I had a fascinating conversation Friday with Gene Kim, CTO of Tripwire and lead researcher of the IT Process Institute “IT Controls Benchmark Survey”. Gene has been working on this survey for years and the report is finally available. The purpose was to demonstrate the impact of implementing COBIT controls on the effectiveness of IT operations. I assume most people share my gut reaction to controls: A CYA waste of time and resources.
However, the early part of my career was in the automotive industry where controls were used to finally achieve quality in manufacturing. So, I have first hand experience with the effectiveness of controls. It is Gene’s vision that IT controls contribute to operational efficiency, save money, and yes, contribute to better security.
The study surveys 98 companies and had some very surprising results, surprising in the magnitude of the findings:
• High performers were completing 8 times as many projects as medium and low performers
• High performers were managing 6 times as many applications and IT services
• High performers were authorizing and implementing 15 times as many changes
• When top performers manage IT assets, they have 2.5 times higher server to system administrator ratios than medium performers, and 5.4 times higher ratios than low performers.
• When top performers implement changes, they have one-half the change failure rate of medium performers, and one-third the change failure rate of low performers.
• The percentage of work that is unplanned in top performers is 12% lower than in medium performers and 37% lower than in low performers.
These are tremendous arguments for investing in establishing COBIT controls over IT processes. I am sold on their effectiveness. Listen to the Threatcast with Gene Kim of Tripwire.
Theme music for IT-Harvest ThreatCasts used with the permission of Hyperion Records