The Evolving MSP

Blog archive

How To Help Customers Move Up on the IT Maturity Model

It's the IT equivalent of alchemy -- magically turning a large cost-center into a big profit-producer for client after client and, by doing so, dramatically increasing efficiency and effectiveness in their organizations without adding capital investments.

You take something often considered to be a "necessary evil" and convert it into one of the greatest strategic weapons in your client's arsenal. And you turn one of their biggest frustrations into your greatest illustration of innovation.

When you speak of alchemy with your clients, you are speaking with them about their business, not technology. You speak of efficiency improvements and productivity gains, and how they translate into profit contributions. More and more clients have come to expect this level of conversation from you. Here's a perfect framework for you to get in front of that expectation.

Measure, Manage and Mature Your Client's Use of Business IT
There are many, many IT maturity models from many different sources that you may want to embrace. Before you begin using this consultative approach, do a survey of as many as you can find. Based on what you learn here, evaluate each of them and determine which one you feel most aligned and comfortable with.

Generally, each IT maturity model will take your organization through the following roadmap:

Level 0: Ad Hoc
Everything must start somewhere, and business IT is no exception. Companies in start-up mode will very naturally purchase computers; they're considered a necessity. But most will do so with very little direction or planning beyond choosing their preferred operating platform and hardware manufacturer. Some formal IT maturity models refer to this as the "chaotic" or "ad hoc" stage.

Level 1: Reactive
Realizing that computer support is draining many people's time, organizations start to put more formal structures in place responsive to their frustrations. Many IT maturity models refer to this as the "reactive" stage. These assignments tend to create IT silos where different departments use different applications, data structures and protocols. Often, the outcome of this is a great deal of firefighting and lost time.

Companies that remain at Levels 0 or 1 for any length of time end up with personnel who are very frustrated with the "IT department," even if there isn't a formal one. They continue to view IT as a "necessary evil" that may often impede their progress.

Level 2: Proactive
Level 2, often referred to as the "proactive" stage, is where the real work begins. It won't be sufficient to simply improve on what was done at Levels 0 and 1. The company will need to learn to do new things, gaining proficiency in new skills like network management, user support planning and standardization.

To be impactful at this stage, the silos must come down and be replaced by standardized platforms, applications, data structures and toolsets. Level 2 shifts from a focus on efficiency to effectiveness. Level 2 is more about business integration than just performance.

Level 3: Defined
At Level 3, the IT department's goals shift to maximizing the value that can be derived from information, technology and technology-based initiatives for the business. People in the business begin to see IT as a service to their department. Most companies implement departmental chargebacks for IT usage at this stage, further incorporating IT into each department's P&L.

Level 4: Optimized
Frequently referred to as the "optimized" or "value" stage, this is the level at which IT must be fully integrated into the actual operation of the business. Usually led by a C-level executive, the Level 4 IT organization's services are inextricably linked to specific business processes. No longer is performance reported in terms of uptime or other technological metrics. Instead, the IT department reports on the success of its business outcomes and contributions to the overall operating profitability of the company.

Here at Level 4, the main concerns are flexibility, business agility, scalability and extensibility to rapidly respond to any new business opportunity IT may be challenged with.

Moving to Successive Levels
The following are suggestions for how to best prepare for each move up the IT maturity model.

Getting from Level 0 to Level 1 requires someone in your organization taking control of IT. Systems will need to be identified to help formalize monitoring and incident handling. Diplomacy will be at a premium as the attempt is made to get leaders of the various silos to work well together.

Prepare to move up:

  • Evaluate existing policies as compared to IT industry policies.
  • Make sure you're fully compliant with government or industry regulations.
  • Provide extensive user training on IT policies to improve governance.

The next step to Level 2 will require greater familiarity with professionally led service management processes and project management.

Prepare to move up:

  • Focus on how you protect your users' devices and your network's endpoints, including not only laptops, desktops and servers, but also tablets and even smartphones.
  • Patching and updating operating systems, applications and security systems are critical. The only thing that can threaten your network more than failing to install a new patch or update is installing one that hasn't been properly evaluated to ensure that it won't disrupt any of your systems.
  • Implement a constant vigil on user password practices. An astonishing proportion of users still uses the word "password," "123456," their spouse's/children's/pet's names or quick fixes like "qwerty" as their password.
  • Some of your servers may need even higher levels of protection.
  • Standardize, standardize, standardize.

At Level 3, fully formalized IT service management (ITSM) processes must be implemented before value can be realized. The executive responsible for incorporating ITSM must be able to function in the C-level suite and participate in strategic business planning, enabling IT to be woven into the fabric of every key decision.

Prepare to move up:

  • Ensure all policies are enforced.
  • Establish a routinized system for evaluating and distributing approved patch updates across your network for known vulnerabilities in operating systems and applications.
  • E-mail must be archived in compliance with company policies. To avoid legal exposure, e-mail must be stored with provisions for rapid search and retrieval.
  • Adopt a belt-and-suspenders approach to data backup.
  • Implement software to help you identify behavioral anomalies that may indicate a user has had their identity stolen, or they are acting outside of accordance with established policies.
  • Eliminate root access and administrator rights for anyone who should not have them.

Level 4 requires real vision at the level of innovating new applications for new and existing technologies that will fulfill the goals and objectives of the organization. Many IT departments become strategic profit centers at this level, so vision must reach far beyond just the technologies.

Prepare to move up:

  • Provide the ability to view security incidents in real-time across the entire IT environment and correlate security events to discover root causes and prioritize remediation efforts.
  • Combine data from multiple places in the network and deliver role-based dashboard reports to demonstrate proactive compliance and drive necessary remediation efforts.

While reading this, it may occur to some of you that it would be a good idea to figure out where your own organization currently falls on an IT maturity model. You're right.

Posted by Howard M. Cohen on December 28, 2020


  • Image of a futuristic maze

    The 2024 Microsoft Product Roadmap

    Everything Microsoft partners and IT pros need to know about major Microsoft product milestones this year.

  • Microsoft Sets September Launch for Purview Data Governance

    Microsoft's AI-powered Purview solution to address governance and security challenges is set to become generally available on Sept. 1.

  • An image of planes flying around a globe

    2024 Microsoft Conference Calendar: For Partners, IT Pros and Developers

    Here's your guide to all the IT training sessions, partner meet-ups and annual Microsoft conferences you won't want to miss.

  • End of the Road for Kaspersky in the United States

    Kaspersky on Monday said it is shuttering its U.S. operations, just days before a nationwide ban on sales of its security software was set to take effect.