Sparking security transformation with ServiceNow Security Operations  

Diversification and digital transformation are the key to success for businesses in most industries. Spark – formerly Telecom New Zealand – is no exception. The business is now looking to build on its expertise in telecommunications with a broad range of digital services.  

These far-reaching changes also require a disciplined security response. Josh Bahlman, tribe lead for cyber security at Spark, joined us in ServiceNow Neighbourhood – our online community featuring speakers who are changing the way work is done – to share the organization’s digital security journey.

Josh’s team had a formidable task and is sized appropriately. “My security team is probably the largest in New Zealand, and that’s more out of necessity than anything else,” he explains. “[We have] to protect our telco networks [and] our enterprise as well as our customers through managed services [and] IT services as well.”

Spark’s adoption of ServiceNow Security Operations to support cyber-security aligned with a broader move by the business to consolidate its service management, processes, and workflows. “It was a no-brainer for the cyber-security team to follow suit,” says Josh. 

The cyber security team began with incident response and consolidating a range of security tools into a single location so it could provide better support to the business. 

It then focused on vulnerability management and, using third-party scanning integrated with ServiceNow workflow management, gained better visibility of risk and improved its ability to position work with the right groups for resolution.

Spark is continuing to review how automation with ServiceNow Security Operations can improve the efficiency of security processes. Josh took the opportunity in the ServiceNow Neighborhood to share with us some reporting that would help direct his automation activities. 

First, he says, the cyber security team spends half its time on incident reporting false-positives – an inordinate amount of collective energy that needs to be addressed. Second, nearly a third of incident tickets involve denial of service – an area the team is already using automation to mitigate. 

Finally, phishing attacks are wasting a lot of the team’s time and Josh plans to use automation to reduce the load.

Josh also shared with us the techniques and processes Spark used to successfully deploy ServiceNow Security Operations. These included using the skills of partner InfoSys and breaking the project into chunks to help people grow with the platform rather than try to absorb all its capabilities at once. 

Spark spent four months switching on the capabilities of the platform and another 12 on adoption and maturation. The business also modified its processes to align with ServiceNow Security Operations so it could minimize the required work on upgrades and keep up to date with new releases. 

“Now the pressure is on me and my team to see how we can evolve that further,” says Josh. His projects include using ServiceNow to gauge bottom-up risk and streamline  the audit processes. 

“What I’ve been searching for is how I can quantify risk around specific assets and maybe even specific resolver groups and people,” he says. “We’re looking at…an integrated risk management tool and feature inside the suite of modules you can turn on.” 

To view the ServiceNow Neighbourhood session with Josh, click on this link: https://content.servicenow.com/nowneighbourhood/Spark-Customer_Story?lx=U9S4CU&elqcampid=25124&cname=FE-Q3ANZDigitalSeriesSession6-Online-21AUG20-APJ 

© 2021 ServiceNow, Inc. All rights reserved. ServiceNow, the ServiceNow logo, Now, and other ServiceNow marks are trademarks and/or registered trademarks of ServiceNow, Inc. in the United States and/or other countries. Other company names, product names, and logos may be trademarks of the respective companies with which they are associated.