Thursday, May 29, 2008

Security emerging as ITIL adoption incentive

Home Source:
Http://computerworld.co.nz/news.nsf/mgmt/FA3EBCDB14ADC8E8CC2573D400029683

Here listed some figures that come from a survey reported By Denise Dubie Framingham.

A survey analysts and enterprise ITIL adopters discussed how process improvements are now providing security benefits. The result conducted by IDC in November 2007 of more than 300 companies revealed that security had surpassed improved availability and lowered costs as a main driver for adopting the best practices laid out in ITIL. ITIL best-practices framework not just reducing operating costs, it also helps mitigate enterprise risk. The ITIL adopters said.

Specifically, 56% of survey respondents indicated security as a motivation for ITIL, while close to 50% said they wanted to lower costs and about 47% thought ITIL would help improve availability at their organizations. More than 45% said problem-solving was a driver for rolling out process improvements, and nearly 45% indicated that reducing errors was a top driver for ITIL adoption. The survey response might indicate a growing need among organizations to better secure corporate data and information, considering processes around security information management have been incorporated into ITIL Version 3.

ITIL may not provide the external protections of a firewall, but it can go a long way towards securing internal resources and preventing data breaches. "Security can be the motivation for doing some of these processes, such as patch and change management, for instance, because improving processes will make security work better in situations such as access controls," said Tim Grieser, programme vice president of enterprise system management for IDC.

According to companies using ITIL, security and risk management could be an easier argument to make when trying to get executive buy-in for adopting ITIL. The ROI for process improvements can be ambiguous and not realised for quite some time, so putting an executive's mind at ease with talk of reduced risk may be the better way to go. Oryst Kunka the vice president of process design and architecture at The Bank of New York Mellon, said, "This change will result in a reduction of risk, and it will get management's attention. Sometimes it's hard to point out dollars with process improvements, but companies understand risk. At The Bank of New York, ITIL has become a business advantage.”

In conclusion, according to the survey’s result representing, I can see the security of the information within an organization is a very big issue in present technical day, security policies should been considered in the control, planning, implementation, and evaluation. More then 50% ITIL adopter also indicated solving security issues also a motivation for ITIL methodology become more and more popular.

No comments: