Using the ITIL Framework to Manage the Boom in Blockchain
There’s a lot of exciting activity taking place in today’s complex cyber world of the Dark Web, Bitcoin and blockchain. And while you’ve probably heard of Bitcoin as the mainstay of digital currency, blockchain may be poised to challenge its supremacy.
Technically speaking, a blockchain is a continuously growing list of records, called blocks, which are linked and secured using cryptography. Each block typically contains a hash pointer as a link to a previous block, a timestamp and transaction data. By design, blockchains are inherently resistant to modification of the data.
Blockchain is by far one of the most innovative technological advancements we’ve seen, and it is changing the way commerce is done, not just on the Internet but everywhere. That’s because everything is essentially connected to the Internet. One prime example of this fact is the advent of the Internet of Things (IoT).
Blockchain is more than just a technology advancement, however. It is virtually an Internet in its own right. Data is the new commerce and blockchain is definitely a candidate to be the “FDIC” of data. Think about it—the monetary system of today is nothing more than numbers (data) used to carry value for credit cards, debit cards, ACHs and wire transfers. Someone or something must govern the exchange, transfer, movement, and management of that data. Bitcoin has made an excellent attempt but blockchain may turn out to be the de facto cryptocurrency of choice (and possibly the official cryptocurrency at some point).
And as a technology, blockchain is subject to five key supportive pillars: infrastructure (hardware, software, and facilities), connectivity, mobility, performance, and security. The technology used for such grand purposes must be managed by globally-accepted principles and methodologies that IT departments can rely upon. Our vote here for the IT management platform of choice for blockchain is ITIL® IT Service Management, specifically the field that deals with Information Security Management.
ITIL is the world’s most adopted Information Technology Service Management (ITSM) method and has been so for more than 20 years. ITIL has five core processes and 26 subprocesses therein. The goal of ITIL® Service Design is to address the four “P”s: people, processes, products, and partners. (There is a fifth “P” most people don’t speak about called “pecking order” but that’s a topic for another day).
The purpose of an Information Security Management System (ISMS) is to align IT security with business security and ensure that the confidentiality, integrity, and availability (CIA) of the organization’s assets, information, data and IT services always matches the agreed needs of the business. As more organizations around the world use blockchain to send or receive commerce, it is crucial to ensure that the CIA of that data remains “clean” and not “toxic” (Again more on these topics later).
An Information Security Management System (ISMS) has five elements within its framework that can greatly manage blockchain utilization better, including:
- Controlling blockchain
- Planning blockchain
- Implementing blockchain
- Evaluating blockchain
- Maintaining blockchain
Here is a brief overview of each of these elements which can be addressed by the ITIL framework.
1. Controlling blockchain: How do you control blockchain within your organization’s governance model?
- You must establish a management framework to initiate and manage blockchain security. The biggest question here is: is your organization more risk tolerant or risk adverse?
- You must establish an organizational structure to support a blockchain security policy. You cannot do this if your organization does not have C-level management buy-in.
- Allocate blockchain responsibilities. You can use a RACI matrix to manage roles and responsibilities
- Establish and control blockchain documentation. You can use ITIL’s Knowledge Management process to manage this.
2. Planning blockchain
- Devise and recommend the appropriate security measures for blockchain usage. Specifically, look at ITIL’s Service Design process to build upon.
3. Implementing blockchain
- Establish procedures, tools, and controls to underpin the policy. You will have more success at this if you use ITIL’s Service Transition, specifically Change Management and Service Assets and Configuration Management.
4. Evaluating blockchain
- Supervise and check compliance with the security in SLAs and OLAs. This will or should start with your ITIL-based Service Desk along with ITIL’s Financial Management for IT services.
- Carry out regular audits of the technical security of IT systems. The biggest process to ensure quality would be ITIL’s Service Validation and Testing. Warning: Never cut corners or sell short a solid Test Environment. Test, test, and test, again, then validate, and test again and validate once more. How often? As much as you can without disrupting operations or burning out your staff.
- Provide information to external auditors and regulators, if required. The simple advice on this is to make it required and go beyond.
5. Maintaining blockchain: The short answer is to use the seven steps of Continual Service Improvement.
- Improve security agreements specified in SLAs and OLAs.
- Improve the implementation of security measures and controls.
Blockchain and copycat technologies will continue to develop and take commerce by storm. And while ITIL is not yet a panacea, using global standards like ITIL will put you in a better position to successfully architect, implement, and manage blockchain.
Recommended articles for you
ITIL Service Strategy - The First Stage of ITIL Service Life...Article
Basics of Service Design: ITIL® Intermediate Certification...Article
Service Management Stakeholders: ITIL® Foundation Certifica...Article