Managing APIs as CIs

Managing APIs as Configuration Items (CIs) using Configuration Management principles provides several benefits for organisations relying on software development. A structured approach with a well-defined API catalogue, change management process, version control, and testing and validation ensures proper tracking, management, and integration of APIs, thereby reducing the risk of API-related system failures.

An API catalogue should include all APIs in use, with each having a unique identifier that captures its name, version, and metadata, and continuously updated as the APIs change.

Changes in APIs should be tracked, reviewed, and approved before implementation, with a structured change and release management process that identifies the API being changed, the nature of the change, and its impact on the system.

Version control should capture the version history, including changes made, and the reasons behind them, ensuring that the latest version is always available for use.

APIs should undergo functional, performance, and security testing and validation integrated within a change and/or release management process. Managing APIs as CIs provides:

  • greater control and management of software components,
    • CIs are tracked and managed
  • improved visibility into software systems
    • CIs are well-defined, documented, and controlled
  • effective change management
    • Changes are be tracked, reviewed, and approved before implementation
  • improved quality
    • CIs are tested and validated before use and meet security requirements
  • stronger risk management
    • By managing APIs as CIs reduce the risk of system failures due to API-related issues
  • better governance and compliance
    • CIs leverage well-defined, documented, and controlled processes

Managing APIs as CIs is best practice in software development and provides organisations with a competitive edge. Following Configuration Management principles ensures proper tracking, management, and integration of APIs, resulting in high-quality software systems that meet user and business needs.

Cross-posted @ Manage your APIs as CIs – ServiceNow Community

Navigate Edge Cases in ServiceNow Implementations

When implementing ServiceNow, edge cases could be run into that, if left unchecked, can potentially impact the overall project success. Edge cases are scenarios that fall outside the norm or standard use cases of a system, in this case ServiceNow. They can be particularly tricky to navigate, and they often require customisations, workarounds, or some other special consideration.

In this article, I’ll explore the art of navigating edge cases in ServiceNow implementations, the impact of edge cases on project success, provide practical tips for identification and management, and provide strategies for mitigating risks and challenges.

Edge Case Impact on Project Success

Edge cases can have a significant impact on the success of a ServiceNow implementation project by their propensity to cause delays, drive up costs, and create frustration. In some cases, they can even derail an implementation project altogether.

One challenge of dealing with edge cases is that they can actually be difficult to identify. They usually rear their head during UAT or worse, after go live – which would cause all kinds of headaches. Therefore, it’s important to have an understanding of the potential edge cases that may arise during a ServiceNow implementation and also to plan accordingly.

Edge cases tend to be unexpected or uncommon. But implementation teams should consider planning for them to arise as a defect that will occur. End users are superstars when it comes to finding edge cases! All they have to do is assume how something works and get it wrong. Likewise, nefarious actors (i.e. hackers, insider threats etc..) often find their way to gold through edge cases.

Identification and Management

Step 1 is identification. Ideally this actually occurs before an edge case becomes a defect. Spend some time with the business users (your customers) and try and think of methods or actions that might open up a hole in the design. Be proactive. An example could be integration with a barcode scanner for asset management workflows – this is a potential way for unstructured data to come into the platform and is one place to look at unexpected strings and data formats.

Once potential edge cases have been identified, it is important to prioritise them based on their impact on the project and the likelihood of them occurring. This will help ensure that resource allocations are appropriate and the most critical edge cases are addressed first.

Managing edge cases can often involve workarounds to address specific scenarios – or even customisations. Close collaboration with stakeholders, including end-users, IT teams, and business representatives becomes paramount here. Working together to ensure that edge cases are properly understood and that the solutions implemented are practical, effective, and sustainable is critical.

Strategies for Mitigating Risks and Challenges include:

  • Plan from the beginning for edge cases: It is important to consider potential edge cases during the planning phase of a ServiceNow implementation. This can help ensure that resources are allocated appropriately and that the project team is prepared to address unexpected scenarios.
  • Leverage leading practices and pre-existing solutions: This can help reduce the risk of errors and ensure that the solutions implemented are effective and efficient.
  • Test early and often: Testing is critical when managing edge cases in a ServiceNow implementation. It can help identify potential issues early on, allowing the project team to address them before they become more serious. If possible, don’t wait until formal UAT to get those end users poking about.
  • Communicate: Effective communication and collaboration are essential when managing edge cases

Edge cases can present a significant challenge during ServiceNow implementations. By understanding the impact potential of them on project success, effective identification and management, and risk mitigation techniques, successful ServiceNow deployments abound! By following these practical tips and strategies, hopefully you can navigate edge cases in ServiceNow implementations before and after they arise.

