ServiceNow:
What can enabling cyber security operations do for you?
By Haydn Leary (Solution Leader, ServiceNow Sales, Computacenter) and Greg White (Security Operations, Director UK&I, ServiceNow)
In 2023, organisational resilience should be near, if not at the top of corporate improvement priorities.
Industry research reflects this, with Gartner research stating, “By 2025, 70% of CEOs will mandate a culture of organisational resilience to survive coinciding threats from cyber crime, severe weather events, civil unrest and political instabilities.”1
As part of this, organisations must defend themselves against the constant cyber intrusions that look for IT infrastructure weak points. The business impact of a successful intrusion is significant, with operational downtime, an adverse effect on services and customers, and reputational damage all likely.
According to IBM’s Cost of a Data Breach 2022 report, “For 83% of companies, it’s not if a data breach will happen, but when. Usually more than once. When detecting, responding to and recovering from threats, faster is better. Organisations using AI and automation had a 74-day shorter breach lifecycle and saved an average of USD 3 million more than those without.”2
So how are your organisation’s cyber security capabilities contributing to the much-needed organisational resilience?
Improving your organisation’s cyber security capabilities
Most organisations are transforming to a digital-first business model. This change facilitates business agility but also increases the potential for cyber attacks, and cyber security operations must react to the increase in workload while ensuring that cyber security risks are minimised in creating and delivering digital services.
Forrester Research cites three top issues that cyber security teams and their organisations face:
- “Inefficiencies in assessing and protecting your entire attack surface” – with almost 60% of organisations struggling because emails and spreadsheets are used to manage security processes.
- “Lack of optimisation and orchestration between IT and security” – with the resulting workloads a primary cause of security-expert retention issues.
- “Inability to respond quickly to minimise impact of evolving cyber threats” – where 87% of organisations have experienced an attempted exploit of a known vulnerability.
Managing risk and resilience is everyone’s responsibility, but there’s also the need for cyber security and IT teams to work better together. Especially in terms of communication and collaboration, breaking down the traditional functional siloes to better protect business operations and deliver the required organisational resilience.
The current state of IT and cyber security collaboration
of cybersecurity operations still use spreadsheets for security hygiene and posture management
IT and cyber security collaboration is usually hampered by siloed operations. Especially because of the disparate technologies employed and the lack of workflow automation. For example, 73% of cyber security organisations still use spreadsheets for security hygiene and posture management.
There’s commonly a clear break between cyber security and IT responsibilities for vulnerability remediation. Cyber security operations focus on triaging vulnerability exposure, including identification, validation, and prioritisation. IT operations focus on coordinating workflows to remediate or fix the cyber security risk by assigning tasks, managing workflows, and remediating the vulnerability. The handoff between teams is often challenging, thanks to the disparate technologies. However, the lack of consistent and collaborative data adds to this issue – where 79% of organisations don’t have a common view of assets across cyber security and IT.
The cyber security threats don’t care about these silos, but your organisation should because the siloed working and data cause operational inefficiency and ignore interdependent risks.
How to improve your cyber security effectiveness and organisational resilience
The required optimisation starts with improving enterprise asset visibility – such that everyone involved, not just the IT team, knows the purpose, location, and criticality of assets. Providing insight into where risks are and the potential business impact they bring.
Once there’s enterprise asset visibility, there’s a need for risk-based prioritisation of IT and cyber security efforts, including end-to-end process visibility, so that all parties can see the remediation status. For example, in closing a firewall port or patching vulnerable assets.
Siloed tools can cause inconsistent visibility, and the corporate configuration management database (CMDB) can suffer from poor data quality, which limits its value. Better CMDB data would not only improve risk-based prioritisation, focusing on the risks associated with critical assets, but the shared data will also help both cyber security and IT operations. For example, cyber security scanning data can also contribute to service management insights into the IT and service infrastructure.
The automation of end-to-end workflows is also key. Cyber security teams can’t function as needed while being held back by manual processes that limit throughputs and increase the risk of vulnerabilities or cause incident response delays.
How Computacenter and ServiceNow help
The help starts with best practice knowledge on improving cyber security and resilience postures through service automation technologies. In terms of visibility, the ServiceNow Platform and CMDB offer a common service data model (CSDM) for the enterprise. This facilitates data-driven risk prioritisation, and intelligent automation will automate both cyber security and service operations tasks.
For example, automated security incident response reduces the time to triage and prioritise security incidents, including automated assignment. Where business context and incident severity insights accelerate prioritisation and work is routed seamlessly between cyber security and IT teams. This automation speeds up cyber security operations and reduces risk exposure; it also scales cyber security capabilities and improves insight into individual and aggregate statuses, including the overall threat exposure.
In organisations where all employees take cyber security seriously, the organisation is less at risk.
The business benefits of increased visibility and automation
At a high level, the changes help cyber security teams better support corporate digital-first strategies. Not only scaling cyber security capabilities but also improving the quality of the operations and outcomes – reducing risk and improving organisational resilience. For example, a UK bank has 4 million open vulnerabilities across its IT estate, but only 2-3% are considered to put the bank at risk. This is why it needs visibility.
The improvements also reduce risk management costs. For example, a company could have prevented a £900k cost, and a month’s effort, by getting visibility of regulatory risk through the ServiceNow solution.
The operational labour savings can be significant too. For example, the automation of cyber security practices saved a UK bank tens of thousands of hours of manual effort per annum. This improvement also increased operational speed and reduced risks.
In addition to the operational benefits of increased visibility and automation, cyber security teams can become service providers – with mindsets and culture changed to focus on service and experiences, such that technology is “usable and secure”. These changes can be infectious, with all employees better understanding the importance of cyber security, and in organisations where all employees take cyber security seriously, the organisation is less at risk.
Next steps
If you already have ServiceNow in your business, the platform and the already present data can be leveraged to improve cyber security operations and organisational resilience. The business benefits to be gained include increasing visibility, creating end-to-end processes and journeys, reducing manual activities (and the associated costs and delays), increasing throughputs, and improving data quality and decision-making.
So what can enabling cyber security operations do for you? Ultimately, it’s not simply about enhanced cyber security capabilities; it’s about better business operations and outcomes.