around how to modernize ITIL processes to accommodate more complex, multi-provider management solutions involving multiple service providers. For example, an IT department that uses a static CMDB (Configuration Management Database) as an inventory for on-premises, enterprise-owned resources may not use it for a cloud-based virtual infrastructure that expands and contracts rapidly. Management may also need to be coordinated across multiple owners and operators. For instance, a service provider’s infrastructure management system and the cloud customer’s application management systems should be connected (see the diagram below).
Since traditional systems will remain with us for many years, new processes will need to interwork with the old ITIL processes to provide overall control and high quality of service through a period of rapid change.
ITIL as a management framework
In a January 2017 blog discussing ITIL and DevOps, industry-expert Charles T. Betz acknowledged the importance of ITIL to the industry, but identified difficulties that still need to be addressed if ITIL is to remain relevant. For example, he indicated that the ITIL service lifecycle implies a “sequential, plan-centric and deterministic” approach that does not accommodate iterative design and continuous deployment. He defined “he most fundamental problems with ITIL” as “its failure to address the critical importance of managing work in process, batch sizes, fast feedback, multitasking, and queues (e.g. processes).” ITIL processes depend heavily on the CMDB, but this can be problematic with cloud systems in which resources are not dedicated to one customer.
As a model for modern IT management, ITIL can still provide useful guidance – the basic topics remain much the same. For example, the ITIL Service Transition phase includes change, configuration and release processes, while Service Operation includes incident, request, access and application management processes. These are all still required for modern IT; however, detailed activities will change. ITIL’s success is based primarily on its being non-proprietary and non-prescriptive in its use of “good” practices (the best available at the time).
Other frameworks are also being developed that aim to improve upon ITIL, but do not need to be evolutionary. The Open Group, for example, has developed the IT4IT reference architecture which is described as “a standard reference architecture for managing the business of IT. It uses a value chain approach to create a model of the functions that IT performs to help organizations identify the activities that contribute to business competitiveness.” Another is VeriSM which claims to be a “Service Management approach, specifically tailored to support organizations to help them succeed in the world of digital services. VeriSM helps organizations to define their service management principles. These principles will be relevant to all products and services, and include areas like security, quality, cost and risk.”
Relevance of ITIL to modern IT
Modern IT requires an expanded range of management capabilities as is illustrated in the diagram below (this is not an exhaustive list of topics, however!). Three levels of management need to be considered: managing the systems from multiple providers, managing the services that combine multiple components, and managing the endpoints (users and “things”) that access the services. ITIL currently addresses some parts of each level.
The allocation of roles and responsibilities will also change when cloud-based environments are added to the mix. One example is the responsibility for service design: the definition, description and cataloguing of what will be delivered is still required, but this may be based on a service provider’s service offering instead of an on-premises customized solution. In this case, the internal IT department takes on the role of administrator or broker, rather than developer and provider. Service transition functions would also be the service provider’s responsibility as would many day-to-day operations activities. The ITIL modernization program will include a re-examination of the management use cases.
So, back to the original question – is ITIL still relevant and useful? – the answer will be YES at the topic level, but the processes will be used only if they can address today’s need for dynamic multivendor operations, rapid service adaptation, software-defined resources, multi-tenant operation and multi-enterprise integration.
As Kaimar Karu, previously Head of ITSM at Axelos, stated: “Let me be clear: ITIL is no silver bullet. It can't be the exclusive answer to every IT challenge you have. It provides you with a mindset, a structure, and a common language. It helps you see the bigger picture of the interdependencies and improvement opportunities within your system.”