Cross-posted @ Navigating Edge cases in ServiceNow implementation… – ServiceNow Community

The role of data analytics in digital government

Governments around the world are increasingly turning to electronic means to improve their service delivery and streamline their workflows. This shift towards digital government has revolutionised the way citizens interact with their governments, making it faster, more efficient, and more transparent. However, with the increase in data generated through digital government workflows, it has become necessary to use sophisticated tools and techniques to manage and analyse this data.

Data analytics has emerged as a powerful tool for governments to optimise their workflows, making them more efficient and effective. In this article I’ll be exploring the role of data analytics in improving digital government workflows, the benefits it offers, the challenges that need to be addressed, and best practices for successful implementation to gain a deeper understanding of how data analytics can help governments optimise their digital government workflows and how it can lead to better service delivery and citizen satisfaction. And, finally I’ll wrap a ServiceNow bow around it.

Benefits of data analytics in digital government workflows

Data analytics has a transformative impact on digital government workflows, enabling governments to leverage data to make informed decisions, optimise their processes, and deliver better services to citizens. Here are some of the key benefits of using data analytics in digital government workflows:

  • Improved efficiency: Data analytics can help governments identify bottlenecks in their workflows and reduce processing times. By automating repetitive tasks and streamlining complex processes, governments can achieve greater efficiency in their service delivery.
  • Enhanced decision-making capabilities: Data analytics provides governments with insights and intelligence to make informed decisions. By analysing vast amounts of data generated through digital government workflows, governments can identify trends, patterns, and anomalies, and use this information to improve their decision-making capabilities.
  • Better resource allocation: Data analytics enables governments to allocate their resources effectively and efficiently. By analysing data on service demand, usage patterns, and citizen feedback, governments can optimise their resource allocation to meet the needs of their citizens.
  • Increased transparency: Data analytics promotes transparency by providing citizens with access to information about government services and operations. By making data available in a user-friendly format, governments can increase citizen trust and engagement.

The benefits of data analytics in digital government workflows are significant, offering governments the opportunity to optimise their processes, improve their service delivery, and better serve their citizens.

Challenges implementing data analytics for digital government

While the benefits of data analytics in digital government workflows are clear, there are several challenges that governments face when implementing data analytics:

  • Data security and privacy concerns: Governments need to ensure that citizen data is protected from unauthorised access, breaches, and misuse. This requires robust data security and privacy policies, infrastructure, and practices.
  • Lack of necessary skills and infrastructure: Implementing data analytics in digital government workflows requires specialised skills, infrastructure, and tools. Governments may struggle to find qualified personnel and invest in the necessary infrastructure.
  • Resistance to change: Introducing data analytics in digital government workflows may require changes to existing processes, policies, and systems. This can create resistance among stakeholders, who may be hesitant to embrace new technologies or workflows.
  • Funding constraints: Implementing data analytics in digital government workflows can be costly, requiring significant investments in infrastructure, personnel, and tools. Governments may struggle to allocate sufficient funds to support these initiatives.

Addressing these challenges is essential for governments to fully leverage the benefits of data analytics in digital government workflows. By investing in robust data security and privacy policies, building the necessary skills and infrastructure, engaging stakeholders, and allocating sufficient funds, governments can successfully implement data analytics in their digital government workflows.

Leading practices for successful implementation of data analytics for digital government

To successfully implement data analytics in digital government workflows, governments need to follow leading practices that enable them to optimise their processes:

  • Strong leadership and clear goals: Governments need strong leadership to drive the adoption of data analytics in digital government workflows. Clear goals and objectives need to be defined, and a roadmap established to achieve them.
  • Collaboration and communication between stakeholders: Successful implementation of data analytics requires collaboration and communication between various stakeholders, including government agencies, citizens, and private sector partners. Effective communication helps build consensus and trust, and ensures that everyone is working towards the same goals.
  • Robust data management practices: Governments need to develop robust data management practices to ensure that data is accurate, complete, and up-to-date. Data quality is critical to the success of data analytics, and governments need to establish processes to manage and monitor data quality.
  • Continuous improvement and evaluation: Governments need to continuously monitor and evaluate the performance of their data analytics initiatives. Regular evaluations help identify areas for improvement, refine processes, and ensure that the desired outcomes are achieved.

