In this third part of this blog on the importance of change management, we continue to look at risk mitigation and consider compliance and regulatory issues that may impact our change activities
How could you mitigate this risk? You could stock 50 or 100 spare drives or you could take a gamble and hope they don’t fail. Neither of these are advisable options because they would either require you to stock an unnecessary amount of equipment before you knew it was needed, or it could cause you to assume unnecessary risk without any mitigating strategy. It would be wiser for you to follow this strategy for an event such as a large server migration.
Bundle the servers that need to be migrated into groups of 5 or 10, or whatever is reasonable, depending on how many are being migrated. For example, if you are a global financial organization with 500 servers, then maybe you create 10 groups of 50. If only 50 servers must be migrated, then maybe create 5 groups of 10 servers. The reason for creating these groups is so that you can submit change requests to cycle off each server for a short period of time and then bring it back online. In this scenario, you would do this for one group each weekend or whatever interval makes sense for your organization.
Your objective is to power down each server to be migrated and then bring it back online. By doing this, you will have likely addressed 80%–90% of any hardware failures that might have occurred during your server migration effort. This not only addresses pending failures throughout your datacenter, but also, more importantly, drastically reduces the possibility of hardware failure during the actual migration.
As with all changes, you must follow the formal process for these ‘power downs’ and coordinate with your business partners. I assure you that your business partners will appreciate your forward thinking and risk-mitigation efforts as part of your readiness for the larger migration.
Compliance & Regulatory
The reality is that we live in a world of regulations and rules. Although few of us like restrictions, we appreciate the outcomes in the form of safety and quality. Change management is a major player in ensuring you meet compliance and regulatory requirements. Think of the mechanic who wanted to change the bolt in that engine-mounting block without any validation or impact assessment. What if the bolt was of a lower quality and did not have the strength and material minimums needed to hold the engine in place? Would you want to buy that vehicle for your son or daughter and risk it failing in the middle of the night on the expressway? Of course you wouldn’t, because it could have caused an accident and injured them. That downstream impact is what the controls of change management, with the support of configuration management and its configuration management database/system (CMDB/CMS), try to avoid. The quality and/or safety of your organization’s end products/services are affected by the change management controls you ensure with your process. Don’t minimize their value just because others see them as a hindrance to productivity.
The days of IT thinking it was its own entity and of the business thinking that IT was just a necessary evil are long gone, or at least they should be. Sadly, some companies still don’t understand that neither can survive without the other. A business in this era cannot operate without some level of IT, and IT has nothing to produce if it does not have a business partner. There can no longer be an ‘us’-and -’them’ mentality because both will fail. Change management plays a vital role in how both succeed and grow, or shrink and expire. .
When applying change management concepts to your organization, think of how they help bring better quality and reliability to the products your organization delivers to its consumers. Think of how you may have helped your organization achieve industry recognition for the highest safety rating. Think of how you contributed to the better quality of life for that individual whose X-ray detected the spot on his or her lung early enough to be removed successfully. Yes, that could have been your software or hardware that was fully tested and governed by change management, so as to ensure that no unauthorized changes were made, potentially compromising the quality of the image. Your change management process makes a difference one way or another. Do you want to it to be a positive or negative difference? The choice is yours.
Latest posts by Carlos Casanova (see all)
- Is Blockchain the Missing Link in Securing Internet of Things? - February 21, 2019
- Understanding the Active Cyber Defense Certainty Act – Should Companies Be Allowed to “Hack Back”? - December 7, 2018
- Cybersecurity – We Still Have a Long Way to Go! - July 24, 2018