The Heartbleed bug is a very unique and lethal kind of threat. Without the need for privileged credentials or security information, it can allow anyone using the Internet to read a system’s memory, to eavesdrop on communications by obtaining names, passwords, and content, and to steal data directly from services and users to impersonate those services or users. It does this by exploiting a weakness in SSL/TLS encryption. In an article for ServiceManagers.org, IT Service Manager Robert Sieber offers some key advice on how IT organizations can plug the hole in their encryption armor.
DevOps and Change Management
One strategic line of defense that can be laid out against Heartbleed is the collaboration between development and operations teams known as DevOps. In principle, this union relies on speedy deployment of software changes and continuous integration. Another defensive maneuver centers upon change and release management. This, again, requires the speedy processing of information to operations.
Configurations Management and Communications
Configuration management deals with relationships and dependencies in the IT landscape. The maintenance of CMDB is integral to this approach. A bonafide inventory solution should be implemented to answer the relevant questions, making the CMDB integration ideal. Lastly, communication is key. In a crisis situation, everyone involved needs to minimize the chaos by establishing IT as a reliable partner.
Read the full article at: https://servicemanagers.org/consequences-from-heartbleed-for-itsm/