Intercontinental Exchange (NYSE: ICE) is a leading operator of regulated exchanges and clearing houses, serving global financial and commodity markets. The company launched in 2000 with an electronic trading platform for over the counter (OTC) energy markets, and rapidly expanded into areas such as global futures markets, cleared OTC products, and data services. In 2013, Intercontinental Exchange acquired the New York Stock Exchange (NYSE). Today, the company continues to innovate to serve the needs of market participants around the globe.
Intercontinental Exchange leads its business with a focus on customers. In order to maintain the highest levels of compliance and protect the information security of its customers, it invests heavily to maintain and grow its robust IT infrastructure, and depends on leading-edge management systems and processes to keep this infrastructure running smoothly and securely.
Enhancing Compliance and Security Capabilities
When Intercontinental Exchange decided to take its IT compliance and security to the next level, it decided to leverage its existing ServiceNow (NYSE: NOW) ITSM platform. The company was also working with UpGuard—a leading cyber resilience platform provider and ServiceNow partner—to ensure the integrity of its IT environment.
According to Chuck Adkins, Intercontinental Exchange’s Vice President of Technology, “Our strategy is to invest in platforms, not point tools. That’s one of the key reasons that we chose ServiceNow and UpGuard. By bringing both of these together, we significantly enhanced our compliance and security capabilities. And because ServiceNow and UpGuard had already integrated their two platforms, we had a significant head start.”
Automating Change Validation
Change validation was the first area that Intercontinental Exchange tackled—ensuring that planned production changes are actually made.
Adkins says that, “This is a critically important, formal governance process. We had to manually check that changes were executed correctly, which was enormously time-consuming – and limited the number of changes that we could verify.”
Now, ServiceNow drives the change management process, while UpGuard scans Intercontinental Exchange’s servers for detailed configuration changes. ServiceNow queries UpGuard for these changes, and attaches the change data to corresponding CIs in the ServiceNow CMDB.
Reducing Regulatory and Operational Risk
Bretlan Fletcher, Intercontinental Exchange’s Director of IT Development, says that, “We can now instantly see the actual changes have been made to a device within the change window. And, we can pull up the details of those changes from within ServiceNow. We know right away when a change hasn’t been made – and we can even identify unauthorized changes.”
Adkins reinforces the point, saying that, “Before, we would have needed an army of people to reconcile all of these changes. Now, we have an automated, scalable process. That strengthens our regulatory stance, expands our coverage, reduces operational risk, and allows us to continuously improve our IT operations processes.”
Automatically Identifying and Managing Security Vulnerabilities
Vulnerability management is another key focus area. Intercontinental Exchange uses UpGuard to scan its IT environment for vulnerabilities, checking for thousands of potential security issues using the CIS library. Detected vulnerabilities are then automatically uploaded to ServiceNow’s CMDB.
The Benefits of a Platform-First Strategy
Intercontinental Exchange’s platform-based strategy is paying off in other areas. For example, they use ServiceNow widely across the entire enterprise – from driving regulatory processes and managing non-compliance events through to tracking visitors who come to their facilities. Other examples include managing marketing and PR activities, and even creating interactive seating charts.
Similarly, Intercontinental Exchange sees a wide range of uses for their UpGuard platform. Adkins says that, “We started with change validation, which made sense given UpGuard’s agentless change detection and unique change visualization capabilities. However, it can do a lot more – such as checking configurations for policy compliance, and scoring overall cyber resiliency. That’s why we have a platform-first strategy – it allows us to do a lot more with much less.”
Director of IT Development
New York Stock Exchange