Security planning
This section provides information about how to secure BMC Remedy ITSM Suite and recommendations for a secure deployment. Think carefully about your organization's security needs. These requirements might be internal, such as policies, or external, such as government-mandated regulations.
If your organization already has requirements for securing BMC Remedy ITSM Suite, the following topics will help you determine what options are available and which options your organization should deploy:
Topic | Introduction |
|---|---|
This topic contains the overview of the Security planning process. The architecture describes the security elements of Remedy, the encryption options and the various security considerations for Remedy. This section also talks about securing AR System data by using Remedy Encryption Security. | |
This topic describes the types of known security threats and best practices to prevent them. | |
This topic describes the use the WhiteHat Sentinel Premium Edition (WhiteHat Sentinel PE) service, a dynamic application security tool (DAST), for security penetration testing of Remedy ITSM Suite 20.02. | |
This topic describes the capabilities of Remedy that help administrators address the personal data protection and privacy requirements associated with the General Data Protection Regulation (GDPR). | |
This topic lists all the various roles required to run the Remedy ITSM Suite and the respective privileges assigned to each role. |
Threat assessment
Your organization must complete a threat assessment. You must know what threats your are trying to secure against in order to secure BMC Remedy ITSM Suite. If your organization has completed a threat assessment for the whole company, that makes it easier to determine what types of security you need to put in place. If not, the BMC Remedy ITSM administrators can perform a threat assessment for BMC Remedy ITSM alone. Instructions for completing a thorough threat assessment are outside the scope of this documentation, but you should consider the following points:
- How valuable is the data that is being created to your organization? Can this be quantified?
- Who might be trying to steal your data? Are they external hackers or internal employees?
- What avenues might thieves take to steal your data? Would they try to capture a legitimate user's user name and password or would they go after the whole database?
- Where might a thief be physically located? Is the thief a malicious person on the internet, an employee in accounts payable, or the vendor managing your data center?
Answering these questions helps you to determine what types of security your organization needs. This includes physical needs, such as secured data centers and firewalls, and software needs, such as encryption between components and encryption at the database.
Remedy Single Sign-On
Most of the above threats can be addressed if Remedy Single Sign-On is used as the authentication method for Remedy ITSM Suite components. Remedy Single Sign-On is an authentication system for a multi software environment that enables users to present credentials for authentication only once. After Remedy SSO authenticates the users, they can gain access to any other resource with automatic authentication without providing the credentials again. For more information on Remedy Single Sign-On, see BMC Remedy Single Sign-On.
Open ports
Most ports are user definable and in most cases, we recommend that you set specific port numbers. For more information, see Network-ports.