Bridging the Gap: How ITIL? Can Revolutionize Your Cybersecurity Strategy

The Internet of Things (IoT), Edge Computing, New Gen Technologies and New Age delivery models is revolutionizing the industries. Today every organization is adopting these digital technologies (and delivery models) and is in a race to lead the Digital Transformation journey. This is resulting in the exponential increase in the digital assets in organizations across every industry vertical.

While Digital Transformation presents opportunities for innovation and business growth, it also brings along a myriad of cybersecurity risks that organizations must address to safeguard their assets and maintain their customer’s trust. Compounding this challenge is the rapid innovation in AI that hackers are exploiting as a powerful tool to launch highly sophisticated attacks on the organization. Additionally, the frequency of the attacks has grown manyfold, which in turn has costed and will cost organizations millions of dollars as a direct cost impact besides depletion of stock value, and customer confidence.

Thus, the need to reinforce defences and safeguard critical assets has never been more pressing. To drive cybersecurity strategically, organization have adopted one of the various available cybersecurity frameworks. But one of the key approaches that can steer the cybersecurity risk evaluation & management is the integration of the adopted framework with Information Technology Infrastructure Library (ITIL?) principles & practices. Unfortunately, most organizations have ignored this approach.

The integrated approach provides a very powerful framework and paves the way in which ITIL? can be leveraged as a business aligned strategic enabler for cybersecurity. Some of the ways in which ITIL? can play a pivotal role to drive cybersecurity for today’s Digital Enterprises are:

• Integration with Business Objectives: ITIL?4 encompasses the guidance related to NewAge delivery models and digital transformation initiatives aligned to business objectives. Its practices ensures that IT initiatives support and contribute to organizational goals. Similarly, cybersecurity initiatives must ensure that security measures are implemented to minimizes disruption to business operations while effectively protecting critical assets in alignment with business objectives. Organizations can ensure that security measures are aligned with business needs and priorities by incorporating them into ITIL? service value system and imbibing cybersecurity considerations within the value stream, besides integrating the cybersecurity principles with the ITIL? principles. This will steer value maximization from their cybersecurity efforts. It will further provide a more flexible, holistic, and customer (and business)-centric approach to cybersecurity. This will enable the security function to effectively adapt to the changing business, which would result in effective delivery of value to the stakeholders. As an outcome organization will be able to build on their customer's trust, improve regulatory compliance, and safeguard their reputation in today's digital and interconnected world.
• Instituting cybersecurity controls as integrated component of Service Design: ITIL?4's Service Design practice provides the guidance that services should be designed with security considerations in mind, calling it as a critical design component. By incorporating cybersecurity controls during the service design phase, organizations can look forward to mitigating potential vulnerabilities by design. Thus, as part of service design considerations security requirements are defined. Robust controls are designed and then built to protect the service against unauthorized access, data breaches, and other cyber threats.
• Integration with ITIL? practices and tools: With digital technologies and associated services at the core of every business today, integration of cybersecurity practices with ITIL? practices (and tools) can go a long way in improving the security posture and readiness of the organization. For example, this can drive:

o??Insight driven risk management: One of the challenges for cybersecurity teams is to have a view of digital (or business) services they have categorized as ‘critical’. Service Configuration Management practice enabled through CI discovery and ITSM tools provides the business service map which entails a complete service oriented downstream view of critical components. It helps in easily identifying both upstream and downstream components of the CI categorized as ‘critical’ by Security. This enables data driven risk management. Additionally, it provides a near real time visibility of the impact in case of any breach, which can help security team to control the impact in a shorter timeframe.

o?? Greater visibility and control of the changes in the environment: Involvement of cybersecurity during change approvals, especially associated with any upstream and downstream component of ‘security critical’ CI, will enable the security team to assess and manage the potential risk associated with the change proactively.

o?? Improved compliance and reporting: Each of the ITIL? practice have the KPIs that can be associated with or aligned to the cybersecurity KPIs. The ITSM and associated systems along with centralized reporting provides a real time insight into the KPI performance, enabling on-time decision making. Additionally, reports to report on the compliance can be generated on-demand thereby improving overall productivity of cybersecurity function.

o?? Effective Management of Security Incidents: ITIL?'s Incident Management practice provides the guidance on incident lifecycle. This includes the guidance for security incidents. ITIL?4 aligned incident management policy and processes, along with detailed security incident response procedures can be established by the organizations. Using this process Cybersecurity teams can respond to and resolve security incidents in a timely manner.