Real-world examples of successful implementation of data analytics in digital government

There are several real-world examples of successful implementation of data analytics in digital government workflows that demonstrate the benefits of using data analytics to optimise government processes. Here are just two of those:

  • United States Digital Service (USDS): The USDS is a federal agency that helps improve government services using data analytics and technology. The USDS has implemented several successful data analytics initiatives, including a project to improve the processing of appeals at the Department of Veterans Affairs. The project used data analytics to identify inefficiencies in the claims process and optimise the workflow, resulting in an increase to over 87% of claims handled digitally. 1
  • Estonia’s e-governance system: Estonia has one of the most advanced e-governance systems in the world, and data analytics plays a critical role in its success. The system allows citizens to access a wide range of government services online, including voting, tax filing, and healthcare. Data analytics is used to monitor the performance of the system, optimise workflows, and identify areas for improvement. The result is a highly efficient and transparent government system that is responsive to citizen needs and is being used by the European Commission to benchmark digital government services. 2

Conclusion

Data analytics has emerged as a powerful tool for governments to optimise their digital government workflows, making them more efficient, effective, and transparent. By using data analytics, governments can make informed decisions, allocate resources effectively, and improve service delivery to citizens.

While there are challenges to implementing data analytics in digital government workflows, following best practices such as strong leadership, collaboration, robust data management, and continuous improvement can help governments successfully leverage data analytics.

Real-world examples from countries like the United States and Estonia demonstrate the benefits of data analytics in digital government workflows. By investing in and embracing data analytics, governments can transform their service delivery and enhance citizen satisfaction.

ServiceNow and digital government data analytics

ServiceNow provides a comprehensive platform that can be leveraged by governments to optimise their digital government workflows. In addition to the concepts outlined in this blog, ServiceNow offers several capabilities that can help governments harness the power of data analytics. Here are a few examples:

  • Workflow automation: ServiceNow’s workflow automation capabilities can help governments streamline their digital workflows and reduce processing times. Public Sector Digital Services provides a government data model for citizens and industry to access government services and enables governments to track and respond to citizen requests more efficiently.
  • Performance Analytics: ServiceNow’s Performance Analytics module provides data visualisation capabilities that can help government agencies track key performance indicators, identify trends, and gain insights into their digital service delivery operations. ServiceNow can also be integrated with other data analytics tools to provide a more comprehensive view of government service delivery operations.
  • Process Optimisation: Government can leverage Process Optimisation to uncover process inefficiencies, enhance process performance, eliminate redundancies, and improve continuously. By providing deep insights into processes, Process Optimisation can unlock an understanding of the root cause of issues and streamline work by removing redundant tasks and bottlenecks.

By leveraging these few ServiceNow capabilities, governments can optimise their digital workflows, improve service delivery to citizens, and gain valuable insights into their operations.

References

  1. https://www.usds.gov/resources/USDS-2016-Report-to-Congress.pdf
  2. https://joinup.ec.europa.eu/sites/default/files/inline-files/Digital_Government_Factsheets_Estonia_2019.pdf

Time-limited authentication: ServiceNow Utah release highlight

Time-limited authentication (TLA) is a new feature that ServiceNow has introduced to further enhance the security of ServiceNow instances from the Utah release.

First things first. What exactly is TLA?

TLA is an authentication mechanism that allows access to a system or service for a limited period. This is essential in scenarios where users need temporary access to a system, and it is not desirable for them to stay logged in indefinitely. This can ensure that a user is automatically logged out after the set period, reducing the risk of unauthorised access to resources.

One of the significant advantages of TLA is that it reduces the risk of unauthorised access to sensitive information. Links generated with TLA are unique and can only be used once. The link is valid only for a specific period, and once the time expires, the link becomes invalid. This ensures that the link cannot be used by an unauthorised actor to access the system, and it reduces the risk of account hijacking or data breaches.

So how does it work in ServiceNow?

The TLA feature in ServiceNow is designed to ensure that only the intended users can access the system during the period that the link is valid. Admins configure link-based authentication and that can be shared with the user through email or SMS, and the user can use the link to log in to the instance with the required privileges.

