A public transit agency in the northwestern United States faces a high level of scrutiny regarding security. From their contactless, stored-value smart card system to the ticket kiosks that take credit cards, they handle a lot of private information. As such, they need to ensure that their security is top-notch so they can safeguard personal information and maintain the confidence of the public.
The agency had worked with Crossfuze in the past to implement ServiceNow ITSM, ITOM, and PPM, with GRC going live most recently. But now they were turning their sights to SecOps. SecOps and GRC are similar but have some key differences, and the organization needed Crossfuze’s expertise to help with implementation.
Creating a Roadmap for SecOps Success
The agency and Crossfuze began their SecOps engagement in March 2020 with a three-day workshop. The Crossfuze representatives asked questions and dug deep to understand what the organization was currently doing and where they wanted to go.
Even in these initial meetings, the agency had total buy-in throughout the entire organization. All the right people were in on decision-making, and they were all deeply engaged in the process. As the Crossfuze account executive presented what SecOps could provide as a platform and how they could build it out over time, the team was eager to see what the service would look like in their organization. They listened to Crossfuze’s ideas and advice, and Crossfuze listened to them. If there was something mandatory that did not come out of the box, Crossfuze proposed a creative solution that worked for the organization. These initial meetings with Crossfuze helped them understand what should be important to them and what the possibilities were.
During the subsequent scoping meeting, the agency realized that they didn’t know what they didn’t know, and they agreed that the right move for them would be to take advantage of Crossfuze’s advisory services. With their already strong relationship with Crossfuze, they trusted Crossfuze to help them find the right process, look through the right lens, and recognize the full scope of what they could do.
CROSSFUZE SERVICES/PRODUCTS USED:
Vision/roadmapping
SecOps implementation, specifically
Vulnerability Response and SecOps Response
Integration with Tenable
Seeing Benefits Even Before Implementation
The teams decided on two key aspects to start with: Vulnerability Response and Security Operations Response. Over the course of the engagement, Crossfuze helped with the following:
▶ Implementing Vulnerability Response and Security Operations Response
▶ Integrating Vulnerability Response with Tenable
▶ Updating all deliverables
As Crossfuze finished up the original scope of work, the agency decided to expand the scope so they could continue to build their SecOps solution. While SecOps is not yet fully live, it has been soft-launched, and the agency has already seen the benefits. Their teams can now look at SecOps with
one lens, with a single view of truth that allows them to make smart decisions.
This enhanced ability to understand their entire security environment has been powerful.
Looking to the Future
Once SecOps is fully live in early 2021, the agency will have deployed all the key anchor points they need to expand ServiceNow even more. For their next steps, they plan to enhance CMDB and implement SAM Pro. While
public agencies have been hit hard by the global pandemic, the organization knows that SecOps is a crucial service that will allow them to protect their customers, no matter the challenge.
More Resources for you:
Preparing for ServiceNow Platform Expansion? Here’s How to Make Sure You Have the Right Partner for the Job
A great partner can help your team expand your platform and help you make sure you are getting the full value of your investment in the platform. Great partners help you plan ahead, can make changes rapidly, take an advisory approach, and have a proven track record.
4 ways Integrated Risk Management (IRM) dramatically improves compliance and audits
No matter what industry you’re in, many of your core operations are driven by compliance requirements and subject to routine audits. From finance to legal to regulatory, compliance-related obligations often take up huge chunks of your attention and resources.
4 Essential Elements You Need in Your Integrated Risk Management Plan
Modern, forward-looking businesses need integrated risk management (IRM). IRM is a set of business practices that enables organizations to think proactively and comprehensively about how to manage all risks to the organization, both long and short term.