Published on April 13th, 20120
Where the service desk fits into the security picture
Our final exclusive article previewing Ovum’s expert content being delivered at the Service Desk & IT Support Show looks at how the service desk can play its part protecting the business against security threats. Andy Kellett, senior analyst, security explains why and how the service desk should intervene.
The security of business systems is threatened by everything from targeted and persistent malware to basic phishing attacks. Well-respected organisations have had their security breached and now live with the knowledge that further violations are likely.
In many cases this happens because of the open approaches that organisations take to the use of technology. Examples include automation without the required safety checks; activities which are driven by the need to achieve more from fewer resources. It also happens because businesses are prepared to collaborate and share more information with external parties, make use of under-protected online services, and provide user access to systems and networks via an ever growing range of mobile devices. All of these elements have an impact on the security of business operations and, in supporting the safe and effective use of technology, service desks have an important role to play.
New and evolving threats put organisations at risk
The theft of corporate data and the more common forms of data leakage are not always easy to identify. In far too many cases, organisations only become aware of a breach when criminals use their data for illegal purposes. Credit card information or personal data that can be used to steal identity remain the most popular targets. However, in a saturated market, as the value of this type of information falls, the focus on higher-value intellectual property is causing the growth in more targeted attacks.
There is substance to the view that almost all organisations have been breached by malware attacks at some point. Those that have not reported a breach could be in denial, or may not have identified an attack as it took place, or indeed is still silently happening. Organisations need to find better ways to identify when attacks are taking place, reduce the window of opportunity, and better protect their information systems.
Without doubt the vast majority of attacks on business systems continue to be driven by the desire to steal information for financial gain or to obtain business advantage. There has been a rise in advanced persistent attacks (APTs), which are identified by their targeted nature. These are defined as thoroughly researched and tailored attacks which focus on a particular organisation. They typically employ multiple attack strategies, using both social engineering and longstanding, under-the-radar, attack techniques – cyber espionage approaches.
Another recent phenomenon, termed “hacktivism”, is an attack which is driven by a desire to destabilise businesses or governments with whom the attacker has a grievance. This type of attack, which typically uses DDoS delivery methods, goes against the common theft-of-information-for-profit approach, but needs to be taken seriously because of the damage that can be caused to business operations.
The immediate challenge for organisations is to become better at detecting when an attack is taking place. They need to make sure that the right actions are taken when business systems have been breached and ensure that fixes in the form of systems patches are delivered to all affected areas as efficiently as possible. The business protection requirement is to stop information from being copied and removed before it is too late; in achieving this, the service desk has both a help and recovery role to play.
The role of the service desk
It is important to understand the risk profile of the organisation and the user and usage issues that impact on service desk operations when they are aligned to governance, risk, and compliance requirements. There is a need to determine when aspects of business operations need to be protected, when the actions of users are and are not acceptable, and the necessary service desk response actions when such situations occur.
It is central to the service desk operation to maintain a security posture in terms of rules and processes that are applied. The set up of the service desk should support the organisation’s security posture, and its processes should be used to help and respond when vulnerabilities are identified. This can take the form of responses to reported faults, the rapid identification and escalation of faults that appear to put the organisation at risk, and change management support for the delivery of updates when there is a need to patch operational systems.
Security services should not be delivered in isolation. They need to be seen as an important component of delivering safe business systems. The security posture of the business must not inhibit normal everyday activities; it should not make things more difficult for business users. Security services ought to happen undetected in the background and should only become visible to business users when those users are required to take a particular action or when they are warned that an action they are about to take may put the organisation at risk.
For example, the use of security certificates and the contracts that support their use should have no impact on the people who use them to connect to business systems, interact with colleagues, or hold encrypted data on mobile devices. However, the responsibility for centrally managing the service, keeping it up to date, ensuring that licenses do not expire, and for responding when problems occur lies with the service desk operation. The management of this kind of information is part of maintaining the organisation’s security posture and delivering service-level expectations.
Also, within the service desk operation, change and release management and the maintenance and approval of controls to ensure that only authorised staff can deliver these services is a security issue. Change control, and process orchestration and execution, are likely to be delivered as automated services, as is reporting on progress on patched and un-patched systems as a measurement of success. There is a requirement for these elements to work together to deliver efficiency and track progress through automation while eliminating manual errors and operational delays. The need for security controls is at the heart of all these operations.
View more of OVUM’s ITSM research on its YouTube channel.
Andy Kellet is senior analyst, security for Ovum
Register for free to attend The Service Desk & IT Support Show, taking place on 24/25 April 2012 at Earls Court, London.