There are some interesting analogies between performance management applied to organizations and performance management applied to computers.
In both cases, performance metrics are crucial to success. In organizations, what we reward gets measured, and what gets measured can be more efficiently and effectively done. In our computers, what we decide is important gets measured, and those measurements can help us drive to increasingly effective and efficient performance.
Computer metrics apply to a broad range of disciplines and needs, including needs like:
- Improved power efficiencies
- Lower heat generation
- Smaller footprint and lighter weight
- Higher reliability
- Multi-threaded execution
- Continuous availability
- Enhanced security
- Enhanced information assurance
- Enhanced agility in the face of change
- Enhanced ability to ensure compliance
Metrics in these areas drive improvements, but they also help drive decision-making, both by the IT management team and, when done appropriately, by automated management computer systems. Just as agile, high-performance organizations can rapidly assess metrics and drive decision-making based on them, the agile, high-performance IT enterprise can leverage metrics to drive decisions and actions. Automated remediation of problems and automated implementation of new policies are only possible with well through out, integrated metrics solutions.
Well thought out metrics solutions also provide built in ways to measure compliance with directives and regulations, including:
- SOX: The Sarbanes-Oxley act of 2002, which establishes many standards for public companies, including internal controls for assuring the accuracy of key data and audits on key information.
- FISMA: The Federal Information Security Management Act of 2002, which bolsters computer and network security in the federal goverment and many contractors.
- OMB M06-16: A security checklist coordinated by NIST and promulgated by OMB.
- FDCC: Federal Desktop Core Configuration, NIST coordinated, OMB mandated requirement for 300 settings on each Windows XP and Vista computer.
- SCAP: Security Content Automation Protocol, a US government multi-agency initiative to enable automation and standardization of technical security operations. SCAP is the method for using specific standards to enable automated vulnerability management, measurement and policy compliance evalation.
Compliance with these and related directives, and compliance with the governance guidance of the enterprise CIO and CTO, are good governance. This sort of compliance can be automated with tools like Triumfant’s compliance manager, and when automated generally provide a very rapid return on investment (ROI).
My conclusion: in this case, the computers in your enteprise should be treated like an optimized organization: use metrics to enable compliance, agility and continually improving performance. And use those metrics to drive decisions, and automate the entire process to the greatest degree possible.
For more on this topic also see: http://ctovision.com/2008/08/compliance-enhances-it-support-to-the-mission/
