When I speak with clients about their approach to managing their IT services, many organisations mention ITIL practices as a cornerstone to their approach. This is hardly surprising since the ITIL framework describes a sensible methodology for IT management, looking at the use of technology through the lens of what the business needs.
By avoiding being a specifically technology-driven standard, it’s easy to apply in any mature infrastructure to drive improvement and maintain stability.
In a fast-moving industry like IT, it’s rare to find anything that stays still for long – and with ITIL’s birth harking all the back to the late 1980s, it too has undergone a large number of changes leading us up to the current version, ITIL3. (ITIL4, expected to be released in 2019, is expected to continue to build on the foundations set out all those years ago, too).
What hasn’t changed much is what you can get out of an ITIL-based approach to planning, delivering and supporting IT services:
- Improved relations with customers/users by delivering efficient services that meet their needs.
- Managed and minimized business risk (particularly through minimizing service disruption or failures)
- A framework for supporting the changes that occur within the business whilst mainlining stability
- A set of cost-effective measures for managing IT services
ITIL’s service design includes some key recommendations around security management largely derived from the practices contained with ISO/IEC 270001. Fortunately, many of the requirements for achieving the controls set out in ITIL can be achieved with many of the tools you may already have.
Take, for example, ITIL’s Security Management Planning sub-process. This focuses on making sure that all security measures, as specified in the plans, are properly implemented.
Tripwire Enterprise has a number of features that can help you following this process by verifying your configuration against your planned goals. By capturing the access controls set on the filesystem on a new server, for example, you can confirm the expected security configuration does not deviate from your original plan.
Tripwire Enterprise’s inbuilt reporting can also support your implementation documentation by quickly running comparisons between monitored devices, highlighting unexpected changes in configuration and allowing you to correct mistakes.
Looking beyond your technical project implementations, your day-to-day operations can also benefit from an ITIL-based approach.
ITIL’s change management processes help to ensure that changes go through suitable levels of assessment and approval checks to ensure a change should not cause extended outages or problems further down the line.
Many young IT workers see change management as a barrier to success by slowing things down, but ITIL encourages a mature approach to change management with best practice recommendations on managing change in the business that focus on the minimising disruption, reducing the need for back-out activities and making the most of the resources required for changes.
These are three key aspects of a well-managed change. One of the best approaches to ITIL for change management I’ve seen in the real world literally took these three requirements as agenda items for every single change resulting in a solid track record of successfully implemented changes.
Tripwire Enterprise’s change audit functionality can help by ensuring the expected change really does reflect the request that has gone through the approval process. Even better, our Tripwire App gives us the ability to link into change management systems like Remedy or Service Now, helping to close the loop for approved changes and giving you peace of mind.
If you consider ITIL in practical terms, it’s easy to see how you can improve IT usage in the business by applying its practices in your day-to-day operations.
Fortunately, Tripwire Enterprise’s toolset is ideally placed to help you on your journey to a mature ITIL service management environment.