Security Automation From ITSMF Italia 2010

Conferenza Annuale 2010Ridurre i costi operativi IT in 5 mosse

grazie all'integrazione dei processi

Marco Bianchi

Agenda

• Il Business Case per l’IT Process Automation• Esempi di IT Process Automation per ridurre i

costi• I 5 passi da intraprendere per prepararsi all’IT

Automation• Customer Case Studies

IL BUSINESS CASE PERL’IT PROCESS AUTOMATION

Walking up the Down EscalatorBecome an Efficient Business Enabler

Operational Efficiency

Business E

nablement

Goal:Cost Effective withOptimized Service Delivery

Sub-Optimal:Cost-Centric and Tacticalwith Marginal Services

Current State:Expensive and Tactical with

Limited Perceived Value

Sub-Optimal:Aligned To Business Goals But

Expensive

Efficient Business Enabler A

Low Cost Provider C

Expensive Business EnablerB

Low Value ProviderD

Management’s Dilemma:Operational Efficiency vs. Business Enablement

Significant up-front investments and the need for profound changes jeopardizes or delays expected cost reductions.

Outsourcing or an internal focus on cost-cutting consolidation, often forsake agility and business enablement.

“The Cost Cutter” “The BSM Paradox”


Business E

nablement


Business E

nablement

New Approach:IT Process Automation Provides a Direct Route

IT Process Automation enables you to:

2Integrate Tools within IT Operations and/or Security

3Integrate the Business into IT Management Processes


Bu

sin

es

s E

na

ble

me

nt

1

2

31

Reduce Inefficiencies from Current Management Tools

6

0: Poor service quality detected

3: Service desk receives ticket

9: No requested change?

11: Validate remediation

12: Close ticket

10: Guilty admin rolls back

1: Admin notified

2: Ticket created

4: Establish bridge line

5: Notify other groups

6: Commence finger-pointing

7: Isolate potential cause

8: Notify change management

13: Review with management

Database Management

Security Management

Network Management

Application Management

Service Desk

ManagedTechnologies

Best of Breed

ManagementTools

IT Functions

IT Management

Why Automate?An Example of Process Gone Bad

7

ESEMPI DI IT PROCESS AUTOMATION PER RIDURRE I COSTI

8

3. ITPA tool requests disk usage analysis from Systems Management

4. ITPA tool sends email to admin requesting approval to clean up

2. Systems Management generates an event, triggering a process in the ITPA tool

1. Available disk space falls below threshold

6. Administrator approves partial cleanup through ITPA tool

7. ITPA tool commands Systems Management to perform cleanup

8. ITPA tool sends confirmation email to the administrator

Systems Management

ITPAAdministrator

Archive Trash

1

2

3

4

5

6

7

Recover from Common EventsSuch as Low Disk Space Conditions

Server with Local Storage

Saved: 15 minutes

Saved: 5 minutes

Saved: 4 minutes

Saved: 15 minutes

Saved: 4 minutes

File Type Delete? Archive?*.dmp*.log

5. If no response is received within a defined time, ITPA tool escalates to a higher level of management

Saved: 5 minutes

8

Management

Total Time Saved:48 Minutes

2. ITPA tool commands the load balancer to block new sessions to the first server

3. ITPA tool commands Systems Management to monitor for the server to reach zero active sessions

1. ITPA tool initiates the server reboot process based on a schedule and suppresses reboot related events

4. ITPA tool commands Systems Management to reboot the server and wait for completion

5. ITPA tool commands Systems Management to validate server health

6. ITPA tool commands the load balancer to enable new sessions

ITPA

Administrator

Active Sessions

Web Servers

Load Balancer

7. ITPA tool commands Systems Management to verify service performance

8. ITPA tool sends a progress notification email to the administrator

9. ITPA tool repeats steps 2-8 for each additional server in the group

23

4

5

6

8

9

Perform Routine MaintenanceSuch as Rebooting Servers

Systems Management

ResponseTime

Saved: 10x minutes

Saved: 1 minutes

Saved: 15 minutes

Saved: 15 minutes

Saved: 3 minutes

Saved: 5 minutes

Saved: 1 minute

7

Saved: 1 minute

1

Systems Management


3. ITPA tool triggers VMware vCenter to create a temporary placeholder virtual machine

4. Create & submit a change request in a ticketing system and assign business owner

2. ITPA tool identifies clusters with sufficient spare capacity to house the requested virtual machines

1. Requestor visits ITPA tool web console and initiates a request for new virtual machines

5. When approved, ITPA tool notifies requestor and commands VMware vCenter to delete temporary virtual machine and provision the production virtual machine from a template

6. ITPA tool commands Systems Management to deploy agents and scans with Policy Management to confirm correct configuration

