How to successfully manage security migration in a hybrid world

pixabay | TheDigitalArtist
(Image credit: pixabay | TheDigitalArtist)

Many organizations have had to accelerate their digital transformation efforts and shake up their IT and security practices during the pandemic to keep their business secure, especially with so many employees working remotely. 

This has also helped them to cope with the understandable emphasis on digital interactions between businesses and customers as a consequence of the pandemic. 

A recent report by McKinsey found the amount of digital customer interactions had increased from 36% to 58% over the course of the pandemic.  

While it has provided numerous benefits for organizations, rapid digital transformation also means a change in security needs and a significant security migration. It is more important than ever to ensure data is being securely moved and stored so organizations need to consider several factors during their enterprise security migration.

Beginning with security migration

When it comes to enterprise security, having access to every market-leading security tool doesn’t always do the trick. Defenders need to have an intimate knowledge of how their business runs – where data flows, what apps data interacts with, etc. – before they opt to add a new solution. Those who are familiar with their data and how it fuels the business can better understand if a new tool will strengthen their defences or not.

One of the biggest impediments to deploying a new security solution is cost. For this reason, it is important to think about how the company makes money and choose solutions that bolster the business as directly as possible. 

Knowing more about the company, its data and the systems that need protecting can help inform the overall security strategy, and because visibility has always been a fundamental component of cybersecurity; it can also help provide insight when it comes to nurturing risk management programmes.

What’s the plan?

Before starting to write a request for proposal, it’s important to consider carefully what you are trying to achieve.

One of the most important issues to address is where is the company going? It’s vital to ensure the project as a whole is aligned with the company's business goals and future plans. For example, if there are plans to make changes soon, will the new solution work in tandem with those changes? It pays to make sure you have the support of the leadership team. Without it, you can’t really move forward with any real confidence.

To get the widest perspective, it makes sense to put a team together that is ideally cross functional, including technical and non-technical people, and ask those involved to outline the requirements for the new solution. From admins to end users, everyone should have a role to play in defining the scope of the project.

When it comes to assembling the team, all those involved should be on the same page when it comes to their level of involvement in the evaluation and decision process. It might be worth following the RACI model (a responsibility assignment matrix), to help the organisation identify roles and responsibilities for the project. If deployed correctly, this can also help avoid confusion further down the road.

It’s important that everyone agrees on the budget and timeline but that they are also aware things can change and are prepared for that.

Be prepared for contingencies

Every project has a beginning and an end but without a clear plan of how to get there and what steps you need to take along the way, things can get bogged down very quickly. 

That’s why it’s important to have a roadmap as a guide that the team can use to check boxes and measure progress. Include deliverable benchmarks that can keep you and your team accountable in the journey to implementing the new technology that is being deployed.

Any journey can be disrupted by unexpected obstacles, potholes or detours, so it is always important to have a contingency plan in place. You need to plan for the long term, but you also need to keep in mind that the unexpected can happen – and often does. 

For example, if a member of the team moves to another part of the organization or leaves the company altogether, do you have someone who is well-versed in the technology that can step in at short notice? Without a trained backup to seamlessly fill the gap, the organisation can have all its well-laid plans severely disrupted, especially when trying to get a new solution up and running internally.

To this end, it is also worth making sure you have a record of the progress of the project. No one likes keeping track of precise details, dates and other minutiae, but it's extremely valuable to have a record in case someone leaves or if, for some reason, you need to look back on how you got to where you are.

Finally, you need to involve all of the experts in your organization in the migration and thoroughly test the solution.  The last thing anyone wants to do is disrupt 20,000 endpoints across the enterprise because they didn’t do the upfront testing ahead of time. 

By engaging with the expertise that exists internally and keeping people looped in on important aspects of the migration, you can help reduce the prospect of unexpected and unforeseen problems further down the line.

If you’re planning to migrate your enterprise security, it would be useful to:

- Identify needs and goals that work within the budget
- Look beyond short-term needs and form a long-term roadmap
- Understand the importance of creating a contingency plan 
- Make use of cross-functional teams
- Engage internal experts to test the solution

Adam is the Director of Cybersecurity at Digital Guardian and an expert in cybersecurity, specifically threat detection and protection.