Common migration pitfalls and how to avoid them

Tim Bandos, CISO at Digital Guardian, shares his top tips on avoiding some of the most common migration mistakes made by companies.

Organisations familiar with the process of migrating to a new enterprise security solution appreciate the difficulty — and time — involved in this task, but staying abreast of enterprise cybersecurity needs is a business imperative. Indeed, with just one-in-10 enterprises saying that their current security solution fully meets their needs, it’s clear that most organisations will soon be preparing to adopt a new security tool or solution.

Now is the time. Cyberattacks are predicted to cost the world US$11.4mn a minute in 2021, placing cybersecurity leaders under major pressure to protect the enterprise’s most critical assets – its data and IP. Executing a migration plan is a significant endeavour, however, and must be undertaken the right way. Failure to do so could expose the enterprise to business interruption.

How do you know it’s time to break up with your current security solution provider? Below are a few indicators you should note before you plot and execute a migration strategy.

The catalysts for change

The decision to change solution providers should not be made lightly. At the same time, you should be examining your existing partnerships to determine if they have exceeded their natural sell-by date. Are your current vendor’s solutions underperforming or outdated? Are they relying on legacy technologies? If so, that potentially puts your enterprise’s reputation, customer information and other assets at risk of breach. If your existing solution isn’t keeping pace with the rate of change or evolving threat vectors, you should move to a more comprehensive solution.

Agility is another critical trait to examine. Today’s businesses are constantly transforming,  so data security solutions that take a ‘set it and forget it’ approach are no longer viable options. If existing solutions are hampering an organisation’s ability to operate in new and agile ways, that’s an existential problem. This is before we even consider shifting regulatory compliance requirements, which force organisations to re-evaluate the strength of their existing security solutions on a constant basis.

Having determined that existing systems and solutions no longer accommodate current and future needs, organisations will need to make the leap to a new vendor or solution provider. Which means that determining who and why will be the next big challenge.

Defining the migration strategy: step 1

A quick Google search reveals an abundance of vendors, all offering security solutions to fit every organisation’s need. As a result, choosing a provider can be hard for organisations. The key is to cut through the marketing jargon and deduce if the service on offer truly suits their requirements.

Start by talking to industry peers and asking which solutions they are using. Similarly, rely on analyst guidance to obtain a detailed analysis of vendors and their solutions.

The best starting point is to spend the time to define a highly structured request for proposal (RFP) inviting leading vendors to submit formal plans. You should also assemble a cross-functional project team whose job it is to refine the broader organisational needs and assess potential vendors and evaluate their ability to deliver against these requirements.

The process of RFP preparation is critical. It should involve scoping out all requirements in collaboration with stakeholders and ensuring they align with the business strategy. Develop a scoring or weighting system that will form the foundation for decision-making — including ranking desired capabilities and requirements. As part of the selection methodology, ensure that wider holistic considerations are included in the process: will the solution be intuitive for users, how will ROI be measured, is the solution agile enough to keep up with the pace of change?

Ideally, organisations will create a shortlist of no more than three vendors and use the RFP process to scrutinise their capabilities. In the course of reviewing and scoring vendors, undertake a highly targeted proof of concept programme to ensure the selected solution will suit your environment.

Defining the migration strategy: step 2

Having selected a solution provider, you’ll then want to develop a migration plan for deployment. This begins with assessing data requirements, classification, business logic and intra dependencies defining a timeline complete with a pilot test, and then designing a network topology in preparation for deployment. As part of the transition process, set clear milestones for release management, validation, cutover, and decommission.

Don’t stop there! Having successfully executed the plan, and run elements of the migration, go the extra mile to achieve maximum ROI. This requires a post-migration strategy that incorporates frequent reviews with the solution vendor focusing on improving deployment and enhancing value.

Common pitfalls and how to avoid these

Several pitfalls can doom any change programme. The most obvious: not preparing a long term migration roadmap with accountable deliverables and a stakeholder engagement and communication plan. So too is failing to prepare a contingency plan should migration team members quit mid-project. Yet another is deploying a solution before testing it and involving in-house experts.

However, thinking long and hard about what you really need to protect will be the single most important action you can take to ensure a successful migration project. Ultimately, enterprise security is not about deploying and maintaining tools. Indeed, having a ton of market-leading tools won’t make the enterprise secure unless these are appropriately integrated with the overall security strategy. Achieving this depends on understanding how the business runs and what data and apps are vital to adding value to customers and fostering a strong risk management strategy to protect these assets.

READ MORE:

Migrating with confidence

There’s truth in the saying ‘knowledge is power’. So taking a risk-driven approach to any new solution deployed begins with achieving a deep understanding of which data assets will be most critical to protect.

Asking the right questions of the business early on in the migration programme will help determine the depth, breadth, and level of service needed – and if the security provider in question is up to the challenge. Because, in a world where traditional security borders no longer exist, the game aims to minimise detection times by utilising the right processes and data loss prevention technologies.

For more news from Top Business Tech, don’t forget to subscribe to our daily bulletin!

Follow us on LinkedIn and Twitter

Tim Bandos

Tim Bandos, CISSP, CISA, CEH is Vice President of Cybersecurity at Digital Guardian and an expert in incident response and threat hunting. He has over 15 years of experience in the cybersecurity world and has a wealth of practical knowledge gained from tracking and hunting advanced threats that targeted stealing highly sensitive data. A majority of his career was spent working at a Fortune 100 company where he built an Incident Response organisation and he now runs Digital Guardian’s global Security Operation Center for Managed Detection & Response.

How E-commerce Marketers Can Win Black Friday

Sue Azari • 11th November 2024

As new global eCommerce players expand their influence across both European and US markets, traditional brands are navigating a rapidly shifting landscape. These fast-growing Asian platforms have gained traction by offering ultra-low prices, rapid product turnarounds, heavy investment in paid user acquisition, and leveraging viral social media trends to create demand almost in real-time. This...

Why microgrids are big news

Craig Tropea • 31st October 2024

As the world continues its march towards a greener future, businesses, communities, and individuals alike are all increasingly turning towards renewable energy sources to power their operations. What is most interesting, though, is how many of them are taking the pro-active position of researching, selecting, and implementing their preferred solutions without the assistance of traditional...

Is automation the silver bullet for customer retention?

Carter Busse • 22nd October 2024

CX innovation has accelerated rapidly since 2020, as business and consumer expectations evolved dramatically during the Covid-19 pandemic. Now, finding the best way to engage and respond to customers has become a top business priority and a key business challenge. Not only do customers expect the highest standard, but companies are prioritising superb CX to...

Automated Testing Tools and Their Impact on Software Quality

Natalia Yanchii • 09th October 2024

Test automation refers to using specialized software tools and frameworks to automate the execution of test cases, thereby reducing the time and effort required for manual testing. This approach ensures that automation tests run quickly and consistently, allowing development teams to identify and resolve defects more effectively. Test automation provides greater accuracy by eliminating human...

Custom Software Development

Natalia Yanchii • 04th October 2024

There is a wide performance gap between industry-leading companies and other market players. What helps these top businesses outperform their competitors? McKinsey & Company researchers are confident that these are digital technologies and custom software solutions. Nearly 70% of the top performers develop their proprietary products to differentiate themselves from competitors and drive growth. As...

The Impact of Test Automation on Software Quality

Natalia Yanchii • 04th October 2024

Software systems have become highly complex now, with multiple interconnected components, diverse user interfaces, and business logic. To ensure quality, QA engineers thoroughly test these systems through either automated or manual testing. At Testlum, we met many software development teams who were pressured to deliver new features and updates at a faster pace. The manual...