IT Governance

How to Protect ITSM from Heartbleed

The Heartbleed bug is a very unique and lethal kind of threat. Without the need for privileged credentials or security information, it can allow anyone using the Internet to read a system’s memory, to eavesdrop on communications by obtaining names, passwords, and content, and to steal data directly from services and users to impersonate those services or users. It does this by exploiting a weakness in SSL/TLS encryption. In an article for ServiceManagers.org, IT Service Manager Robert Sieber offers some key advice on how IT organizations can plug the hole in their encryption armor.

DevOps and Change Management

One strategic line of defense that can be laid out against Heartbleed is the collaboration between development and operations teams known as DevOps. In principle, this union relies on speedy deployment of software changes and continuous integration. Another defensive maneuver centers upon change and release management. This, again, requires the speedy processing of information to operations.

Configurations Management and Communications

Configuration management deals with relationships and dependencies in the IT landscape. The maintenance of CMDB is integral to this approach. A bonafide inventory solution should be implemented to answer the relevant questions, making the CMDB integration ideal. Lastly, communication is key. In a crisis situation, everyone involved needs to minimize the chaos by establishing IT as a reliable partner.

Read the full article at: https://servicemanagers.org/consequences-from-heartbleed-for-itsm/

Show More

Leave a Reply

X

We use cookies on our website

We use cookies to give you the best user experience. Please confirm, if you accept our tracking cookies. You can also decline the tracking, so you can continue to visit our website without any data sent to third party services.