ITIL takes on risk reduction role

Long touted for streamlining processes and reducing operating costs, the ITIL best practices framework also helps mitigate enterprise risk, according to its adopters.

Share

Long touted for streamlining processes and reducing operating costs, the ITIL best practices framework also helps mitigate enterprise risk, according to its adopters.

At this week’s IDC IT Service Management and ITIL Forum in New York, analysts and enterprise ITIL adopters discussed how process improvements were providing security benefits.

An IDC survey of more than 300 companies revealed that security had surpassed availability and low costs as the main driver for adopting ITIL. 56% of respondents indicated security was a motivation for ITIL adoption, close to half said they wanted to lower costs and 47% thought ITIL would help improve availability at their organisations.

More than 45% said problem-solving was a driver for rolling out process improvements, and nearly 45% indicated that reducing errors was a top driver.

"Any type of process standard will give you a chance to set policies and processes around security," said Fred Broussard, research manager at IDC. "For instance, you can ensure only authorised users gain access and better guarantee unauthorised access doesn't happen."

The survey response may indicate a growing need among enterprises to better secure corporate data, considering processes around security information management have been incorporated into ITIL version 3, released earlier this year.

Dave Howard, national business technology manager at Toyota Financial Services (TFS) in California, explained how security policy creation and governance had been incorporated into the upgrade and said TFS had created a Security Centre of Excellence and an Office of Privacy that aligned with some of the recommendations in the framework.

"It is important to do security management," Howard said. He explained that TFS incorporated security into its service design package process, in which models of a service are built and multiple criteria taken into account. For instance, throughout the process of creating a service, his team had to determine the service's return on investment, as well as which security requirements were necessary to deliver it.

Now read:

ITIL v3 future uncertain in many IT departments

ITIL v3 adoption 'slow but steady'

Two-thirds of IT managers unprepared for ITIL V3

Find your next job with computerworld UK jobs