To ensure that the link is unique, TLA uses a mechanism called a nonce. A nonce is a random or pseudo-random number that is used only once. The nonce is included in the link along with other data, such as a timestamp or a cryptographic hash of the message. The receiver of the message or transaction (i.e. the ServiceNow instance) can then verify that the nonce has not been used before and that the message or transaction is unique.

TLA can also be used in combination with multi-factor authentication (MFA) to provide an additional layer of security for the authentication process. The user is required to provide a second factor, such as a one-time password (OTP), or SMS. Logins using TLA is controlled through Adaptive Authentication policies.

Hold Up. What’s Adaptive Authentication?

Adaptive authentication uses policies to evaluate authentication requests and then either deny or allow access to an instance based on the conditions specified. Adaptive authentication policies and contexts restrict access to a ServiceNow instance based on source IP addresses, the role(s) the user has, and even what group they’re in. This can be for both users (humans) and API calls.

What are some use cases for TLA?

  • Contractors: TLA can be used to provide contractors with temporary access to specific resources within the ServiceNow instance.
  • Third-party vendors: ServiceNow customers often have third-party vendors who need temporary access to specific resources within a ServiceNow environment. TLA can be used to provide these vendors with temporary access to the system, ensuring that they can only access the resources they need for the required time.
  • Compliance requirements: Many organisations are required to comply with regulations such as HIPAA, GDPR, or PCI-DSS, which have strict requirements for access control and user authentication.
  • High-risk systems: Some ServiceNow deployments may be high-risk and require additional security measures to prevent unauthorised access. TLA can be used as an additional layer of security for these systems.
  • Test environments: Sometimes there’s a need to restrict access to sub-production environments for certain user cohorts to conduct testing.

In conclusion…

Time-limited authentication in ServiceNow will provide several benefits, including enhanced security, reduced risk of unauthorised access, and potential for improved user experience and is an excellent addition to the platform that enhances the security posture for ServiceNow customers.

Help industry better respond to your engagement platform RFx

This is an open letter to those who prepare RFx documentation for engagement platforms seeking responses from industry.

Please tell us more about the integrations you need. Help us help you!

All too often I see functional requirements in an RFx that outline, sometimes in minute detail, how something like a simple ITSM incident ticket needs to be able to be created, from multiple different viewpoints, methods and personas, and described in numerous different ways – however when I get to the integration requirements, all the document says is something along the lines of “the proposed solution must integrate with our [ERP/File repo/CRM platform/IDAM toolset]”.

Integrations are THE most complex component when it comes to delivery of an IT solution.

So that we can present artefacts to you such as estimated costs, resourcing and implementation timeline in our response, we otherwise have to guess (or more likely, take up more of your valuable time asking a series of clarification questions) about things such as your governance processes and how an integration might impact your system’s business criticality, the level of data sensitivity, cyber security risk management, integration testing requirements, and any other contextual factors that may be inherent to your organisation, or architecture.

To build those estimates, we have to consider all of the above, plus assessing any potential connectivity mechanisms between the systems and any subsequent workflow functionality we think you might need once the systems are integrated.

There is no worse feeling than writing a response to an integration requirement that simply rattles off what the standard integration capabilities of the solution I’m proposing are, along with a disclaimer that reads ‘we need to understand your requirement further to be able to provide a thorough implementation estimate’ (and then repeating it!).

Try to explain your use case(s) with some of these questions in mind:

  • does the integration need to be bi-directional,
  • is it a cloud-to-cloud integration, or to an on-premises system,
  • what are the workflows that will be derived from the integration?

If you can, provide some detail on your level of integration governance requirements, and if known, let us know the version/release of the system that needs to be integrated. The latter of these will let us get on with the fun part of a response – digging about on product documentation websites for a solution – with a clear view of what APIs we need to research, understand and solution for, versus making (what could be very wrong) assumptions about your integration needs.

With more knowledge and greater context of your integration requirements in the hands of respondents, I guarantee that you’ll get better RFx responses from industry around those important factors such as schedule and pricing, and there’ll be less surprises (for all involved) when negotiations commence, and your chosen provider comes in to do the work.

Help us help you.

The Constituent CX

5 key ways ServiceNow technology supports high quality customer experience when dealing with constituents.

