ITSM’s Role in Building a Connected Enterprise: The Perspective of a CIO
With 73% of IT and security professionals reporting an increased workload since hybrid and remote work started, ITSM is a game changer for your organization. By automating workloads and increasing visibility, you’re able to build up the resiliency of your IT operations and proactively resolve problems.
But getting started can be hard. That’s why Bob Grazioli, Ivanti’s Chief Information Officer, sat down to share his perspective gathered over more than 25 years in the field. Not only does he dive into how ITSM improves your current operations, but he also discusses what other IT managers and CIOs have to say.
Noticeable trends with ITSM
"In Ivanti, our ITSM environment has dramatically expanded into obviously workflows, into lines of business. And, with the integration of ITSM into security products like our own product RiskSense [now known as Risk-Based Vulnerability Mangement], Patch, and Discovery, you're looking at ITSM being a single source of truth for many parts of the IT organization.
"If I have Discovery to discover all my assets, that includes data center and the devices on the edge. So, I have all my products now in my asset manager to manage. I have Patch now available to look at and patch those assets, secure those assets as they need to be secured.
"Now, with the integration of RiskSense into ITSM, we're able now to take ITSM and move that into our CI/CD. Why is that important? Because ITSM now can accumulate the type of vulnerabilities in tickets that are generated during the build process and allow us to have insights into the severity of those tickets and making sure that those tickets or security vulnerabilities are resolved before deployment of products into the operating environment.
"Now I manage both IT and SaaS for Ivanti, so it's critical for me to make sure that whatever our developers are pushing into production, it's secure, it's been validated, right, as being secure. It does not obviously impact our customers as they use our SaaS products globally and around the world."
How understanding your IT estate improves security
"Yeah, it truly, I believe is a game changer. I'll tell you why. Because before this, the IT organization was trying to go into different systems, making sure they can see these vulnerabilities. Normally the scanning systems would be the repository for these vulnerabilities.
"They would get pushed back into engineering or into SRE for them to evaluate the severity.
"But having ITSM being that single point of accumulation for all the vulnerabilities, that really is a game changer because of the awareness it creates throughout Dev, SRE and our Ops security folks.
"So, it really does change the perspective of how you can manage security vulnerabilities across the whole SDLC.
"You are basically stopping anything that could impact production from getting out into the environment. So, absolutely a big game changer for us and our customers going forward."
How ITSM is becoming a single source of truth
"In my role, obviously, as CIO, I talk to my peers, but also I have that unique perspective because I do manage the SaaS side of the house and I do speak to our SaaS customers - IT managers, CIOs, etc. And they're very, very insightful for me to speak to because they do broaden out where they're using ITSM and how they are expanding it into other areas that I might not have necessarily thought it was even applicable.
"They're giving us tremendous insight. And one of those insights, obviously, is around security, but also around the compliance. Especially in in the SaaS side of the House, we are focused on compliance both at the federal level, like with FedRAMP, the Fed Cloud, we have our ISO standards, we have our SOC standards, We have GDPR, we have ISMAP; all these international standards that are very important for us to provide services to our SaaS customers.
"And ITSM is used really as where these artifacts are to manage the controls, to manage the flow of compliance that we need to report on as we go through different audits, etc. So, ITSM has really become a single source of truth for almost every aspect of how you need to manage IT.
"It’s not just the vulnerabilities, it's also being able to manage all the compliance artifacts and the controls that are required to certify yourself under those specific compliance standards.
"So, really important as you evolve ITSM as a single source of truth. Compliance is another big area that I hear a lot of my customers and CIOs that I talk to trying to leverage ITSM for."
From being a single point of accumulation for all vulnerabilities, to expanding into business workflows, ITSM will continue to stay prominent. If you want to dive deeper into this topic, read out ITSM + Toolkit and watch our on-demand webinar on expanding your ITSM to build connected enterprise workflows.