Achieve Continuous Compliance via Business Service (BSM) Brian Holmes, CISA Solutions Consultant BMC Software
Agenda Introduction Compliance: The Business Driver Challenges of IT Compliance Business Service (BSM) Achieve Continuous Compliance - Use Case: Closed-Loop Change Q&A Copyright 12/8/2010 BMC Software, Inc 2
Compliance: Defined Compliance often refers to complying with laws and regulations, some of which are punishable by law. Common laws and regulations: SOX, Bill 198, HIPAA, GLBA, and PCI. In many cases, Compliance frameworks (e.g. COBIT, ITIL) or industry standards (e.g. NIST, ISO 9001) provide guidance on how to comply with these laws and regulations. In addition, Compliance is adhering to internal policies and procedures! Copyright 12/8/2010 BMC Software, Inc 3
Compliance: The Business Driver With the increase of laws and regulations, organizations are being required to implement effective controls around IT processes: - Change & Release Managing the lifecycle of a change (Initiation, Planning, Approval) Managing the release of a change (Implementation, Validation) - Identity & Access Managing user access (Approval, Re-certification, Separation of Duties) Password management (Password Expiration, Length, Complexity) - Configuration Managing the system s configuration (Patching, Validation, Compliance) - Asset Managing IT assets (Software License Compliance, Financials, Contracts) Copyright 12/8/2010 BMC Software, Inc 4
Challenges Efforts are costly $$$ Ad-hoc, inconsistent processes High risk due to manual processes Activities are prone to human error Lack of visibility into environment Lack of integration between processes and systems Increase of virtualization Difficult to respond to audit requests in a timely manner Copyright 12/8/2010 BMC Software, Inc 5
The Current State of IT INCIDENT SERVICE LEVEL DATA SERVICE REQUEST ASSET RELEASE CONFIGURATION GOVERNANCE AND COMPLIANCE EVENT AND IMPACT ENTERPRISE SCHEDULING DASHBOARDS CAPACITY PERFORMANCE & AVAILABILITY CHANGE Copyright 12/8/2010 BMC Software, Inc 6
Business Before ERP COLLECTIONS MARKETING HR QUALITY WAREHOUSE LOGISTICS ACCOUNTS PAYABLE SUPPLY CHAIN TREASURY PROCUREMENT SALES PAYROLL PRODUCTION PLANNING GENERAL LEDGER Copyright 12/8/2010 BMC Software, Inc 7
Business with ERP QUALITY SUPPLY CHAIN COLLECTIONS HR MARKETING LOGISTICS TREASURY ERP WAREHOUSE ACCOUNTS PAYABLE PROCUREMENT PAYROLL PRODUCTION PLANNING GENERAL LEDGER SALES Copyright 12/8/2010 BMC Software, Inc 8
IT with Business Service CAPACITY INCIDENT SERVICE REQUEST DATA SERVICE LEVEL RELEASE EVENT AND IMPACT BSM GOVERNANCE AND COMPLIANCE ASSET CONFIGURATION AUTOMATION DASHBOARDS ENTERPRISE SCHEDULING PERFORMANCE & AVAILABILITY CHANGE Copyright 12/8/2010 BMC Software, Inc 9
Business Service (BSM) Request, change, and support business services BUSINESS SERVICES Manage your service portfolio and budget Ensure compliance with policies and regulations PLAN & GOVERN REQUEST & SUPPORT INTEGRATE & ORCHESTRATE PROVISION & CONFIGURE Consistently deploy services across applications, servers, networks, and clients Proactively identify and resolve IT issues MONITOR & OPERATE Discover, model, and prioritize services to improve decisions Federate and orchestrate data and workflow to improve efficiency INFRASTRUCTURE Copyright 12/8/2010 BMC Software, Inc 10 DISTRIBUTED MAINFRAME VIRTUAL CLOUD
BSM: A Unified Platform for Managing IT BUSINESS SERVICES APPLICATIONS TRANSACTIONS Service Request Incident Knowledge Problem Project & Portfolio REQUEST & SUPPORT Identity Vendor Asset Service Catalog Change & Release Application Financial INTEGRATE & ORCHESTRATE Server Human Capital PLAN & GOVERN Service Level CMDB / CMS Discovery & Dependency PROVISION & CONFIGURE Network Compliance & Policy Capacity Event & Impact Storage Data Dashboards & Analytics MONITOR & OPERATE Performance & Availability Mainframe Middleware Application Problem Resolution Client Enterprise Scheduling & Workload INFRASTRUCTURE Copyright 12/8/2010 BMC Software, Inc 11 DISTRIBUTED MAINFRAME VIRTUAL CLOUD NETWORK
