Spotlight
ITIL Security Management and NetIQ
By Sacha Dawes, CISSP
NetIQ Product Management
The IT Infrastructure Library (ITIL) is based on the foundation that "IT is the business" and that "the business is IT." This is definitely true within today's corporations, where more than 90 percent of corporate communications are created, discussed or summarized in digital systems (Gartner, 2003). With information being the life-blood of organizations, access to it in a reasonably acceptable timeframe can be the difference between an organization's success and failure.
ITIL provides a comprehensive framework for managing IT services. This includes ensuring that organizations can successfully align IT services with the current and future needs of the business and its customers while improving the quality of IT services delivered and reducing the long-term cost of service provision. With increasing pressures from competitors, customers and partners, as well as regulatory bodies, managing the security of your IT infrastructure has become a more prevalent requirement. As security management becomes a distinct process within ITIL, NetIQ Security Solutions can make a significant contribution to enterprise security and service management.
When determining a budget for IT service management, organizations must typically consider how to balance three key requirements: cost, performance and security. Organizations have typically selected performance as their primary requirement, though regulations have increased the importance of meeting security needs. NetIQ is uniquely positioned to help organizations balance their security and performance needs, while simultaneously being able to demonstrate a good Return on Investment.
Security Management is concerned with enforcing three objectives within the management IT services:
- Confidentiality — maintaining the secrecy and privacy of services and information.
- Integrity — ensuring the completeness, accuracy and quality of services and information.
- Availability — providing access to services and information to those who need it, at the expected time, and in the form required.
A key target for Security Management practices is in the management of the organization's Information and Communication Technologies (ICT); namely the network, systems and software that provide and support the information and services. ITIL processes rely on ICT for correct, accurate and timely information so that correct decisions can be made to both support day-to-day operations (i.e., Service Support) and facilitate the examination and determination of long-term planning and improvements to IT services (i.e., Service Delivery). For this article, we will focus on how NetIQ can help organizations achieve Security Management within Service Support-namely, the day-to-day operation and support of IT services. Specifically, we will examine the mapping of NetIQ Security Solutions to the ITIL processes of Change Management, Incident Management, Problem Management, Configuration Management and Release Management.
ITIL and NetIQ Security Solutions
NetIQ Security Solutions are well-placed to aid in the management of all ITIL Service Support processes.
Change Management - It's important to assess the impact and risk of any change before putting it into production, as well as to validate changes post-implementation. NetIQ's Security Administration Suite provides a higher level of management within Windows environments, allowing the evaluation of and reporting on changes to Group Policy and account administration, and enforcing approval workflows before implementing changes. To validate changes, NetIQ Vulnerability Manager™ can report on changes to the security baseline across a wide range of assets to validate that services are still in compliance with corporate and regulatory policies.
Incident Management - The goal of incident management is to be able to restore normal service operation as quickly as possible in order to minimize any adverse impact on business operations. NetIQ Security Manager™ helps organizations become more proactive in their incident management by providing real-time monitoring and notification of IT-based security incidents, as well as automated response to identified anomalies. NetIQ Vulnerability Manager also aids organizations in proactively identifying incidents through identification of where configurations alter from a known baseline or become out-of-compliance with defined policies.
Problem Management - To determine the root cause behind IT-based problems, NetIQ Security Manager includes log analysis capabilities, particularly trending and forensics abilities, which aid in the investigation and diagnosis of incidents. When combined with the extendable security knowledge base within the product, these trending and forensics abilities can aid in faster resolution and recovery to minimize exposure times. NetIQ Vulnerability Manager also helps resolve problems through presentation of best-practice information and recommendations to bring services back into compliance with security and regulatory policies.
Configuration Management - To aid in the identification, control, maintenance and verification of service and asset configurations within the IT infrastructure, NetIQ Vulnerability Manager automatically discovers assets connected to the infrastructure and provides notification when configurations vary from established baselines. Similarly, NetIQ Security Manager offers intrusion prevention technology, which assists in the control of asset configuration by ensuring that configuration changes are only made by authorized personnel (i.e., the Release Manager). For Windows-based configuration management, Security Administration Suite provides a centralized point of control to manage and audit changes to Group Policy, Active Directory content and Windows accounts.
Release Management - Ensuring that approved configurations are implemented to production, NetIQ's Security Administration Suite provides a workflow to ensure that only approved changes to Windows-based environments are implemented in production. These changes might include account modifications, Active Directory content updates and changes to Group Policy. NetIQ Patch Manager™ also provides a central location with granular control for distributing software updates across the IT infrastructure, as well as extensive reporting on patch deployment.
Finally, although the Service Desk is a function within ITIL that helps facilitate Service Support processes, it is still a key component of IT service management. NetIQ Security Solutions are both intelligent and easy to use, facilitating workflow, security knowledge and reporting to service desk staff to aid in more effective and timely decision making-helping organizations to be more proactive in their management.
Conclusion
Traditionally security has been managed at an operational level, resulting in inefficient selection of adequate and effective security controls to meet the needs of the business. Given the increasing visibility of security as a key part to ensuring business operation, and with the increasing reach of regulations worldwide, ITIL is well-placed to ensure that security is viewed as a service that needs to be aligned with the current and future needs of the business and its customers.
As organizations continue to adopt ITIL, they must be sure to consider security within both the planning and operations side of IT service management. NetIQ Security Solutions aid in the day-to-day operation and support of IT services, helping to manage risks, secure assets and assure that services are in compliance with leading regulations and corporate policy.
