CASE STUDY

A public transit agency in the northwestern United States faces a high level of scrutiny regarding security. From their contactless, stored-value smart card system to the ticket kiosks that take credit cards, they handle a lot of private information. As such, they need to ensure that their security is top-notch so they can safeguard personal information and maintain the confidence of the public.

The agency had worked with Crossfuze in the past to implement ServiceNow ITSM, ITOM, and PPM, with GRC going live most recently. But now they were turning their sights to SecOps. SecOps and GRC are similar but have some key differences, and the organization needed Crossfuze’s expertise to help with implementation.

Creating a Roadmap for SecOps Success

The agency and Crossfuze began their SecOps engagement in March 2020 with a three-day workshop. The Crossfuze representatives asked questions and dug deep to understand what the organization was currently doing and where they wanted to go.

Even in these initial meetings, the agency had total buy-in throughout the entire organization. All the right people were in on decision-making, and they were all deeply engaged in the process. As the Crossfuze account executive presented what SecOps could provide as a platform and how they could build it out over time, the team was eager to see what the service would look like in their organization. They listened to Crossfuze’s ideas and advice, and Crossfuze listened to them. If there was something mandatory that did not come out of the box, Crossfuze proposed a creative solution that worked for the organization. These initial meetings with Crossfuze helped them understand what should be important to them and what the possibilities were.

During the subsequent scoping meeting, the agency realized that they didn’t know what they didn’t know, and they agreed that the right move for them would be to take advantage of Crossfuze’s advisory services. With their already strong relationship with Crossfuze, they trusted Crossfuze to help them find the right process, look through the right lens, and recognize the full scope of what they could do.

Seeing Benefits Even Before Implementation

The teams decided on two key aspects to start with: Vulnerability Response and Security Operations Response. Over the course of the engagement, Crossfuze helped with the following:

▶ Implementing Vulnerability Response and Security Operations Response
▶ Integrating Vulnerability Response with Tenable
▶ Updating all deliverables

As Crossfuze finished up the original scope of work, the agency decided to expand the scope so they could continue to build their SecOps solution. While SecOps is not yet fully live, it has been soft-launched, and the agency has already seen the benefits. Their teams can now look at SecOps with
one lens, with a single view of truth that allows them to make smart decisions.

This enhanced ability to understand their entire security environment has been powerful.

Looking to the Future

Once SecOps is fully live in early 2021, the agency will have deployed all the key anchor points they need to expand ServiceNow even more. For their next steps, they plan to enhance CMDB and implement SAM Pro. While
public agencies have been hit hard by the global pandemic, the organization knows that SecOps is a crucial service that will allow them to protect their customers, no matter the challenge.