Constituent experience is more than just providing an outcome. It also includes how the engagement transpires, which drives a perception of the overall service. When constituents need to interact with government they’re often doing it out of necessity, therefore the user experience should be as streamlined and efficient as possible.

  1. User Identification – Having a mechanism in place where constituents have a user account will do two things – it will allow them to avoid the inconvenience of having to repeat personal information by leveraging data within their profile, and if they do need additional support, Customer Central enriches the agent’s experience by having all of their data in the one pane.
  2. Repeatable services that follow a similar UX pattern – When services are published in a catalogue, good design right down to the right UI policies on forms using standard ServiceNow functionality will uplift the constituent experience. Goodbye PDFs and word docs!
  3. Communication channels – The Virtual Agent chatbot and social media channels are just two of the numerous  methods that ServiceNow provides that can simplify exchanges for constituents by giving them a consumer-like experience that they’re likely used to with other internet apps.
  4. Public Sector Digital Services – The data model, portal, workflows and Virtual Agent topics pre-configured in this application provide a baseline for constituent service provision. This app is an extension on top of CSM and also provides a templated way for businesses to interact with government.
  5. User Experience Analytics – This application provides out-of-the-box dashboards that will enable government to gain insight on the way constituents interact digitally via any of the channels published and provide metrics that will assist in continual improvement cycles. Government can also use their own metrics from call centres to identify demand for what could be digitised leveraging an engagement platform such as ServiceNow.

ServiceNow in an external shared services role for government

How ServiceNow enables the provision of external facing inter-agency shared-services, at scale, for government use cases.

For time immemorial government has been hamstrung from sharing data between agencies by slow processes such as email as the ‘official’ channel. Deployment of ServiceNow to act as the interface between other government  agencies and departments has demonstrated that this need be no more. The ServiceNow platform gives government the opportunity to create transformative change in the context of data sharing and instantiation of inter-agency workflows.

Platform capabilities such as the following when deployed will give government the ability to create positive change to support their mission:

  • Hyperautomation Integration Hub functionality such as Remote Instance Spoke and Remote Process Sync can be deployed to bring data in and out of interconnected ServiceNow instances;
  • Service Bridge, which enables the seamless creation and publishing of services or products within catalogues and the fulfillment of those requests between instances of ServiceNow;
  • the Customer Service Management suite by leveraging the Business-to-business model to provide support for accounts provisioned for external agency users and to interact via omni-channel interfaces such as Virtual Agent chatbots;
  • authentication methods and overlays including Multi-Provider SSO and Adaptive Authentication which allow for, as the name suggests, multiple SSO federations and granular controls over pre-authentication and post-authentication system access for external agency users accessing your instance; and,
  • where complex legislative requirements and constraints around data sharing arrangements exist, Decision Tables and the Decision Builder can provide a decoupled set of business rules that can easily be leveraged in Flow Designer logic – and this can be even further uplifted with Privacy Management workflows from the Governance, Risk & Compliance suite when dealing with constituent personal data.

ServiceNow for Government Services

Many government agencies already have, and others continue to look to the fundamental capability that ServiceNow provides as an enterprise-wide workflow toolset. ServiceNow, when considered as a strategic platform, provides government with the ability not only to manage their internal processes but to interact with constituents, provide insights into those dealings, and manage and monitor the lifecycle of those services being delivered.

Some of the challenges governments face with the provision of digital service delivery range from agility, scalability, security and robustness. We all, as constituents, expect digital services provided by government to be functional, accessible and most importantly, secure.

As ServiceNow’s offering scope has continued to expand with each release, government can now take advantage of the relatively new Public Sector Digital Services (PSDS) offering – which is tailored specifically to government use cases, complete with a shaped data model and out of the box user experiences for citizens and business and of course, the government personas.

Government can leverage PSDS to present G2C and G2B services that in the past would require downloading and filling out restrictive forms that would often ask for the same information more than once and also tend to lack security. This experience was sometimes not even consistent across services provided by a single agency. Naturally, once an agency received a form, there would likely be a manual data entry task, and that wasn’t always dependable to be carried out perfectly. With PSDS, and ideally an integrated trusted digital identity, constituent services can be rapidly deployed and fulfilled – all within one platform, even with a virtual agent chatbot at the front door.

Public Sector Digital Services references

Product Page

Documentation

Entitlement