While several huge security breaches have been in the news this year, the threat level continues to grow, with cybercrime getting more organized, and derailing the power of new technology.

If your organization is still struggling with ways to improve security, here are 5 ways to more efficiently bridge the gap between IT security teams and operations teams by leveraging the insight provided by data center discovery and dependency mapping.

#1 Build a common configuration repository

Establishing a configuration management process across the enterprise allows you to break silos when decisions are made that involve enterprise architecture, systems management, and IT security. Using a common repository for configuration data enables you to reduce the effort required to gather and maintain quality data from multiple sources, agree on data formats, and speak common languages.

Leveraging a comprehensive heterogenous cloud discovery and dependency mapping solution also helps reduce implementation complexity. This drives requirements for such solutions to address hybrid and multi-cloud deployments, be scalable, secured through industry certifications (e.g. FIPS140-2, Common Criteria), and able to integrate with security tools (e.g. PAM such as CyberArk, portals such as BMC Threat Director, SIEM, etc).

I have seen many implementations come to faster success via a close partnership between the configuration management team and the IT security group who provide access authorizations. This is made possible by prioritizing the benefits of relying on trusted and up-to-date data over the risks of giving such access rights.

#2 Leverage automated inventory scans for compliance

Internal or regulatory compliance (e.g. PCI, SOX, HIPAA) require regular assessment of asset inventory, and their business function.

However, a mature organization should consider inventory audits as non-events, and rather target continuous checks and improvements. It is much more cost-effective to implement automated discovery that guarantees always available and high quality reports.

Also, at the pace of change required by digital transformation, inventory data is difficult to gather and maintain. A benefit to a multi-cloud approach is to avoid vendor lock-in, so you can expect even more change going forward. There are many benefits to establishing good discovery practices, including identifying integrations with virtualization or cloud APIs as well as identifying unknown use of applications and servers, commonly referred to as Shadow IT. Now might be a good time to review how you keep track of your compute, software, network and storage inventory and seek optimizations.

#3 Consistently identify misconfigurations

Many security breaches are a direct result of misconfigurations. Another benefit of multi-cloud discovery is achieved through leveraging its data to participate in the vulnerability management process.

Through the richness of both the raw data that is gathered, as well as additional intelligence to interpret this data, derive relationships etc, it is possible to proactively identify misconfigurations:

• This can be basic technical data such as ports that should not be open, unsupported hardware, unauthorized or vulnerable software or operating systems
• It can also be components that are not attached to a business function or that do not have the baseline security tools installed
• And dependency mapping can participate in more complex assessments such as disaster recovery or when merging infrastructure post-acquisition

Having a well-established process relying on trusted data to address configuration issues can lead you to quick wins in protecting your organization.

#4 Pragmatically prioritize remediation

Because eradicating all vulnerabilities is impossible, organizations need to prioritize vulnerabilities to isolate those that have the greatest impact, and deploy resources in the most effective manner possible.

Vulnerability knowledge bases and scanning tools allow you to sort security issue criticality, but a second angle to prioritization is to look at application maps and impact models to determine the exposure to the business.

Data center discovery and dependency mapping augments the vulnerability management process by:

• Providing insight into how applications are deployed and protected (e.g. it might not matter as much that a web server is vulnerable to certain attacks if it is protected by a firewall)
• Providing the business context to infrastructure components (e.g. adjust the priorities based on the business impact that would result from loss of data or disruption)

#5 Strengthen change management

A challenge that is commonly faced is the friction between security teams that make system configuration recommendations (e.g. patches to deploy) and operations teams who are focused on reliability and availability.

This friction frequently results in lengthy decision cycles with an unacceptable window of exposure, and potential re-work of unplanned downtime.

Multi-cloud discovery and dependency mapping delivers an accurate and comprehensive understanding of change impacts to ensure that security implementation and remediation plans are appropriate and will result in a smooth transition. It also allows to properly track changes over time.

This results in faster decisions, safer rollouts, and improved collaboration.

Now is a good time to review your change management process and ensure it relies on robust data. The benefits will extend beyond IT security.

This post updated 10/17/2017

For many professionals, the service desk represents the face of IT. The quality of the service desk experience will go a long way in defining the perception of the whole IT organization—especially for adults under 40 who’ve grown up with technology and become accustomed to high-quality personal technology services. That inevitable comparison makes it essential for IT organizations to modernize their service desk to improve user experience, efficiency, and accountability.

“57% of support organizations saw an increase in ticket volumes” – HDI 2016 Technical Support Survey

Breaking down silos across point solutions can be an important element of service desk modernization. Let’s explore how extending service management through tight integration with endpoint management contributes to better service desk KPIs such as user satisfaction, call volume, and time to resolution.

User experience

Users get frustrated when they have to provide all kinds of basic information over the phone or through a form before their issue is even considered. A first benefit of integrating endpoint management with service management is to automatically link user data with information about their technology (e.g. devices, software, configuration) so agents have firsthand data available with the ticket when they start working on a case. For users, this shows that agents are knowledgeable and ready to move quickly toward resolution.

Self-service can eliminate the need for many cases to be routed to the right group, queued, and eventually processed by an agent. While it doesn’t reduce the number of requests, it empowers users to solve many issues themselves without having to contact the service desk – improving user satisfaction. Endpoint management integration with a service catalog allows IT to offer rich services that can be automatically delivered to the user. For example, software request workflows can be automated end-to-end, from requesting an application, to approvals and license checks, to getting it installed on a device.

