Configuration And Change Management For IT Compliance And Risk Management: The Tripwire Approach

Increasingly, IT departments are regarded as service providers to end users. Thus, IT departments must manage their hardware and software assets with the objective of providing efficient customer service to all constituents. Service provision requires that IT identify specific sets of services (such as in a service catalog), identify the assets required to deliver the services, authorize users to access the services, and establish processes and best practices for service delivery on an ongoing basis.

The need for effective processes for service delivery has resulted in the increasing adoption of best practices based on IT Infrastructure Library (ITIL), ISO 20000, Six Sigma, and other process standards and frameworks. Indeed, these best practices are being adopted worldwide by IT departments that wish to improve customer service to both internal and external customers. These standards help streamline and standardize internal IT processes, resulting in higher IT efficiency and improved service delivery to end users. One of the most critical areas that need strong operational processes is managing changes to the IT infrastructure. This includes processes for management of authorized and planned changes as well as facilities for detecting and preventing unauthorized changes.

This IDC White Paper discusses key issues surrounding configuration management and compliance. These issues center on the IT department's need to lower costs, increase management flexibility and control, and increase responsiveness to business needs and requirements. Managing change and satisfying compliance requirements are critical parts of the IT department's service delivery mission. Accidental or unplanned changes to the IT configuration, or configuration settings that "drift away" from standards, can have drastic consequences in terms of Global Headquarters: 5 Speen Street Framingham, MA 01701 USA P.508.872.8200 F.508.935.4015 www.idc.com 2 #209582 ©2007 IDC service disruption for the business as a whole. IT organizations need software solutions that can address the need to effectively manage and control changes to configuration settings.