ENAV needed a help desk software with integration possibilities to record and speed up internal processes

At the beginning of 2014, ENAV started to evaluate a new service desk software for their SOC in order to substitute the former system. As safety is of paramount importance in the air traffic area, the new system had to master highly complex information security processes to meet ENAV’s specific requirements. An important aspect was to guarantee the shortest path possible between the appearance of a security incident and its resolution. “Incidents could be some web bug that might cause a disclosure of confidential data or the occurrence of malware, but also physical IT security incidents, such as the theft of a notebook, for example.” explains Giovanni Mellini, security engineer at ENAV. In these cases, the SOC is responsible for recording, classifying and analyzing the incident, carrying out initial measures to limit potential damage, and finally resolving it. In a second step, the team has to draw up rules to automatically prevent and handle such incidents in the future. A service desk solution had to support the SOC’s work by documenting this incident management. That meant recording the categorization of the incident, the way it was resolved and also providing the team with standardized default workflows for different types of incidents. In addition to incident management, the next software had to cover all ITSM-relevant fields, such as change and fault management, security checks and identity management. Mellini explains the largest challenge: “We were looking for systems that are simple to use and easy to patch and integrate with other security systems via well documented APIs.”

“OTRS already helped us to improve and speed up the existing SOC’s internal tasks and to keep track of all the activities in an easy but efficient way, even for external audit purposes,” reports Mellini. As one measure for a fast incident resolution, the SOC built a customer interface. This portal allows the employees to submit all types of information regarding the security incidents they experience directly to the SOC team.

For the general monitoring and analysis of IT devices, ENAV uses the software SPLUNK, which helps to index all IT equipment and software. The team thus built a connection to OTRS via the API in order to manage incoming incidents from SPLUNK. “The reduction in workload has been immense,” states Mellini about the connection, “Our security system is now connected to SPLUNK, so if SPLUNK detects a security incident, it opens a ticket in OTRS with all the important information about the anomaly. From that original ticket, we can then start a process ticket in OTRS, which depending on the case may be an incident process, a change process or a fault process. It only takes a few clicks and saves us a huge amount of time!”

In addition, ENAV can now create fast and reliable statistics for management reporting thanks to the OTRS Reporting Tool. The usage of the new service desk soon proved to be not only useful for the SOC, but also for more areas of the company, as Mellini explains: “OTRS met all the original requirements and very soon boosted our efficiency significantly. It has even had a positive influence on the mentality of the users, helping them to make even smarter and more professional decisions. So, the aim of OTRS in other departments was mostly to improve existing, albeit manual processes, and make them more efficient. Plus, teamwork in general has also improved in a very positive way since OTRS was introduced.”

ENAV chose OTRS after an extensive trial. “We made this choice for different reasons: OTRS has a simple and professional interface, and it is easy to learn, design, create and customize workflows. It also facilitates integration with other systems via APIs, like SPLUNK – the most important monitoring tool for us. And last but not least, we chose it for the excellent commercial support: “In a very limited timeframe after the signing of the contract with OTRS AG, we were able to get the platform fully up and running with the first processes designed in cooperation with the OTRS Specialist”, says Mellini. He sees the benefits of OTRS compared to other service desks in the speed and the intuitive interface that adapts easily to different scenarios. “Another big pro is how easy it is to acquire the skills for managing the whole system internally, from the creation of very complex processes to day-to-day operations.”

After the initial system installation and configuration, and thanks to the support provided by OTRS AG, the OTRS Service Desk was finally extended to support other functions within security such as physical security system maintenance, quality level services with the security guards company (including task lists for operators), cooperation with military and civil entities, security surveys and audits, as well as license and project management.

The first email exchanges with other departments triggered their curiosity regarding a potential use in other areas, and they started asking for demonstrations and experiments. “We worked on processes, queues and permissions with colleagues and very soon other departments were able to start using OTRS for daily activities, with clear improvements in efficiency, compliance, tracking and the documentation of critical processes in a very cost-effective way,“ states Mellini regarding the further development of OTRS at ENAV. Because of its advantages, OTRS was even implemented in other departments and for activities not intended at the beginning of the project, e.g. in the quality department, auditing, nonconformity management, several safety departments, and the air space management department. “With OTRS, we reduced the recurring costs of service desk software, and the project ROI is very high because the software is now used in different departments, for a wide range of applications outside the security domain.”