Tim Bandos at Digital Guardian describes some of the most common pitfalls of enterprise security migration and offers practical tips on avoiding them
Migrating to a new enterprise security solution can be difficult – and time-consuming. Data security vendors abound, each offering security solutions to fit just about any need an organisation might have. This abundance of options makes the provider-selection process very challenging, as organisations must cut through various marketing and sales claims and find the best service for their requirements.
But that’s not even half the battle. After completing the vendor selection process, you enter the phase where many organisations truly struggle: migration. Indeed, the migration phase presents a host of pitfalls to snare unsuspecting organisations and disrupt progress.
Don’t want to be caught? Read below to learn about the five most common migration pitfalls – and how to avoid them.
1. Not preparing a long-term migration roadmap with accountable deliverables
In the excitement of migration, organisations may neglect to identify the long-term deliverables for the new technology they’ve just deployed. But doing so is critical. Indeed, this essential aspect of migration canl determine the program’s ultimate success. To ensure the migration achieves its original objectives weeks, months and even years down the line, you should prepare a long-term migration roadmap, and lay out explicit deliverables.
2. Not having a contingency plan for team members leaving the organisation
Migration invariably requires the hiring and training of new team members to operate the new technology. The sudden departure of one of these team members can create major organizational issues – unless contingency plans are in place to address such a scenario. You should train alternative team members and have them ready to go as a way to prevent such scenarios.
This contingency planning ensures that any unexpected team departures don’t bring the entire security programme to a screeching halt while you scramble to train a replacement.
3. Not maintaining thorough documentation during migration
This is another example of a pitfall with potentially significant consequences, but one that’s easy to avoid with a little foresight. While few would claim documentation is their favourite pastime, it’s an extremely important aspect of any effective migration strategy. Without it, if someone leaves unexpectedly (as per pitfall 2), or the team simply needs to refer back to something important that happened earlier, things can quickly become derailed. Keeping thorough and clearly labelled records throughout the migration can save huge headaches further down the line.
4. Not testing each phase of the migration properly
Regular and thorough testing during each stage of a migration is absolutely essential. For one thing, testing avoids issues that range from embarrassing to downright dangerous. No security team wants to deploy a new technology or update across an entire enterprise (sometimes in excess of 20,000 endpoints), only to find that a missed error in the code turns them all into bricks! Before any rollout, undertake proper testing in a controlled environment. This will reliably preclude such a scenario, helping maintain operational efficiency and keeping senior executives on-side throughout.
5. Not involving in-house security experts in the migration process
The vendor often prefers to handle the process of migrating to a new security solution. Nonetheless, in-house team members and experts should also be kept in the loop throughout. Doing so ensures that all parties are on the same page and can quickly take the reins or pick up any slack should the need arise — either before, during or after the migration has been completed.
Migrating to a new enterprise security solution can be hard, but the right level of planning and implementation can make it easier and much more effective. Of course, even the best laid plans can sometimes go awry. After all, we don’t know what we don’t know. But if you understand the five pitfalls laid out above, you’re well on your way to avoiding them and ensuring that you keep your organisation’s migration process as smooth and pain free as possible.
Tim Bandos is CISO and VP of Managed Security Services at Digital Guardian. Tim is an expert in incident response and threat hunting. He has over 15 years of experience in the cybersecurity world and has a wealth of practical knowledge gained from tracking and hunting advanced threats that targeted stealing highly sensitive data. A majority of his career was spent working at a Fortune 100 company where he built an Incident Response organization and he now runs Digital Guardian’s global Security Operation Center for Managed Detection & Response.
For more information on how to migrate to new enterprise security solutions safely, check out Digital Guardian’s webinar here.
Main image courtesy of iStockPhoto.com