ITSM – Thou shall be omnipresent!
In my last blog, I had given a primer about what is Cryptography and had promised an insight into how ITSM can join hands with cryptography. Delivering on that promise, let’s go ahead and see how this can be accomplished.
The climax of the last blog was the assurance that ITSM will cater to requirements of managing cryptographic keys. So let’s look at one of the ways (definitely one that worked) to do this.
Philosophers and Physicists usually look at any matter as abstract beings or as packets of energy respectively. As a process consultant, we can’t help but looking at anything that can be itemized as potential Configuration Items(CIs)! So in this quest for CIs, we saw encryption keys as potential assets and managing of these encryption keys as services. This is where we brought about a marriage of ITSM with Cryptography. This is where the plot thickens, eh?
Simply put, we helped the client bring all cryptographic operations together and to be perceived as a service offered by one centralized team to the entire Organization! An experienced eye of an IT consultant will start wondering about the scale of re-org and responsibilities-sharing that would be required here. But then, nothing is impossible and it is said that you can move mountains if you move it one rock at a time. This was exactly the approach that we used. We helped the client with analyzing the existing process, engaging with numerous stakeholders within the Organization and reading the pulse of each stakeholder in terms of what positives and negatives they see in the present and proposed structure.
This was a very important step as it not only gave us a better understanding of client requirements, but also helped us in pushing this knowledge into the stakeholders that they can expect a new process. Change, as we all know, takes some time getting accustomed to. So we were able to feed these tidbits so that the stakeholders would be prepared for a change.
Since cryptography was provided as a service to the entire organization by one single team, what better way to manage it other than ITSM? ITSM concepts have such a broad acceptance as well as developments that there are standards (ISO), best practices (ITIL) and Frameworks (COBIT) available to help us create the best possible process for IT Service Management. In fact, it was an eye-opener for most of us as we could not only find inroads for ITSM within concepts like Cryptography, but were also able to deliver excellent consulting engagements which helped in developing an excellent process for operations.
In banking world, the lion’s share of the cake called Cryptography consists of Key Management. These encryption keys guard the information that is being sent from one point to another. But with the mass of information that is transmitted you can only imagine the number of keys that we are talking about. At home, I have a key stand which can hold up to 8 bunches of keys and still I keep fumbling for them when I need them! J Well, here the numbers run in the range of more than 50,000! We studied the Key Management process and created an updated process which had a symbiosis of ITSM processes and Cryptographic processes.
Once this foundation was established, we proceeded to build the house made of ITSM cards by evolving a complete Service Management Framework. This included various facets of ITSM such as Request Management (when encryption keys are requested), Incident Management, Problem Management and Change Management, Access Management (to keep a track of all access to encrypted facilities), Asset Management(remember, all keys are assets now!), etc. (Just to name a few)
So you can only imagine the might of these ITSM practices which could accommodate all these aspects into Cryptographic operations, provide a dependable service which was also scalable, standardized and easier to track, record and report. I had once written how we do have ITIL in our lives in an earlier blog. Coupled with this latest experience, I can only say – Do not under estimate ITSM! It is soon becoming omnipresent in the IT world.