Gartner Report Warns To Protect Against The Mundane

A Gartner report issued in the wake of the Sept. 11 attacks highlights the importance of putting in place reliable software change-management methods as part of an effective business-continuity plan. The report points out that while companies may have large investments in disaster-recovery facilities--including "highly reliable hardware, software, and communications platforms configured for high availability, and a full 'hot' backup site"-- that doesn't help when changes made to a software application inadvertently disrupt operations. According to the report, more unplanned system outages are caused by such mundane occurrences than by catastrophic events.

Companies can help prevent outages caused by problematic changes to software code by developing best practices to handle software change management, such as including procedures for change-request initiation and tracking, security administration of software assets, and quality reviews. Vendors such as Computer Associates and Serena Software Inc. offer products that help automate the processes of requesting a change to a piece of software, authorizing that change, and rolling it out.

Serena's ChangeMan product supports synchronous development and deployment of change requests, including emergency changes, as well as instant rollbacks when a change causes a problem in a new version of an application. And ChangeMan works across multiple platforms, including Microsoft .Net. President and CEO Mark Woodward says that support for multiple platforms is critical in many environments. In the banking industry, for example, branch systems may be running Linux, Web banking operations for consumers may be running on a Windows NT server, and some back-office operations may be on a mainframe. "You've got integration across all platforms, and if something goes wrong, you can't just take out changes on one system," Woodward says.

The system lets a company control access to source code and programs, and it provides a complete audit trail of what's been done to any application. This helps protect against disasters that might result from "rogue changes" made by unauthorized users hoping to create a fatal problem. Additionally, the software can be useful in real catastrophes that result in the loss of skilled IT personnel; it retains their knowledge about the application and identifies every component and program associated with a particular app.