Metrics for the Internet, Information Technology,
and Service Management

Over 540 Objective
Metrics Defined
83 Graphical Metric Reports
show over 240 metrics

Compliant with ITIL
ISO 20000
IT Service Management

IT Metrics are not understood by many business executives.  What non-IT business execurives often focuses on is the one metric that they understand - the cost of IT.  This in turn leads to a continuous cycle of IT budget reductions.

Most IT metrics efforts lack relevance to the business and are not well linked to business outcomes. They tend to be IT focused, such as WAN availability or server downtime. It is difficult for the business to understand how these measures relate to its objectives, and they provide little insight into the value that IT delivers.

CIOs must create a scorecard and service level agreements that:

• Relate to the enterprise and its management team. Server availability, network throughput, help desk call volumes, capacity utilization, and other IT operational metrics are not relevant to business executives. These types of metrics need to be translated into something enterprise management understands, such as availability of business applications or the cost to support a business area. The IT-operational metrics should be kept within IT unless they can be put in enterprise terms.
• Relate to the enterprise strategic and tactical objectives. Enterprise executives are concerned with introducing new products and services, improving customer loyalty and satisfaction, increasing gross margins, and growing market share. IT metrics must be linked directly to these enterprise objectives, specifically demonstrating how IT initiatives contributed favorably to improving them.

Effective SLAs are extremely important to assure effective Information Technology operations. The metrics used to measure and manage performance to SLA commitments are the heart of a successful agreement and are a critical long term success factor. Lack of experience in the use and implementation of performance metrics causes problems for many organizations as they attempt to formulate their SLA strategies and select and set the metrics needed to support those strategies. Fortunately, while reaching for perfection is difficult and costly, most organizations can achieve their objectives through a carefully chosen set of simple-to-collect metrics. Hopefully, this paper provides some insights into the "whys" and "hows" of this selection process.  The Metrics HandiGuide is the tool that can be used to accomplish that task.

At the heart of an effective Service Level Agreement (SLA) are performance metrics and they

• Measure the right performance characteristics to ensure that the client is receiving its required level of service and the service provider is achieving an acceptable level of profitability
• Can be easily collected with an appropriate level of detail but without costly overhead, and
• Tie all commitments to reasonable, attainable performance levels so that "good" service can be easily differentiated from "bad" service, and giving the service provider a fair opportunity to satisfy its client.

The Metrics for the Internet, Information Technology and Service Management HandiGuide is over 300 pages, defines 540 objective metrics, and contains 83 metric reports that show over 240 objective metrics.

Operational Improvement Opportunities as defined by
CIO, CTO, and CEO

The metrics cover all areas of the Internet, Information Technology, and Service Management -- including WIRELESS metrics which in turn includes mobile broadband specifications.  In addition, there are industry specific examples for financial services, distribution, manufacturing, education, entertainment, government, hospitality, insurance, medical, real estate and retail. 

• Organizational responsibilities defined
• Metric process, design, and definition of 540 specific objective metrics
• 83 sample metric reports - includes over 240 of 540 objective metrics
• Graphic data presentation rules
• A full metric report package is defined - a template you can use right away
• Wireless metrics examples are featured
• Updated to comply with Sarbanes-Oxley

Sample Metrics Reports in Graphic Format

Click on the individual images above to to enlarge

Metric and IT Measurement News

Internet Misuse Concerns CIOs

When employees and enterprise associates misuse the Internet there are ramifications for and to your enterprise:

• Higher operating expenses and reduced productivity
• Exposure to security problems such as malware
• Exposure to legal risks due to inappropriate material  
• Wasted bandwidth to support the misuse
• Unlicensed software when users download and install software from the internet
• Reputation risk from social networking which can create opportunities for employees to leak confidential information or spread damaging rumors online

Expenditures Closely Watched by CIOs and CFOs

In today's economy, all purchases are carefully scrutinized to ensure that each new piece of hardware and software can produce a rapid return on investment (ROI). However, even attractive and accelerated paybacks are not enough to justify additional expenditures as cautious CIOs and CFOs must continue to slow their technology spending in order to ensure weathering the current economic conditions.