“The goal should be to make IT self-service the default support option and raise customer satisfaction at the same time. Self-service is both cost-effective and scalable.” – Gartner report, Design IT Self-Service for the Business Consumer, Chris Matchett, 4 October 2017.

More efficient agents

Automatically linking tickets with data about users and their technology doesn’t just improve user satisfaction, it also improves the service desk agent’s efficiency by eliminating the need for them to ask for this information, as well as the errors that can result from manual investigation.

Endpoint integration makes it possible to directly perform diagnostics or remediation actions from a ticket through remote control tools or pre-defined remote actions, thus reducing back-and-forth cycles between tools. This integration can also limit the number of escalations needed, avoiding lengthy work queues and the risk of miscommunication, and offering the user a real single point of contact.

Because it is important to keep track of how a case was solved, agents can spend a significant amount of time documenting their actions. Endpoint management integration allows the service desk to automatically save information about the device involved, record actions that have been taken (e.g. remote control performed by agent X at HH:MM:SS) to improve ticket data quality, and provide more transparency at no cost.

Proactive endpoint maintenance

With ITSM integration, software agents running on client systems can monitor many parameters and generate alerts and tickets without a user being involved. Examples include a system with storage approaching capacity, or out-of-compliance antivirus tools, or a critical event which has been detected. This allows the service desk staff to handle the problem before it impacts the user, and schedule a maintenance task when there is no risk of lost productivity.

Having information about users and their devices properly documented in incidents will also ease potential problem investigation and help to target mass remediation actions.

Extending your service management through BMC Helix Client Management

BMC Helix Client Management optimizes your service management solution to provide comprehensive, automated endpoint management, delivering great service to end users while minimizing cost, maintaining compliance, and reducing security risk. Comprehensive ITSM integration includes self-service portals, CMDBs, and service desk consoles via native integration with Remedy with Smart IT, CMDB, Remedyforce, BMC FootPrints, and Digital Workplace. The solution also offers a comprehensive REST API for additional integrations.

Try BMC Helix Client Management today!

Unlike its counterpart in nature, “cloud” in an IT context is no longer a singular noun. There’s a very good chance that your organization uses multiple different clouds, of different types, to meet your business and technical needs. Whether you run a private, public, hybrid cloud or multi-cloud deployment model, your environment is more complex than it used to be – which means your management strategy needs to keep up. In fact, Gartner predicts that by 2020, 90% of organizations will adopt hybrid infrastructure management capabilities.

Why configuration management is critical to hybrid and multi-cloud environments

Holistic cloud management includes multiple initiatives, but one of the most important is also commonly overlooked: discovery. While multi-cloud discovery may not be the first IT initiative that comes to mind during your transition to a hybrid or multi-cloud environment, it plays a critical role in managing all the moving pieces as your footprint grows in the cloud. In fact, the best practices defined for configuration management processes by frameworks such as ITIL and COBIT have never been more relevant in a landscape that includes multiple vendors, different splits in responsibility, accelerated innovation delivery, and greater emphasis on automation. Multi-cloud discovery plays a crucial role in providing the information necessary to enable configuration management processes.

A well-executed multi-cloud discovery initiative enables you to:

• Provide accurate configuration items and relationships to assist decision making (e.g. change approval or release planning) and help resolve incidents and problems faster.
• Define and maintain the components of business services, their role and ownership, how they relate one to another, and how they evolve over time.
• Provide the means and processes to guarantee data quality.

These capabilities are ideal in any environment, but become critical with the move to cloud. As more and more applications get deployed using various cloud services, establishing streamlined multi-cloud discovery built on the objectives listed above helps you optimize costs and reduce the risks related to performance availability, security, and compliance.

5 key capabilities of multi-cloud discovery

What does a well-executed multi-cloud discovery initiative look like in action? For discovery to positively impact your multi-cloud deployment, it must be able to execute these five things with best-in-class precision:

1. Manage your multi-cloud deployment.
   • Relate cloud services to incidents, problems, and changes to adhere to service management good practices.
   • Provide the dependencies of cloud services in support of change impact analysis.
   • Understand how internal infrastructure depends on cloud services and vice versa in hybrid application deployments.
2. Secure your infrastructure.
   • Identify zombie services still utilizing compute resources in the cloud.
   • Identify version sprawl amongst the software and OSs deployed on VMs in the cloud.
   • Identify internet-exposed cloud resources and what upstream applications may be at risk.
3. Know what’s out there.
   • Understand what compute resources and software you have deployed in multi‐cloud environments.
   • Identify redundancies and sub‐optimal architecture deployments in cloud environments.
   • Enable asset management and cost transparency processes by providing the inventory and relationships to cloud services.
4. Monitor your multi-cloud environment.
   • Provide application models which include all cloud services and internal infrastructure from hybrid cloud deployments to understand dependencies and impact when events occur.
   • Support activities to ensure monitoring of the entire environment by identifying resources which may not yet be monitored.
5. Transform your IT strategy.
   • Model the current state to better assess which applications and services are good candidates to move as part of the cloud strategy.

All of these capabilities enable you to manage, monitor, and measure your multi-cloud environment with the same accuracy, breadth, and security as your traditional internal data centers. Whether you’re a “cloud beginner”, or on your way to an all-in cloud strategy, they form the foundation to empower digital transformation.

Learn more about multi-cloud discovery in our white paper, Why Discovery Is Critical to Multi-Cloud Success: Best Practices for Maximizing Your Investment in a Multi-Cloud Environment.