Enterprise Security Migration Done Right: Tips from Our CISO
Is your company planning on migrating to a new security solution? Do it the right way and avoid these pitfalls.
When it’s time to migrate your technology stack – something that can require another discussion entirely – you want to make sure you do it right.
One of the biggest mistakes a company can make these days when it comes to getting a new technology solution off the ground is doing it to simply to add another tool to your organization's arsenal.
When it comes to enterprise security, having every market-leading security tool at your fingertips doesn’t always do the trick. Defenders should have an intimate knowledge of how their business runs - where data flows, what apps data interacts with, etc. - before adding a new solution. By being familiar with your data and how it fuels your business, organizations can provide value by passing that knowledge along to its customers.
One of the biggest impediments to deploying a new security solution is cost. Before beginning to look, think about how your company makes money and bolster that business with solutions as directly as possible.
Knowing more about your company and its data and the systems that need protecting can vastly help inform your overall security strategy, too. Visibility has always been a fundamental component of cybersecurity; it can also help provide insight when it comes to nurturing your risk management program.
Get a Plan Together
Before you even think about writing a request for proposal, think hard around what you're trying to accomplish with this move.
Get a team, ideally one that's cross functional – you’ll want technical and non-technical people involved - and ask them to outline requirements of the new solution. From the admins to the end users, everyone has a role to play in defining the scope of this project.
Where's your company going? Ensure the project as a whole is aligned with the company's business goals and future plans. If you’re planning a shift soon, will this new solution work in tandem with it? Assuming you've got the support of the leadership team, move forward with confidence.
When it comes to building a team, everyone involved should be on the same page when it comes to the level of involvement in the evaluation process and decision process. Consider following the RACI model, a responsibility assignment matrix, to help your organization identify roles and responsibilities for the project. If deployed correctly, this can also help avoid confusion farther down the road.
Having everyone settle on a budget and timeline, knowing full well they can change, is important too.
These are just a few essential hallmarks of project planning that should help you out in the long run.
Avoid These Pitfalls
Now that we’ve discussed some of the best practices around preparing for a migration, let’s make sure we cover our bases and discuss things you don’t want to do.
Failing to have a roadmap laid out, a guide you and your team can use to check boxes and measure progress, can leave your organization hamstrung. Have deliverable benchmarks in place to keep you and your team accountable in your journey to implementing whatever new technology you’re deploying.
In addition to a roadmap, have a contingency plan in place. Plan for the long term and keep in mind that sometimes the unexpected happens. If a member of the team moves to another part of the organization or leaves the company, make sure you have a backup team member in place, someone who’s well-versed in the technology who can step in. Without having a trained backup, someone who can seamlessly fill that gap, can be a source of great frustration for organizations, especially when trying to get a new solution off the ground internally.
Keep track of where you've been. No one likes keeping track of precise details, dates, and other minutia, but it's extremely valuable to have a record of this, just in case - like I just mentioned - someone leaves or if for some reason, you need to look back on how you got to where you are.
Neglecting to thoroughly test the solution and involve all of the experts in your organization in the migration are key steps too. The last thing you want to do is brick 20,000 endpoints across your enterprise because you didn’t take the time to do the upfront testing ahead of time. Involving the expertise that exists internally, keeping them looped in on important aspects of the migration is save your from encountering problems in the long run, too.
This isn’t an exhaustive list by any means but hopefully these tips can get you in the right frame of mind before your next big security migration.