9. ITPA tool updates the billing system for the newly created virtual machine

ITPA

VM Requestors

Billing System

2

5

6

Request, Approve and ProvisionA New Virtual Machine

7. Notify virtual machine requestor of provisioning completion and ticketing system to close ticket

8. Virtual machine configuration report generated via Policy Management

7

LOB Owner

VMware vCenter

CDB

Policy Management

Saved: 10 minutes

Saved: 15 minutes

Saved: 10 minutes

Saved: 10 minutes

Saved: 30 minutes

Saved: 20 minutes

Saved: 20 minutes

Saved: 30 minutes

6

9

1

4

3

Ticketing System

8

Systems Management


1212

7. Remedy ticket is closed and ITPA tool commands Policy Management to conduct a final scan to confirm remediation

3. ITPA tool queries Policy Management for a list of user entitlements

1. File integrity or security monitoring detects change, triggering a process in the ITPA tool

5. Stakeholders choose remediation and ITPA tool creates a change ticket

6. ITPA tool has Policy Management perform a vulnerability scan

2. ITPA tool queries ticketing system to see if change was planned and authorized

4. Business stakeholders and admin team notified

Respond to Configuration Changes And Ensure Protection of Critical Hosts

ITPA tool

Administration

Ticketing System

1

2

Stakeholder

SecurityMonitoring

Policy Management

7Saved: 15 minutes

Saved: 15 minutes

Saved: 15 minutes

Saved: 20 minutes

Saved: 15 minutes

Saved: 5 minutes

5

4

3

6


I 5 PASSI DA INTRAPRENDERE PER PREPARARSI ALL’IT AUTOMATION

13

Questions to Ask Examples

What processes do users or customers complain about?

What activities occupy too much staff time?

What activities cause the biggest budget surprises?

What activities cause the most re-work?

What processes are competitors automating?

Case studies or articles written for your industry

Recurring events without permanent resolution

Increased demand for storage as disk space fills up

Rebooting servers to deal with application memory leaks

Too much time to complete a request logged in a ticket

Prepare Your StaffIdentify Needed ToolsRank Candidates by ValueEvaluate Your Process MaturityIdentify Automation Candidates

Step 1Identify Automation Candidates

0. No formal process1. Ad hoc – individually tool dependent

2. ITIL Service Support processes in place

3. ITIL Service Delivery processes in place

4. Process extends beyond IT operations to business management

Consider a bottom-up micro-process first approach

Consider a top-down macro-process first approach

Maturity Level Source: Gartner I&O Maturity Model, Oct. 2007


Step 2Evaluate Your Process Maturity

Reduces re-work Reduces time to

provision new services

Reduces repetitive work requiring little analytical skill

Reduces manual review requirements

Reduces unplanned downtime

Improves communication (timeliness, accuracy, etc.)

Better use of resources and inventory


Criteria 1: Improve quality by reducing defects

Criteria 2: Reduce cost through efficiency

Step 3Rank Candidates By Value

Existing Management Tools Systems management Service Desk (ticketing) tools Provisioning tools

IT Process Automation Tools

General (any micro or macro process)

Specific (single use case, single-vendor)


Other Sources (RFCs, CMDB, Change

monitoring, etc.)

Systems Management

Helpdesk

ITPA

Incident Stakeholders

Management

Ticketing

Step 4Identify Needed Tools

Solicit help in identifying new automation candidates

Expected role in new processes Expected outcomes of automation

Free to accomplish higher-value projects Gain career enhancing skills


Step 5 Prepare Your Staff

CUSTOMER CASE STUDIES

19

Solution ResultsChallenges

Implemented ITPA to automate event management and VMware provisioning

Began by listing critical processes to automate

NetIQ services documented processes and built workflows for them

Integrated ITPA with their CMDB and ticketing systems

Staff growing linearly with customer servers

Customers upset when service is inconsistent

No way to report on process compliance

Virtual Machines can be provisioned by customers, but remain unmanaged

European MSP

Cost savings of $1M + (10,000 hours annually)

Offering improved SLAs to customers for event resolution timeframes

Able to demonstrate process compliance to customers in support of “Operational Certainty”

Improved competitive pricing and customizability


Financial Services

To gain control of operations, they implemented ITPA

ITPA is now integrated with a ticketing and IVR system

Processes are focused on user self-service to reduce help desk calls

Disorganized IT operations

No processes

No tool integration

Audits not pretty

Message to the marketplace is “Technology and self-service automation is a differentiator”

6% reduction in help desk calls achieved

Improved end-user satisfaction with more immediate resolution for automated process

Cautious with ticket integration to avoid overload at the service desk


Eliminate outsourcing activities by automating the comparison of security alerts with approved changes in RFCs

Extend the automation to included automated forensic gathering when necessary Collecting logs Database entries Checking

entitlements

First response to security events are outsourced

Concern about the risks and costs of outsourcing

Requirements are growing to expand security monitoring from 700 servers to 5000

Eliminate the outsourced SOC

Expected cost savings exceed $1M per year

Faster response to security alerts with fewer false positives

Reduced cost for forensic gathering

Able to scale to meet expanded monitoring mandates

Large Int’l Bank

World Wide Heavy Industrial

23

Integration:NetIQ Security ManagerNetIQ Change GuardianSAP HR & CMDBMobile GatewayMail System

IT Process Automation Benefits

Database Management

Security Management

Network Management

Application Management

Service DeskReduce the cost of IT operations and security

Improve service quality by reducing human error

Prevent knowledge flight through documentation

Embed policy in process to ensure compliance

Improved ROI of existing tool investments as they are utilized more

Accelerate ITIL adoption by reducing resistance

Il FORUM per la condivisione delle competenze ITSM

Security Automation From ITSMF Italia 2010

Technology

Transcript of Security Automation From ITSMF Italia 2010