ITSM + SecOps Convergence: How It Can Help Your Business, and How to Get Started (Part 2)

Share on linkedin
Share on facebook
Share on twitter

Why and how to bring together two critical elements of your business – Part 2 of 2

IT service management (ITSM) and security operations (SecOps) are equally critical to survival and success at many businesses. The need to bring them closer together and how best to accomplish that goal were among the topics discussed in a recent webinar hosted by Virima.

The featured presenters were Taylor Lehman and Mike Bombard. Taylor is Chief Information Security Officer for Wellforce (a partnership of Tufts Medical Center and Floating Hospital for Children), MelroseWakefield Healthcare, and Circle Health in Massachusetts. Mike Bombard is Virima’s Chief Operating Officer.

Part 1 of this two-part post discussed why ITSM and SecOps must come together, drivers for their evolution, and some useful first steps toward their convergence. This time out, specific challenges to and enablers of ITSM-SecOps convergence, and next steps you can take to bring them together at your business.

ITSM-SecOps Convergence: Challenges

Every IT and business initiative faces multiple challenges. Bringing ITSM and SecOps together is no exception. Broadly, the most significant of these challenges fall into three categories: organizational, technological, and cultural. Below are just some of the challenges your business is likely to face when trying to bring ITSM and SecOps together.

Organizational Challenges

  • Do we have the right people?
  • Are they in the right roles?
  • How do we get rid of silos?

ITSM-SecOps Convergence: Technological Challenges

  • Do we have the right solutions in place?
  • Can we get what we need and don’t have?
  • Do we have the skills to make it all work?

Cultural Challenges

  • Does our leadership “get it?”
  • Do we have the right processes?
  • Can we bridge the cultural gaps?

ITSM-SecOps Convergence: Enablers

Enablers of ITSM-SecOps Convergence can generally be grouped into the same categories as the challenges outlined above.

Organizational Enablers

  • Leadership buy-in
  • Adequate budget
  • Clear goals and solid plans

ITSM-SecOps Convergence: Technological Enablers

  • A business-aligned service catalogue
  • A comprehensive, flexible, CMDB
  • Process-driven automation
  • Actionable, role-specific reporting

 Cultural Enablers

  • Regular cross-functional team meetings
  • Well-defined, well-documented, well-enforced business processes
  • Acknowledgement, recognition, and rewards

ITSM + SecOps: Next Steps

Once you have crafted a strategy and a plan for ITSM-SecOps convergence, you must take the first steps described in Part 1 of this post. You must know your environment, optimize your skills, get executive support, and engage your stakeholders regularly.

After you complete those first steps successfully, it’s time to shift your focus from high-level strategy to specific tactics. Your specific actions may vary in execution, but each project must at least address the steps outlined below.

Identify a Promising Opportunity. Pick a specific business challenge or opportunity that greater convergence of ITSM and SecOps can help to address.

Devise a Specific Project Plan. Ensure that the tactics and outcomes delineated in the project plan align with both business goals and the larger aims of your plan for ITSM-SecOps convergence.

Engage Your Teams. Identify and get the commitment of the people you need to succeed, and ensure they are kept informed of everything they need to know as the project proceeds.

Pursue the Plan. Make sure it includes regular check-in opportunities and frequent communication, to keep everyone on schedule and to identify and address challenges as quickly as possible.

Distill and Disseminate the Results. Whether reality conforms to plan or deviates from it, make sure the key points of the effort and its results are shared with all stakeholders.

Capture and Store All Relevant Data. What you learn and experience must inform future ITSM-SecOps convergence efforts. If you don’t have an appropriate repository and supporting processes, use your first ITSM-SecOps convergence project as a spur to create them.

In many cases, that repository should be a configuration management database or CMDB. To maximize your ability to capture all relevant data, ensure that you implement comprehensive, automated discovery across your entire IT estate. You also need consistent, reliable automated updating of your CMDB. These crucial automation steps will help guarantee that your IT and SecOps teams have accurate, complete, and timely information to work from when pursuing ITSM-SecOps convergence.

The webinar includes great discussion and additional observations you will find valuable as you consider and pursue ITSM-SecOps convergence at your business. You can listen to or download the complete webinar here.

Summary:

How ITSM + SecOps Can Help Your Business

IT service management (ITSM) and security operations (SecOps) are equally critical to survival and success at many businesses. Every IT and business initiative faces multiple challenges. Bringing ITSM and SecOps together is no exception. Broadly, the most significant of these challenges fall into three categories: organizational, technological, and cultural. Once you have crafted a strategy and a plan for ITSM-SecOps convergence, you must know your environment, optimize your skills, get executive support, and engage your stakeholders regularly. After you complete those first steps successfully, it’s time to: Identify a Promising Opportunity. Devise a Specific Project Plan. Engage Your Teams. Pursue the Plan. Distill and Disseminate the Results. Capture and Store All Relevant Data. In many cases, that repository should be a configuration management database or CMDB. To maximize your ability to capture all relevant data, ensure that you implement comprehensive, automated discovery across your entire IT estate.

Share on linkedin
Share on facebook
Share on twitter

Subscribe to Our Newsletter

More to Explore

To understand the business value of service mapping, it’s important to shift to a service delivery mindset, rather than thinking about delivering infrastructure, equipment, software, and applications. Defining services is relatively simple if thought of as the commoditization of what’s…

Service mapping - the area of configuration management that perplexes so many IT professionals, yet that which provides the highest value in Configuration Management Database (CMDB) projects. There are several major reasons IT gets stopped when it comes to service…

The world of service management has changed as technology has shifted from providing tools for administrative support to being fully embedded in the delivery of the business’ core function. There’s a world of difference between using an accounts payable system…

The Configuration Management Database (CMDB) provides a single database that contains information about the enterprise’s assets, both logical and physical. In modern service management platforms, it provides core functionality that is referenced by all of the service management practices, including…

The importance of discovery comes from what it provides to the users of the Configuration Management Data Base (CMDB): trustworthy data and greater speed to value. Without discovery, the CMDB is built by feeds and data entry, which can lead…

There is an old saying that you can’t manage something unless you can measure it. Asset discovery can provide you with accurate and up-to-date data and information about everything you use in IT. You can then develop metrics using the…

Atlanta, Mar 19, 2020 (Issuewire.com)  - Virima Technologies Inc, a provider of CMDB, Discovery, IT Asset Management and IT Service Management (ITAM & ITSM) solutions, today announced that it has recently completed its Service Organization Controls 2 (SOC 2) examination under the Statement…

The most significant ServiceNow CMDB best practice is having a system with data you can trust.  ServiceNow will tell you that your stakeholders will tell you that and IT service management (ITSM) professionals will tell you that.  Achieving high-quality configuration…

CMDB - configuration management database - value potential is undisputed, you need to be careful and not blindly jump into implementation without having a clear plan in place about how this powerful tool will be used within your organization.  Here…

The past decade has introduced a tremendous change in the IT industry.  If you were to compare your IT ecosystem today with how it was ten years ago, you would likely find it hard even to recognize that you’re looking…