Week four of Knowledge 2020 had several top companies explain their IT workflows and expand knowledge of the viewers.
Unisys, global solution provider is one such company that juggles at least 1000 active projects at any given time. They have a huge responsibility of maintaining data security within each of those projects and it is a complex workflow challenge as well. “We deliver secure digital solutions to the most demanding businesses around the globe,” explained Unisys senior director of GRC, Seshadri PS, in his session with Iceberg Network’s Andrew Vesay. “Security is the centre of everything we do.” Unisys’s GRC processes were bogged down by manual tasks, such as making updates and changes in Excel files. Managers lacked a standardized, digital process for risk review. “There was no clear visibility between risk and compliance,” said PS.
Unisys worked with Iceberg to implement ServiceNow’s GRC platform. This helped them with many issues, from automating data intake to installing real-time risk monitoring. While ServiceNow technology enables that today, cultural change proved to be a critical success factor, said PS. The implementation team created webinars for customer project managers, built tutorials and FAQs, and coordinated internal launch communications. Those strategies “allowed them to learn so they’re able to carry out projects themselves,” he said. “You can do all these technical things, but if you don’t have organizational change, implementation isn’t going to be strong.”
On the topic of third-party risk management, Tobias Aabel, vendor security manager at DNB, Norway’s largest financial services group said that financial services companies today must manage a “massive volume of third parties,”. For DNB, the list of third-party firms it manages runs into the thousands and includes distributors, partners, vendors, outsourcing firms, consultants, and others. DNB had trouble balancing increasing dependence on third parties with the types of escalating risks they present from supply chain cyberattacks and financial stability to money laundering. “Who’s in trouble when these third parties mess up?” asked Aabel. “That would be you.” DNB worked with digital integration firm Sopra Steria to implement ServiceNow Vendor Risk Management. Among other functions, the Now platform gives DNB a 360-type tool to digitally manage vendor contract management and signing, and allows risk managers to run multiple existing VRM processes through a new third-party risk portal. “You’ve placed significant values in the hands of your third parties,” Aabel said. “You have to make sure you can really trust them.”
NCR, a top digital solutions provider to financial, retail, travel, telecom and technology companies around the world, had to make a critical shift in cybersecurity operations from reactive processes to proactive ones, using digital threat intelligence to handle vulnerability management. NCR cyber threat intelligence lead Dusan Vignjevic, explained in an IT Workflow session how new, real-time threat intelligence, enabled by ServiceNow, has helped NCR “to prioritize vulnerabilities, and find those needles in the haystack.” Before ServiceNow, the security teams at ServiceNow struggled with manual processes for reporting and threat tracking, inconsistent data, and a rising volume of overall threats. The new system, by contrast, provides automated reporting that saves time, tracks false positives and exceptions, and gives managers a unified dashboard and easy visibility into key security metrics.