Week 4 at Knowledge 2020 expanded the virtual gathering’s breadth and depth, especially when it came to several IT Workflows sessions by top companies around the world. Here are a few highlights from key presentations. (Be sure to register or sign in to get access to everything below.)
Streamlined risk management at Unisys
Global solutions provider Unisys juggles more than 1,000 active projects with customers at any given time. Maintaining data security within each of those projects is a huge priority—and a complex workflow challenge. “We deliver secure digital solutions to the most demanding businesses around the globe,” explained Unisys senior director of GRC, Seshadri PS, in his session with Iceberg Network’s Andrew Vesay. “Security is the center of everything we do.”
Unisys’s GRC processes, however, were bogged down by manual tasks, such as making updates and changes in Excel files. Managers lacked a standardized, digital process for risk review. “There was no clear visibility between risk and compliance,” said PS.
Unisys worked with Iceberg to implement ServiceNow’s GRC platform, which solved multiple issues, from automating data intake to installing real-time risk monitoring. While ServiceNow technology enables that today, cultural change proved to be a critical success factor, said PS. The implementation team created webinars for customer project managers, built tutorials and FAQs, and coordinated internal launch communications.
Those strategies “allowed them to learn so they’re able to carry out projects themselves,” he said. “You can do all these technical things, but if you don’t have organizational change, implementation isn’t going to be strong.”
Watch the full session: Rapid security breach isolation with Unisys Stealth and ServiceNow SecOps
A first for third-party risk management
Financial services companies today must manage a “massive volume of third parties,” explained Tobias Aabel, vendor security manager at DNB, Norway’s largest financial services group. For DNB, the list of third-party firms it manages runs into the thousands and includes distributors, partners, vendors, outsourcing firms, consultants, and others.
Facing a steady stream of new regulatory requirements, such as the European Union’s GDPR regulations, which went into effect in 2018, DNB struggled to balance increasing dependence on third parties with the types of escalating risks they present—from supply chain cyberattacks and financial stability to money laundering. “Who’s in trouble when these third parties mess up?” asked Aabel. “That would be you.”
Enter ServiceNow Vendor Risk Management, which DNB worked to implement with digital integration firm Sopra Steria. Among other functions, the Now platform gives DNB a 360-type tool to digitally manage vendor contract management and signing, and allows risk managers to run multiple existing VRM processes through a new third-party risk portal.
“You’ve placed significant values in the hands of your third parties,” Aabel said. “You have to make sure you can really trust them.”
Watch the full session: DevOps and ITSM: From clash of cultures to happy coexistence
Real-time threat intelligence at NCR
Thousands of companies today are challenged to make a critical shift in cybersecurity operations—from reactive processes to proactive ones, using digital threat intelligence to handle vulnerability management.
That has been the focus of recent efforts at NCR, a top digital solutions provider to financial, retail, travel, telecom and technology companies around the world. NCR cyber threat intelligence lead Dusan Vignjevic, explained in an IT Workflow session how new, real-time threat intelligence, enabled by ServiceNow, has helped NCR “to prioritize vulnerabilities, and find those needles in the haystack.”
Before NCR implemented ServiceNow, security teams struggled with manual processes for reporting and threat tracking, inconsistent data, and a rising volume of overall threats. The new system, by contrast, provides automated reporting that saves time, tracks false positives and exceptions, and gives managers a unified dashboard and easy visibility into key security metrics.
Not only has the new system lowered overall risk for NCR, the real-time data helps security analysts succeed at higher-level tasks. As NCR IT consultant Rajanikanta Dash explained, ServiceNow “helps analysts make good decisions to elevate patching of any important vulnerability.”
Watch the full session: How NCR built a proactive security program leveraging automation and Threat Intelligence