“In service management, it is necessary to have additional action guidelines. Above incident management, the goal is to prevent vulnerabilities based on risk.”
When a security incident occurs, IT service management (or IT Service Management, for its acronym in English) is the spearhead of the first contact between employees and IT departments. Today, it is necessary to provide special qualities for this: a sharp analytical ability, understanding of risk and speed. However, in view of the number of daily attacks taking place worldwide, it seems that in the future this will no longer be enough.
When it comes to security-related incidents such as ransomware, phishing, or data theft, service management is an integral part of a coordinated response. It is the terminal/equipment that is at the forefront, and therefore also the most suitable for starting the necessary processes, supported by a wide range of tools.
Consider a service catalog that lists incidents by risk exposure and triggers a cascade of specific actions. Depending on the severity of the incident, security teams, decision makers and possibly other specialized departments are informed.
Unfortunately, the reality is quite different. Silos, or better said, the fact of not sharing information – something that unfortunately is still a fact in many companies – prevents coordination and continuous feedback of knowledge.
The emergency plans – which are so necessary – -, are not rehearsed enough, so the analysis and rapid resolution of problems are delayed. Being rigorous, it is impossible to say today that technology alone can guarantee the security of a company.
Beyond IT support: service management also helps with security
Given the frequency of cyberattacks, the question for a large majority of organizations is no longer whether or not a serious security incident will happen, but when it will happen. But hyperautomation and artificial intelligence can help mitigate a large part of the risks, especially those that depend on the human factor.
The current situation demands a new model of thought and action based on prioritizing, preventing and acting in an automated and centralized way. For example, if we are talking about large-scale CI/CD processes in organizations with thousands of assets and dozens of applications, it is crucial to integrate service management with vulnerability prioritization and remediation. Otherwise, validating such a volume of vulnerabilities between the development and production phases is practically impossible, and the consequences can be disastrous.
This new model makes service management the sole source of IT truth (what do you mean “source of truth”? or single point of record capable of providing
visibility over assets, processes, security, events, etc. Everything is recorded in the same database (CMDB, Configuration Management Database). For security teams, it represents a new way of working, since they will be able to recognize attacks more quickly, assess their risks quickly and reliably, and then estimate the possible consequences and the necessary measures to be taken.
With this information, IT teams will be able to be truly efficient when it comes to security, since they will be well focused, with well-documented plans and a coordinated team. By doing so, they will enable their support to go far beyond traditional problem solving, such as compliance, data protection risks, and governance issues. Ultimately, they will be much more than just a computer support team.
Author: Sasha Munoz. EXM Senior Sales Specialist. Ivanti