Best Practice Security Governance

What is available within Cockpit ITSM to ensure the security of the solution?

Information security is a concern for the whole organisation, but much of its security management falls to the IT department. What is available within Cockpit ITSM to ensure the security of the solution?

Good information governance and IT security must incorporate a number of factors, including: • access management and user rights • strong passwords and user authentication However, these can’t come at the cost of user-friendliness, otherwise their implementation can be self-defeating. People must have every reason to comply with security best practice.

The Human Factor in Security

People are at the heart of every organisation. Unfortunately, they are also often the weakest point in any security chain. User rights and access management are therefore a vital part of the security piece.

In this, Cockpit ITSM is no different. The IT department must keep track of users and user accounts. For example, deleting or deactivating the accounts and access rights of technicians who no longer work for the company.

Existing users must be educated about the need to keep user account information secure. For example, the importance of not sharing password information or writing down passwords. The IT department also has a role to play in terms of creating strong rules around password conventions.

Password Management

Cockpit ITSM offers several options for IT Managers to set password management policies within the application. These include: • minimum number of characters per password • requirement for mandatory characters within a password (e.g. lower case/ upper case/ special characters, etc) • frequency (in months) of password renewal

Strong Authentication

Multi-factor authentication is important for good security practice. The US National Institute of Standards and Technology (NIST) has offered new guidance around this; suggesting users should be able to verify at least two out of the following three identifiers: “something you know, something you are, and something you have”.

Cockpit ITSM supports two factor authentication (2FA) for strong user authentication. Cockpit ITSM supports the use of the following two factors: • the password set by the user (something you know) • a six-digit number – encoded in BASE32 – that is generated by an application that is common to the user and the authentication system (something you have).

This six-digit number can be generated by apps such as Google Authenticator, LastPass Authenticator, Free OTP, etc. and is easy to set up. The user installs the app on their mobile device and then is associated with the Cockpit user by scanning a QR code with the mobile or manually noting the code. Then every 30 seconds, a new code is generated by the app and can be used for the authentication. The resulting solution is very secure.

Single Sign On

Single sign on (SSO) is a method of access control for multiple related, but independent, software systems. For example, it is possible to link your Cockpit ITSM solution with Google mailbox sign on, so that when users are logged in to their Google mail service, they do not have to login separately to their Cockpit ITSM application.

This feature is highly appreciated by users because it allows for ease of use without compromising on security. However, when users log out from Cockpit ITSM, they must understand that they must out of the original application in order to ensure that their Cockpit ITSM access is no longer available in one click.

Cockpit ITSM offers SSO functionality with both SSO Google and Microsoft Azure AD.

Lightweight Directory Access Protocol

Cockpit ITSM also supports Lightweight Directory Access Protocol – so users can login via an external directory such as LDAP. This option is another way to simplify login for users, without compromising security practice.

Optimising Security and Ease of Use with Cockpit ITSM

To maintain ease of use while ensuring good security practice, ideally we want to combine 2FA with SSO. At first glance, this seems to be a contradictory goal, but it is achievable. One option, if you decide to use SSO, is to ensure that you have 2FA set up on the first application (e.g. your Google mail account) and then set up SSO with Cockpit ITSM.

To find out more about Cockpit ITSM, please visit our website :

7th Feb, 2018