Tools to automate major incidents can bring-in automated notification and onboarding of the security response team to drive faster resolution. Also, IT Asset Management and Service Configuration Management practices plays a crucial role in incident response. Cybersecurity team can conduct investigations to identify the root cause of the breaches by analysing the records that are related to asset/CI configurations, user activity, system logs, etc. This enables them to contain the incident, reduce/minimize its impact, and implement corrective action and deploy proactive measures to prevent future occurrences. Problem Management RCA techniques can be very useful to identify the root cause and CAPA technique can help in driving the preventive actions.

o?? Proactive and predictive intelligence to act before the breach: Integrating the security monitoring tools with centralized event management tool provides an integrated monitoring and event management solution. This can be enabled through ITIL? Monitoring and Event Management practice. The event management tool with predictive capabilities and strong corelation engine can analyse abnormal patterns considering the patterns from both security as well as IT monitoring systems to provide better proactive insights into potential security breaches. Thus, it will enable the security team to proactively detect and remediate the same.

o?? Safeguarding Critical IT Services and Assets: ITIL? Availability Management and Service Continuity Management practices aligns closely with the service availability and service continuity goals of cybersecurity. These practices together with cybersecurity can help in safeguarding critical IT services and assets.

o?? Improved Security Posture: The ITIL?'s Continual Improvement practice focuses on ensuring that the organisations continually improve their maturity. This practice can enable security team to constantly improve the security posture.

o?? Enhancing Cybersecurity Awareness and adoption: Employees have an extremely critical role in ensuring that their organization does not become a victim of a cyber-attack. ITIL?’s Organization Change Management practice can go a long way in driving awareness and readiness of the organization’s workforce to recognize and respond to cyber threats effectively.

Similarly, all ITIL? practices will complement the cybersecurity practice in one way or the other. In addition to these ITIL?’s Information Security Management provides the foundation of Security in the design and delivery of all services and can act as an easy conduit to integrate the cybersecurity and ITIL? frameworks.

So where can the organization start? The first step would be the adoption of the ITIL? principles to steer this integrated approach:

• Focus on value: Adopt this principle to align the cybersecurity objectives and goals with business objectives.
• Start where you are: Organization have adopted one of the various available cybersecurity frameworks which provides a strong foundation to begin the transformative journey with. This principle state the same, and can be adopted for the transformation.
• Progress iteratively with feedback: Integrating the various ITIL? practices is a major transformation. It will need time and investment to realize the end state. Thus, depending on the current state, organizations need to look at breaking this transformation journey into smaller measurable pieces with clearly defined success and value criteria. This will enable the realization of each of these phases iteratively working on the feedback, and showcasing the realized value in parallel. This will provide the stakeholders to continue investing in the approach and believe that such an integrated framework is feasible. This is exactly what this principle will help with keeping the focus on both long-term vision or big picture and the iterative value gains.
• Collaborate and promote visibility: Every employee has a role in ensuring the organization’s security posture and readiness to drive cyber resilience. Cybersecurity is not a one person’s or team’s job. Thus, to ensure success each of them needs to be part of the initiative contributing in the ways they can. This principle drives such collaboration between teams and individuals, and promotes visibility which is critical for success of such transformations.
• Think and work holistically: In the examples above we have seen how ITIL? practices can add value to cybersecurity, such that both co-create enhanced value for the organization. Thus, together with the above principle, this principle promotes holistic approach to the transformation, providing the 360-degree perspective that cybersecurity must have.
• Keep it simple and practical: This principle focuses on keeping this integration simple, with clearly defined activities that create value.
• Optimize and automate: In our examples above we have seen the way the optimizations and improvements can be brought-in and the value that the integrated tools can provide. This comes from this principle that focuses on bringing-in the efficiency through optimization and automation.

Thus, to conclude cybersecurity and ITIL? presents a powerful combination to organizations to enhance their cybersecurity posture. The ITIL? principles fortifies cyber resilience. It streamlines security incident management process, steers insight driven security risk management, fosters continual improvement, aligns cybersecurity initiatives with business objectives, and ultimately delivers enhanced business value.

?Note: ITIL? is a registered trademark of Axelos Ltd.