According to an annual survey of top CIOs from multinational Fortune 1000 companies conducted by Goldman Sachs & Co., networking equipment emerged as one of the greatest potential areas for cost reductions in 2009. The CIOs surveyed also indicated an intensified focus on projects involving total cost of ownership (TCO) reductions, such as server virtualization and server consolidation. Faced with severe budget constraints, many CIOs also are delaying product upgrades and technology refreshes, despite the fact that OEMs continue to release next-generation products in increasingly rapid-fire succession.

As a result, increasing numbers of corporations are embracing asset recovery strategies as part of their recession survival tactics. Corporate network budgets, in particular, can be willing recipients of a welcome boost from asset recovery since high-end routers and switches retain more value than many other types of hardware. The keys to maximizing the value of surplus technology in a down economy are determined by how, when and where to offload unwanted gear as well as identifying the partner that can offer top dollar for extraneous equipment along with unparalleled responsiveness and superior customer attention.

Metrics Key to CIO Success

CIOs frequently ask what IT should measure and report to business executives. The key to success is choosing a small number of metrics that are relevant to the business and have the most impact on business outcomes.  The basis for  metrics that work are that they meet the criteria for relevance and impact are investment alignment to business strategy, business value of IT investments, IT budget balance, service level excellence, and operational excellence.

Metrics should form the core of an IT performance scorecard and should center around:

• Alignment of IT initiatives, investments, and operational support to the strategy of the enterprise
• Value added that IT brings to the enterprise
• Cost of new initiatives versus the cost of maintenance of existing processes
• System availability and ease of use
• Health of systems and IT function

Easier to Cut Salaries than Lay-off Staff

Here's the good news: While companies certainly have laid off huge numbers of employees since the economy first started to implode, it appears many of them are doing everything they can to minimize the number. From the Challenger, Gray & Christmas, Inc. press release:

... employers announcing job cuts have initiated more cost-cutting measures than employers that have not cut payrolls. Companies that made permanent job cuts averaged an additional six cost-cutting measures. Meanwhile, companies that have avoided layoffs averaged less than three cost-cutting measures.

"There is a perception out there that some companies have not made sufficient efforts to avoid layoffs by making cutbacks in other areas. This perception is fueled, in part, by a handful of examples of companies announcing job cuts while, at the same time, rewarding top executives with large salaries, bonuses and extravagant perks. However, these examples represent the exception," said Challenger chief executive officer.

"It would also be a mistake to assume that companies avoiding layoffs are doing so out of kindness. While forging good will is certainly part of the decision for some companies, many have simply cut to the bone already or never fully ramped up after the last downturn. Other companies may have more workers than they need for current business levels but are reluctant to enact widespread layoffs, knowing that a recovery will mean recruiting and training all new workers.

"This may be why we have seen an increase in the number of companies cutting salaries and other perks. It is a lot easier to restore compensation and benefits than it is to re-hire and re-train workers when the economy improves."

PCI Compliance Has Benefits Beyond Mandated Requirements

PCI compliance is used as a basis for guidance on fulfilling management responsibility in relation to audits, and information on ensuring continual improvement of IT security efforts.  There is merchant confusion about all of the PCI DSS’s six main themes: Building and maintaining a secure network, protecting cardholder data, maintaining a vulnerability management program, implementing strong access control measures, monitoring and testing networks, and maintaining an information security policy.

PCI as a robust security standard has potential benefits beyond its immediate requirements. A generic application of its principles can fulfill other regulatory requirements for information security and privacy.  PCI compliance is mostly information security best practices. However, there is quite a bit of devil in the details of the PCI requirements. There are over 250 detailed testing procedures.

