The Core Infrastructure Optimization Model defines five capabilities that are initial requirements to build a more agile IT infrastructure. These five capabilities are the foundation of each of the maturity levels.

• Identity and Access Management
• Desktop, Device and Server Management
• Data Protection and Recovery
• Security and Networking
• IT and Security Process
• Core Infrastructure Optimization Model Levels

In addition to capabilities, the Core Infrastructure Optimization Model defines four optimization levels (Basic, Standardized, Rationalized, and Dynamic) for each capability:
 
Basic Level: Patching
The Basic IT infrastructure is characterized by manual, localized processes; minimal central control; and nonexistent or unenforced IT policies and standards for security, backup, image management and deployment, compliance, and other common IT practices.
 
There is a general lack of knowledge regarding the details of the infrastructure that is currently in place or which tactics will have the greatest impact to improve upon it. Overall health of applications and services is unknown due to a lack of tools and resources. There is no vehicle for sharing accumulated knowledge across IT. Operational environment extremely hard to control, there are very high desktop and server management costs, enterprise is generally very reactive to security threats. Generally, all patches, software deployments, and services are provided manually. Infrastructure have very little positive impact on the ability of the business to benefit from IT.

Customers benefit substantially by moving from this type of Basic Infrastructure to a Standardized Infrastructure helping them to dramatically reduce costs through:
 

• developing standards, policies, and controls with an enforcement strategy;
• mitigating security risks by developing a “defense in depth” posture: a layered approach to security at the perimeter, server, desktop and application levels
• automating many manual and time consuming tasks;
• adopting “best practices”, including IT Infrastructure Library (ITIL), SANS Institute, etc.);
• aspiring to make IT a strategic asset rather than a burden.

Standardized Level: "taking over"
The Standardized infrastructure introduces controls through the use of standards and policies to manage desktops and servers; to control the way machines are introduced into the network; and by using Active Directory directory service to manage resources, security policies, and access control. All patches, software deployments, and desktop service are provided through medium touch with medium cost. There are reasonable inventory of hardware and software and some kind of licenses management. Security measures are improved through a locked-down perimeter, but internal security may still be a risk.
 
Customers benefit by moving from this Standardized state to a Rationalized state with their infrastructure by gaining substantial control over the infrastructure and having proactive policies and processes that prepare them for the spectrum of circumstances from opportunity to catastrophe. Service Management is a concept and the organization is taking steps to recognize where to implement it. Technology is also beginning to play a much larger role moving toward a Rationalized infrastructure by becoming a business asset and ally rather than a burden.
 
Rationalized Level: Business Benefits
The Rationalized infrastructure is where the costs involved in managing desktops and servers are at their lowest and processes and policies have been optimized to begin playing a large role in supporting and expanding the business. Security is very proactive and responding to threats and challenges is rapid and controlled. The use of zero touch deployment helps minimize cost, the time to deploy, and technical challenges. These customers have a clear inventory of hardware and software and only purchase the licenses and computers they need. Security is extremely proactive with strict policies and control, from the desktop to server to firewall to extranet.
 
Customers benefit on a business level by moving from this Rationalized state to a Dynamic state. The benefits of implementing new or alternative technologies to take on a business challenge or opportunity far outweigh the incremental cost. Management is implemented for a few services with the organization taking steps to implement more broadly across IT.
 
Dynamic Level: "IT as strategic advantage"
Customers with a Dynamic infrastructure are fully aware of the strategic value that their infrastructure provides in helping them run their business efficiently and staying ahead of competitors. Costs are fully controlled. There is integration between users and data, desktops, and servers, collaboration between users and departments is pervasive, and mobile users have nearly on-site levels of service and capabilities regardless of location.

Processes are fully automated, often incorporated into the technology itself, allowing IT to be aligned and managed according to business needs. Additional investments in technology yield specific, rapid, measurable benefits for the business.
The use of self-provisioning software and quarantine-like systems for ensuring patch management and compliance with established security policies allows the Dynamic infrastructure organization to automate processes, thus helping improve reliability, lower costs, and increase service levels.

Customers benefit from increasing the percentage of their infrastructure that is Dynamic by providing heightened levels of service, competitive and comparative advantage and taking on bigger business challenges. Service Management is implemented for all critical services with service level agreements and operational reviews established.