Leading global telecommunications companies have a staggering amount of business and customer data to protect. With operations sprawling the globe and tens of thousands of employees, putting cybersecurity best practices into place requires solutions with the substantial breadth and depth of coverage that can stand up to such a challenge.
This major telcom relies on Tripwire Enterprise to detect unauthorized changes in their environment and maintain regulatory compliance with standards like SOX and PCI.
Change Management Challenge: The Fox Watching the Henhouse
In a fast-paced cloud IT environment, people make changes rapidly because their business depends on it. But with speed comes an increased margin for human error or negligence in regards to change management and compliance processes. People will often do the right thing in the wrong way when they take shortcuts to save time. Those shortcuts can then cause the company’s cybersecurity posture to suffer and open the doors for a potential breach.
Before introducing Tripwire into their environment, this global telcom had a major change reconciliation challenge. They were already taking advantage of the great benefits offered by IT service management automation platform ServiceNow to help them keep their DevOps processes running at top speed. But when a change management process involves the same person both making a change and confirming that it was made correctly, it can become a case of the fox watching the henhouse. They didn’t have an automated, reliable way to keep an eye on change approvals and reconciliations.
Solution: Tripwire Enterprise & ServiceNow Integration
So, how do you make sure that the change approval and reconciliation process is followed to a T in such a fast-paced, complex IT environment? By integrating Tripwire Enterprise with ServiceNow, changes are automatically detected and reconciled—and there’s a paper trail to document these changes, which helps immensely with compliance audits.
To address their challenges, the company deployed Tripwire Enterprise to both Windows and Linux environments for PCI and SOX in-scope systems. The integration between Tripwire Enterprise and ServiceNow creates a workflow for the smooth exchange of system change and security configuration state information. This combination enables them to validate authorized change and immediately determine the efficacy of the change management process.
In addition to ServiceNow, Tripwire Enterprise is integrated into their environment via their DevOps process. When new systems are built, Puppet queries ServiceNow to see if applications and systems are flagged as in-scope for PCI or SOX compliance. If they are, they use the Tripwire Puppet module (which is published on Puppet’s integration repository, Puppetforge) to automatically deploy the Tripwire Axon agent to those machines. After implementing this control process, the company’s DevOps team saw that it was simple, easy and reliable to deploy Tripwire agents with Puppet as part of their automated DevOps deployment process.
Tripwire Enterprise offers deep intelligence about the system state and finds the root cause of unreconciled changes automatically. This gives both the company and its auditors a crystal-clear picture of compliance to the entire change management process.
Change policy compliance reports display whether or not changes occurred as expected and whether changes were approved and reconciled correctly. They provide context into what was expected, what actually happened, and the pertinent who/what/why data associated with each change. Areas highlighted in red on the reports show instances of:
- Unreconciled changes in which the wrong person oversaw the change
- Un-ticketed changes
- Changes that occurred on the wrong servers or during the wrong time window.
Where people, products, and processes are working correctly promoted changes match the change ID in ServiceNow with Tripwire Enterprise and the report displays green.
Even with a fairly mature change control process already in place, implementing Tripwire Enterprise has resulted in detecting roll-outs of unauthorized application changes to tightly regulated environments. This lets them immediately roll back the changes and maintain compliance.
Results: Best- in- Class Change Management and Compliance
In addition to quickly seeing process improvements, the company can now regularly identify application owners in the organization that are not properly following the change control process. This enables them to reach out and educate those users. As a result, the level of human compliance with their change control process increased significantly. The behavior of their whole organization has improved to better respect the change control process—as everyone knows Tripwire will report if they don’t.
This telecom’s overall success is a testament to the important change control Tripwire provides in a modern DevOps-oriented IT environment, and how Tripwire’s integrations to the ecosystem with platforms like ServiceNow and Puppet are a critical part of providing a complete automated solution.