Penalties for noncompliance include higher transaction processing fees, fines, and, in extreme cases, denial of credit card processing capabilities. Violators also face legal fees, civil lawsuits, customer rejection and related revenue loss, and other costs and losses.  Understanding the PCI authority structure is important in maintaining control over PCI strategy and audits.

The PCI DSS security requirements apply to all "system components." A system component is defined as any network component, server, or application that is included in or connected to the cardholder data environment. The cardholder data environment is that part of the network that possesses cardholder data or sensitive authentication data. Network components include but are not limited to firewalls, switches, routers, wireless access points, network appliances, and other security appliances. Server types include, but are not limited to the following: web, database, authentication, mail, proxy, network time protocol (NTP), and domain name server (DNS). Applications include all purchased and custom applications, including internal and external (internet) applications.

Virus Targets Federal Law Enforcement

Federal law enforcement systems have been targeted by a virus. The FBI and the U.S. Marshals Service were forced to shut down parts of their computer networks after a mystery virus struck the law-enforcement. The virus' type and origin are unknown, but spokespeople for both agencies said agencies' access to the Internet and e-mail was shut down while the issue was evaluated.

The U.S. Marshals confirmed it disconnected from the Justice Department's computers as a protective measure after being hit by the virus; an FBI official said only that that agency was experiencing similar issues and was working on the problem.

In addition to their external networks, most federal law enforcement agencies have an internal-only network to prevent cyber-snoopers from sensitive data. Government regulations require agencies to report any security issues to US-Computer Emergency Readiness Team (US-CERT).

To protect networks and information against increasingly sophisticated threats, many organizations are deploying security in layers. Some are finding that an efficient way to do this is by using unified threat management (UTM) appliances. 

Office 2000 is at End of Life

Microsoft told Office 2000 users that it will discontinue security updates for the aged suite in July as it drops all support for the software.

At the same time, the company also reminded users that it's dumping the Office Update site at the end of July, part of an effort to streamline update options.

Office 2000 falls off the support list on July 14 -- which is also Microsoft's "Patch Tuesday" for that month -- as it leaves what the company calls "extended" support. From that point on, Microsoft will no issue fixes, not even ones for critical vulnerabilities; instead, it expects users to move on to a newer suite.

By policy, Microsoft supports business software such as Office for a total of 10 years, half in "mainstream" support and the second half in the more limited support. Security updates are delivered for the entire 10-year stretch.

Microsoft launched Office 2000 in June 1999.

Security Risk Faced by Business Due to Lost of Laptops

Anytime and anywhere employees, temporary employees and contractors can access and store enormous amounts of confidential data about customers, employees and their organizations’ operations on laptops. When these laptops are lost due to negligence or theft, the data is at risk if the organization has failed to use such safeguards as encryption or anti-theft technologies. Janco recommends implementing and monitoring strong Security Policies and Procedures.

Most executive managements and IT professionals believe the risk of having lost or stolen laptops will most likely increase or stay the same (i.e., not improve) over the next 12 to 24 months.

Business Record Management is Difficult at Best for Many CIOs

However, search engines are optimized to search web pages and documents and they still fall short inside the enterprise when you consider the additional IT assets stored in applications and other real-time sources of information like databases and ERP Systems. These systems remain "unsearchable" by many current search solutions and largely remain the domain of operational reporting and business intelligence software.

IT Metrics

The average company that spends about 1.5% (varies by industry) of its revenue on IT and you are spending a significant amount of money on IT personnel.  Personnel expenses account for the largest segment of your IT operational budget.  Considering both employees (43%) and outside contractors (7%), the average cost of personnel in the IT operational budget is about 50% according to Computer Economics.  The majority of the IT staff spends approximately 80% of their time on:

• Application maintenance and support
• QA and testing
• Application development and migration
• Technical and database support
• Helpdesk support

The remaining time is spent primarily on desktop, network and security support.
Moreover, the average IT operational budget for application software is about 14.5%. 70% of the average application software budget is spent on application maintenance and support, while about 30% of the application budget is spent on new development.