Rob Gething Posted January 25, 2023 Share Posted January 25, 2023 Hi, I am looking to take ITOM to our Technical Design Authority, seeking approval for use on our estate, however a couple of concerns have been raised, which I am hoping that you can address: User and group management is quite a privilege, what’s stopping a bad actor within Hornbill, or one that’s compromised Hornbill systems from creating themselves accounts etc? How do we know the wrong accounts won’t accidentally be deleted or amended? Thanks. Link to comment Share on other sites More sharing options...
Keith Stevenson Posted January 26, 2023 Share Posted January 26, 2023 Rob, For the first part, Only the Cloud team (currently 4 members ) can even access systems that may contain customer data (Unless you grant our Support Team access via Key which you control what they can perform and how long) . No other staff have access (All Customer data is in DCs that all access is prevented except for the Cloud Team). Any access to machines that may contain data is further controlled and any login will automatically post to a Hornbill Workspace for all the Company to see. This Login and associated Incidents are then audited and has to be associated with a valid reason (Incident\Change Request etc or disciplinary action can occur. ). Our training\Processes and controls ensure that we only access machines hosting data when absolutely necessary. All this is covered under our ISO controls which are audited annually by the BSI . (See wiki.hornbill.com for a overview of our ISO policies, if your Enterprise customer you can also get a yearly 1 to 1 review of our controls and audits) So if a member of the Cloud Team (or if their accounts were compromised) had access to a machine hosting data it would be flagged instantly. Even then they would not be able to decode the KeySafe Credentials held in Hornbill which would be needed to invoke the ITOM integration As for the 2nd part of your query. The ITOM job will do whatever you configure it to do, so providing you pass the correct ID etc it will do the expected action on the given account. Hope this clarifies your query Kind Regards Keith Stevenson Hornbill Cloud Team 1 Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now