BSM helps you address critical initiatives BSM INITIATIVES Virtualization and Cloud Computing Unify management of physical and virtual environments to gain control of your infrastructure Virtual Lifecycle Virtual Performance Virtual Compliance Private Cloud Computing Financial Compliance & Policy Service Request PLAN & GOVERN Service Catalog Service Level Incident Event & Impact REQUEST & SUPPORT Change & Release INTEGRATE & ORCHESTRATE CMDB / CMS Discovery & Dependency PROVISION & CONFIGURE Application Server Network Client No new hardware required for 24 months $7 million in HW and license savings Capacity MONITOR & OPERATE Performance & Availability Copyright 12/8/2010 BMC Software, Inc 12
BSM helps you address critical initiatives BSM INITIATIVES ITIL Adopt ITIL best practices Incident and Problem Change Service Asset & Configuration Event Service Lifecycle Adoption PLAN & GOVERN Service Catalog Service Level Incident Asset REQUEST & SUPPORT Change & Release INTEGRATE & ORCHESTRATE CMDB / CMS Problem Discovery & Dependency PROVISION & CONFIGURE Dashboards & Analytics Event & Impact Increased first-call resolution rate from 15% to 76% MONITOR & OPERATE Reduced outages by 25% Copyright 12/8/2010 BMC Software, Inc 13
BSM helps you address critical initiatives BSM INITIATIVES Change and Release Automate change controls and ensure consistent release execution REQUEST & SUPPORT Change Planning Approval Release Implementation Validation Compliance & Policy PLAN & GOVERN Change & Release INTEGRATE & ORCHESTRATE CMDB / CMS Discovery & Dependency PROVISION & CONFIGURE Dashboards & Analytics Application Server Network Client 60% reduction in unplanned outages MONITOR & OPERATE 40,000 weekly changes Fully compliant with SOX 404 Copyright 12/8/2010 BMC Software, Inc 14
BSM helps you address critical initiatives BSM INITIATIVES Asset & Software License Manage the entire lifecycle of IT assets Asset Inventory Asset Acquisition and Retirement Contract and Financial Software License Usage and Harvesting Asset REQUEST & SUPPORT INTEGRATE & ORCHESTRATE Discovery & Dependency PLAN & GOVERN PROVISION & CONFIGURE CMDB / CMS Dashboards & Analytics 50% increase in help desk agent productivity; manages more assets without adding staff MONITOR & OPERATE Supplier relationship management calls dropped by 80% Copyright 12/8/2010 BMC Software, Inc 15
BSM helps you address critical initiatives BSM INITIATIVES Compliance Ensure continuous compliance by simplifying, standardizing, and automating IT processes and controls Change and Configuration Software License Access Best Practice Adoption Compliance & Policy Service Request PLAN & GOVERN Incident Asset REQUEST & SUPPORT Change & Release INTEGRATE & ORCHESTRATE CMDB / CMS Discovery & Dependency Identity PROVISION & CONFIGURE Dashboards & Analytics Application Server Network Client $500,000 monthly software license savings MONITOR & OPERATE Weekly SOX policy audit from 8 hours to 4 minutes Copyright 12/8/2010 BMC Software, Inc 16
Request, Provision & Configure Before BSM I need a service, who do I call? INCIDENT 30 35 404 Hours Days SERVICE LEVEL DATA SERVICE REQUEST ASSET RELEASE CONFIGURATION GOVERNANCE AND COMPLIANCE EVENT AND IMPACT ENTERPRISE SCHEDULING DASHBOARDS CAPACITY PERFORMANCE & AVAILABILITY CHANGE Copyright 12/8/2010 BMC Software, Inc 17
Closed-Loop Change Service-Driven Provisioning Rapid provisioning of services From months or weeks to hours or minutes Service Request REQUEST & SUPPORT Simplified and standardized interface for common requests Automated configuration based on polices Repeatable, auditable process PLAN & GOVERN Change & Release INTEGRATE & ORCHESTRATE CMDB / CMS PROVISION & CONFIGURE Application Server Network Time to deploy new services improved by more than 50% MONITOR & OPERATE Copyright 12/8/2010 BMC Software, Inc 18
Customer Proof Points Reduced time to audit 350 device configurations from 3 weeks 2 hours Reduced time to patch 350 device from 6 Admins@5 weeks 1 Admin@6 hours Reduced time to audit 400 device from 3 weeks 3 hours Reduced time to audit 400 server configurations from 4 weeks 4 minutes Reduced time to remediate mis-configured servers from Weeks 15 minutes Configured 420 Solaris & 700 Windows servers in accordance with FDA compliance scorecard (120 regulations) Completed 20 regulations in < ½ day Copyright 12/8/2010 BMC Software, Inc 19
Copyright 12/8/2010 BMC Software, Inc 20