Robbert Kuppens, global CIO of The Boston Consulting Group, describes how changing the company's IT operating model to an IT-as-a-Service took more than a policy change. It took a mind shift.
Companies that provide services to their paying customers tend to know a lot about those services, end-to-end across their value chain. They know how much it costs to deliver them, how to price them, the risk and reward of bringing in new services, and the costs of providing customer support.
Why should IT, which provides a whole array of services to its internal customers and in many instances, also external customers, be any different?
That's the approach that Robbert Kuppens, global CIO of management consulting firm The Boston Consulting Group (BCG), takes. He recently introduced a new services operating model for his IT organization.
"IT can learn from what manufacturing figured out years ago," Kuppens says. "If you deliver a product that is composed of different components, you know the total cost of goods sold (COGS). Why should we treat IT any differently?"
Align business value and IT costs
Whether we are talking about hardware, software, or labor, IT is a chain of different components, each with a specific cost. The more known and predictable those costs, the better CIOs and their colleagues can manage them and align them to the company's strategy and the value IT brings.
"Historically, it was, 'I'll give you a laptop and you can send an email with attachments and access applications via a Web browser'," says Kuppens. "Today, as the whole world moves to 'as-a-service,' IT does so much for its business that we need to be more predictable about how we deliver value against costs. Our operating model has to reflect that change."
With the complexity of the IT services supply chain and the importance of IT to business strategy, says Kuppens, "IT organizations would be well advised to move to an IT-as-a-service model. Like it or not, more and more of the services we deliver as IT will be a combination of our own 'as-a-service' capabilities and services that we obtain from SaaS, DaaS, PaaS and IaaS vendors. Our challenge is to plan and architect these services, devices and data so that they are aligned to the overall strategy of our business. We need to and provide the right services, apps, and data to the right people and devices at the right cost with the right experience."
Classify IT capabilities
The first order of business when shifting to a services model is to develop the ability to delineate between commodity and differentiating IT capabilities. "If we are going to deliver the right IT services at the right cost," says Kuppens, "then we have to know (1) which services need to be world-class, meaning our service is better than anyone else's; (2) which need to be best-in-class, comparable to other professional services firms, and (3) which are next-in-class or commodity."
For most of their IT capabilities, BCG uses a "smart follower" strategy, but as a high-end consulting firm, knowledge and experience management has to be world-class. "Any time an employee joins BCG, we start capturing their area of expertise and the content they create in a knowledge management system, so that we can manage and enrich the knowledge and experience of the very bright people we attract," says Kuppens. "In order to compete and keep attracting the brightest people, we need to be better at that than everyone."
How BCG goes about securing their information may be a best-in-class capability, for example. They do not need to spend as much as, say, the NSA, for whom securing information must be a world-class capability. Provisioning laptops for new employees is non-differentiating; it's a commodity, but the type of laptop provided needs to be best-in-class.
IT service capabilities roadmap: Standard, alternate, exception, prohibited
Once you categorize services across your value chain, you are ready to build the roadmap for each service to validate that categorization with the business. Perhaps you are best-in-class at customer engagement, but your business goals require you to be world-class. Maybe you spend too much on network performance which, for your firm, is a commodity. Finally, to drive scale and flexibility the BCG IT team defines for each service what offering is standard, alternate or exception. Thus allowing for agile innovation to happen whilst maintaining scale for manageability, serviceability and overall cost.
While you are busy developing that roadmap, you should also take a hard look at all facets of your IT organization. "If you want to be an IT-as-a-Service organization, you have to look at your governance, operating model, people, technology platforms and the key metrics that measure the success of those services. You need to view these as the five areas of your balanced scorecard to keep track of progress," says Kuppens.
Changing your IT team's mindset and composition
Kuppens and his team leveraged both BCG's Technology Advantage (TA) methodologies and frameworks, as well as his experience from Cisco and other best practices across multiple industries. Leveraging the IT Capability Maturity Framework (CMF), developed by the Innovation Value Institute, the team looked at 40+ core processes and assessed their level of competence for each, on a scale of one to five. This helped the team to figure out how they were performing against the roadmap.
At the same time, Kuppens delivered a new message to his team. "I told them that their job description was about to change," he says. "Instead of being the provider of the laptop, you are the provider of that service." This meant that his team would learn to conduct a new kind of analysis of their services and also increase their own digital maturity.
What is the cost of the laptop including all software and time needed to secure the device at the level required for BCG? What does it cost to provision the service? Based on that, what is the total cost of delivering a laptop to a new employee? What is the quality of the laptop against its cost? What would be the total cost of ownership if we outsourced laptop provisioning, whilst delivering the high level of service and security our consultants and clients expect?
Adopting a service mentality for a team that has traditionally thought of IT as projects, systems, or products can be a hurdle, and requires some education about what service ownership means.
All service owners, the framework suggests, should take a "3x3" view and understand the following about their IT service:
Vertical (or stack) 3:
- What is the user experience? What devices will the service be used on? How will it be used, by whom and where?
- What application or middleware does it run on?
- What is the infrastructure involved? Has it been dimensioned for the expected number of users or devices? How does it scale?
The horizontal 3:
- Is it appropriately secure to the standards we use at BCG to secure ours and our clients' intellectual property?
- Is it serviceable? Or is it a one off point solution without any required service?
- What impact does it have on the architecture? What are the dependencies across the services? Is there a committed roadmap for this service?
"If you don't ask these '3x3' questions about every IT capability and service, you risk getting siloed," says Kuppens. "Your architecture person might think about the architecture, but not about security; the security person might not think about the end-user experience." The new approach ensures that people across the organization started connecting the dots themselves as they become a key part of the overall end-to-end service.
Beginning in 2017, all service owners use the "3x3" analysis as a performance metric. "My IT team and I have quarterly service reviews and the service owners report on quality, user experience, risk profiles, cost metrics, scalability, and architectural requirements," says Kuppens.
Kuppens offers some advice to CIOs on the journey to a services model: "Don't underestimate the mindset shift that your IT team will go through to get to the new model," he says. "Me telling them they will have a new performance metric on the first day of 2017 would not be fair if I hadn't educated them or updated our overall career framework reflecting the new roles and responsibilities." Kuppens provides ongoing training to get people acquainted to the new culture and operating model and the career framework is step-by-step updated whilst also bringing in new people with ITaaS operating model experience.
The next step is to ensure everyone at BCG understands this new model, not just IT. "We have some smart people across the company who will ask someone they know in some startup to develop a new app for them," Kuppens says. "We tell them, 'Fine, but make sure to do the 3x3. Is it secure and serviceable? Will it break our architecture? What is the user experience? Can we run this on AWS or Azure? What is the expected uptime?'" If the new application or data business case passes the basic 3x3 demand-clearing assessment, the business can move forward with IT's oversight.
Having now adopted the services framework, BCG's IT organization is finding a reduction in shadow or stealth IT, but more importantly a higher level of understanding throughout the firm that not having the right level of security isn't an option. According to Kuppens, "The services model and the 3x3 check helps us work together to innovate at scale while keeping us secure."