The convergence of management and security in a user-driven world

Implementing a successful ITSM 2.0 programme means embarking upon a process of continuous improvement.

ITSM 2.0 is defined by Gartner as a ‘super set’ of IT service management tools which focus on improving the quality and efficiency with which infrastructure and operations supports end users and delivers services. There is broad consensus that ITSM 2.0 initiatives can’t be limited to the service desk and that they must offer an integrated approach to the technical, regulatory and business challenges faced by IT professionals. However, rather surprisingly given the broader focus on service management, many do not yet consider it to include endpoint management and security.

Adopt a bimodal strategy for service management  

Implementing a successful ITSM 2.0 programme means embarking upon a process of continuous improvement; regularly evolving processes to better respond to changing demands. With respect to service management a big part of this comes down to enhancing efficiency by making processes for routine tasks both consistent and repeatable. However, there is always the competing need to remain flexible enough to cope with new disruptors. 

This need to manage two separate modes of IT delivery, one focused on stability and the other on agility is the rationale behind taking a bimodal approach to ITSM. For example, many organisations found themselves unprepared for the rapid consumerisation of IT and adoption of BYOD. The tried and tested processes they had in place to manage company-owned PCs and servers quickly proved ineffective at handling an influx of new support requests. It’s no great surprise as they had never been designed to address the security and support issues that emerge when managing multiple devices and operating systems.  

A similar situation is currently emerging with new disruptors such as ransomware and the Internet of Things. Organisations are fast discovering the old ways of managing IT and security are no longer proving as effective as they once did, even if they’re not yet sure exactly how they should be adapted.  Even today’s challenges point towards a need for ITSM tools to incorporate a wider array of operational capabilities. User expectations for self-service are very much driven by their exposure to the consumer app stores which give them access instant access to what they need, when they need it. Therefore tools such as software license management, patch management and enterprise mobility management should already be considered part of ITSM 2.0. 

Does ITSM 2.0 include security?

ITSM 2.0 is constantly evolving and the general consensus within the industry is that it will incorporate endpoint security in the future. Our view slightly differs in that we think it is already a core component. If you take a close look at failures in security, a common factor is a breakdown in change-control and a lack of insight. If you don’t know something has changed, then you can’t control it. The fact is that in an age of cloud and mobility you can’t keep users from installing applications. So you need to know when compromised devices are plugged into the network, what social media and web-apps are being launched, and have a mechanism to stop it It’s hard to understand why there isn’t more crossover and better communication when you consider the fundamental role of the service desk and how important cybersecurity has become. 

Take for example patch management which sits right at the intersection of security and IT systems management. Regularly and consistently applying security updates to ensure all applications of approved software is running on the latest version is the single most important thing the security team can do to minimise the organisation’s exposure to cyber threats and security breaches. This is particularly true with pervasive threats such as malware and ransomware which often establish themselves inside the network by exploiting a software vulnerability for which a remediation is available. It therefore doesn’t make sense to separate the systems for day-to-day security and IT operations.  

Patch management alone can significantly reduce the chance of a successful attack. However, the security threat landscape is far too large and complex for any one single technology to provide all of the answers. For this reason it’s important to evaluate technologies and the vendors behind them not just on what they can deliver now, but also with respect to their view of the future and the product roadmaps they are developing. 

Adding security to the mix

Our experience of combining ITSM with endpoint management is that it provides the capability to effectively manage assets physically from the service desk, gain control of sprawling networks and grow complexity generated by having more platforms and proliferation of endpoints. It supports the move towards empowering and enabling users who want to self-resolve through a service catalogue. Asset management should also have the capability to add and withdraw software if someone requests it and ensure the infrastructure is kept up to date and protected against vulnerabilities. 

This is exactly where endpoint management begins to make a difference in maximising operational efficiencies, reducing IT costs, managing risk and improving service quality and compliance.  

Indeed, as endpoint technology grows in complexity, and the threat surface expands, no management solution is complete without fully integrated security; no security solution is complete without automated, comprehensive management of all endpoints. At the same time, as end user expectations continue to increase, companies must integrate new technologies into the business without slowing down the delivery of services.      

Gartner says that ITSM 2.0 tools focus on improving the quality and efficiency with which infrastructure and operations supports end users and delivers services, but this has to include security. At the most basic level, you can’t properly manage devices without accounting for security and you can’t secure them without managing them. Only then can ITSM reach the ‘plateau of productivity’.

Roberto Casetta, SVP and General Manager International, at HEAT Software
Image Credit: Den Rise/Shutterstock