Change Management Skip to main content

Gartner Forecasts Security and Risk Management Spending in India to Grow 12% in 2024

  GenAI-Driven Attacks Require Changes to Application and Data Security Practices and User Monitoring End-user spending on security and risk management (SRM) in India is forecast to total $2.9 billion in 2024, an increase of 12.4% from 2023, according to a new forecast from Gartner, Inc. Indian organizations will continue to increase their security spending through 2024 due to legacy IT modernization using cloud technology, industry demand for digital platforms, updated regulatory environment, and continuous remote/hybrid work. “In 2024, chief information and security officers (CISOs) in India will prioritize their spending on SRM to improve organizational resilience and compliance,” said  Shailendra Upadhyay , Sr Principal at Gartner. “With the introduction of stringent government measures mandating security breach reporting and digital  data protection , CISOs are facing heightened responsibility in safeguarding critical assets against evolving cyber threats.” Gartner a...
Post a Comment

Change Management


Details
Published on Sunday, 09 January 2011 16:41
Written by Craig Sutherland


Technology updates and upgrades are part of the IT infrastructure life cycle. However despite the best intentions of the person(s) responsible for changing upgrading or modifying a system or solution, deploying changes can be one of the most difficult challenges IT teams face. Often resistance to change comes within the organisation itself, which is risk adverse, getting stakeholders onboard with a major change sometimes requires substantial skills in people management.  That being said, this article describes the necessary steps to execute an effective change within any IT operations department.



                            The components of a successful change management practice should include as a minimum:



1. Reason for the change 5. Resources needed to complete the change
2. Benefit to the end user 6. A secure back out plan if the change is not successful
3. Disruption to the business 7. Change approval
4. Time required to complete the change


Changes of any type should be conducted outside normal business hours, or at times when user traffic is at its minimum. If you are operating in a managed service model, where alarm monitoring occurs, the change needs to include acceptance from the network operations supervisor, if it is going to create management alarms. At times, change management is required to correct issues in software or hardware configuration.



The ability to track those changes for auditing purposes becomes necessary, especially in the event of a roll-back or back-out due to unforeseen failure. Ensuring availability of server logs or system state information becomes critical if an organisation uses automated change agents within the network. In case of large networks, automating the process of distributing software updates or configuration changes can save hundreds of man hours over a calendar year.

However, evaluating whether the change was completely successful will depend on the quality of the available audit information. Most network change management suites consist of a modelling application that allows organisations to build the complete network in a virtual environment that runs the exact same configuration as the live network.

This allows the simulated deployment of a complete configuration change to be evaluated before it is committed to the live network. If your organisation doesn't have the luxury of a fully automated change suite, or the type of planned change cannot be simulated then the following steps can be followed to realise an effective network change.

Reason for the Change
Regardless of the change you are planning, it is important to inform all the relevant parties involved the reason for the change. Usually the reason will determine when the change will occur, and will be dependant on it's importance to the users of the system. Usually taken for granted, but here are the questions which will be asked.

Is an outage required? Can the change occur without outage?
What is the benefit/impact to the end user?
Can the change be merged with other planned change events?
How critical is the change?

If the change is major, it is important that sufficient resources are allocated beforehand, usually a project manager or some other responsible person should produce a change plan which all stakeholders can agree upon.

Change Risk Register
Many change requests have dependencies which can affect the overall change, sometimes the simplest things can cause a planned change to completely fail, such as site access, or cable length being too short. The risk register should contain a list of concerns which the initial stakeholders provided during the initial meeting. It is critical that open items on the risk register are closed or satisfied before the actual change occurs.

Responsibility Matrix
This is simply a list of who, what and when. Prior to the changes, many things must occur first. For example, purchase orders may have to be raised for external resources, equipment may require purchasing and some additional planning may be required. The responsibility matix covers the task and when it must occur. Make sure names of people are recorded by each task and a completion date is also included.

Change Simulation
Depending on how critical the change is, it may require evaluating in a test environment first. This can be useful to determine how much time is required to effect the change, and to iron out any unforeseen problems beforehand. A change to swap a copper ethernet connection to fiber is an excellent candidate for change simulation especially when redundant connections are involved, and fail over doesn't work as expected.

User Notification
Communicate well in advance with the end users, is vital to any successful change. Multiple announcements should be sent to affected users by email, and should contain as much information as possible, but as a minimum must include.
Reason for the Change
Benefit to the user
The outage time

The Backout Plan
Change management is a bit like robbing a bank, usually it happens in the middle of the night and there is only a short amount of time. There needs to be hard time limits attached to each activity. Ultimately it is the project/change manager who decides to execute the back out if the change exceeds 75% of the allotted time. Questions to ask stakeholders regarding the backout plan prior to the change.
Can we provide 100% service restoration in the event we have to back out?
What logs or information can be captured to report to management as to the reason for back out execution?
Is there a point of no return where the backout plan is ineffective

Change Closure Report
This final aspect of most changes is often overlooked. It should be included especially if similar change events are planned for the future. The report should include a list of events which went well, events which proved difficult, and events which could be done better next time.

Comments

Post a Comment

Popular posts from this blog

Mobile Phones Sales Plummet

Details Published on Thursday, 16 August 2012 06:34 Worldwide sales of mobile phones reached 419 million units in the second quarter of 2012, a 2.3 percent decline from the second quarter of 2011, according to Gartner. Smartphone sales accounted for 36.7 percent of total mobile phone sales and grew 42.7 percent in the second quarter of 2012. "Demand slowed further in the second quarter of 2012," says Anshul Gupta, principal research analyst at Gartner. "The challenging economic environment and users postponing upgrades to take advantage of high-profile device launches and promotions available later in the year slowed demand across markets. Demand of feature phones continued to decline, weakening the overall mobile phone market. "High-profile smartphone launches from key manufacturers such as the anticipated Apple iPhone 5, along with Chinese manufacturers pushing 3G and preparing for major device launches in the second half of 2012, will drive the smartpho...
257 comments
Read more

Now facebook hit with international class action privacy suit

An Austrian privacy activist has launched a wide-reaching class action suit against Facebook Ireland for breaching European data protection law. Anyone outside of the US and Canada can join activist and law student Max Schrems' suit via the website fbclaim.com, since they will have signed up to Facebook's terms and conditions via the Dublin-based European subsidiary. That amounts to around 82 percent of all Facebook users. After being live for just one hour, the site has collected 100 participants. The suit is seeking damages of €500 ($537) per user, and injunctions to be levied on the company for the following breaches:     Failing to get "effective consent" for using data     Implementing a legally invalid data use policy     Tracking users online outside of Facebook via "Like" buttons     Using big data to monitor users     Failing to make Graph Search opt-in     The unauthorized passing of use...
1 comment
Read more

Cabling and Data Explosion

Details     Published on Tuesday, 13 November 2012 05:39 The explosion of 'big data' and the seemingly limitless demand for bandwidth are driving trends in today's IT-centric world. The 'faster, better, most cost effective' mentality has led enterprises of all sizes to closely scrutinize their communications networks and networking infrastructure. network-cables The need to deploy high speed network backbones that meet future requirements, while simultaneously reducing costs, present conflicting interests. With the need for higher bandwidth and flexibility for growth, organizations are looking at the network's physical layer and its overall life cycle as a capital investment that is essential to the business. Throw into this conundrum the increasing focus on sustainability and the task of designing a network high-performance, high-efficiency network seems almost insurmountable. Addressing efficiency at a physical infrastructure level has fueled the growing ado...
1 comment
Read more