Service Orientation Enabling Transformative Response to Security Vulnerabilities

Many times within IT Operations and Security Operations organizations take a two foot on the gas approach to solve a problem. By this I mean they drive towards a outcome without understanding what needs to be in place first. Sometimes this works because the organization is mature and has a solid foundation in place to build upon. But more times then not there are parts of the puzzle missing. The main puzzle piece I see missing in my discussions with CIOs is a true Service Oriented Configuration Management Database (CMDB) that is proactive vice static. In today's modern world it is no longer acceptable to update a Service Model (that is tied to a CMDB) once a month or less. And even more so it is unacceptable to update this model via technical panel and data calls. This is a recipe for disaster and it isn't until a few simple questions are asked that it comes to light.

"What happens if we loose this server/network gear? Who will be impacted? What Service will go down? What Other Services depend on this service to stay up and running?"

These should be easy questions to answer and ones that every CIO and/or Technical Director should hold their team accountable to answer. If not, it won't be a matter of when you will have a major issue just a matter of how.

Now lets put our security operations hat on for a few minutes. Operations is one thing, but cyber warfare is a whole another beast. Or is it? How many times have you gotten a listing of Vulnerabilities to patch/mitigate from your team? They typically have a severity ranking, right? Well, have you ever asked the question...what is making up that severity calculation? Is it taking into account what mission critical systems this server is attached to and how it relates to my mission? Or more importantly...can you even answer that question? Don't worry, not many organizations can today. But it is becoming ever more important to be able to answer those questions at a drop of a dime.

This is where a Service aware CMDB comes to save the day. Understanding what infrastructure is tied to what Service now enables teams to proactive resolve vulnerabilities that are most mission critical based on the Service Orientation! Think its magic? Asking yourself...that isn't possible in today's cloud world where infrastructure is dynamically spun up or down at any given time. Well you are wrong. There is now a capability to map services from a entry point (e.g. URL) and tie all the infrastructure to together to generate a dynamic topology map that is updated at the time of a change. No more questioning if the enterprise architecture diagram of a service you have in visio is correct or not. The CMDB will not include the contextual view of the entire enterprise.

One of these technologies is the ServiceNow Service Mapping capability. Their patented "top‑down" approach to service mapping discovers and maps the relationships between IT components that comprise specific business services, even in dynamic, virtualized environments. Service Mapping continuously monitors IT infrastructure for service‑affecting changes and updates service maps in real‑time.

Now that there is a understanding of the Mission Service tied to infrastructure we are able to being automating the ability to resolve security threats faster and with more accuracy! Now that is what I call true service orientation that will enable a transformative response to security vulnerabilities!!!

Reach out to bobosborn or briancrosby if you want to hear more!