It's a new year which makes it a great time to prioritize your technology initiatives. As technology changes dramatically, the headlines continue to focus on the same themes: Security, Cloud, and Digital Transformation. In this blog article, I will review important "to do's" within each category and offer ways you and your organization can achieve these important IT goals.
Being Secure Goes Beyond 'Compliance'
Executives and technology professionals I speak with are now at a point where they truly want to answer the question "Am I secure?" In the past, the question was "Are we compliant?". Compliance is important, but if you understand and are investing in a proper security posture, the compliance part becomes very easy. And as we all know, many 'compliant' organizations still have their companies destroyed by cyber attack. So, compliance is critical to your business, but it is not enough.
This year, dig in, think differently, and make security a recurring topic of leadership and all-staff meetings. Educate your teams and invest in defending your technology and data. Don't start with a compliance checklist or reactivate lists built in the past - invert control and start from your users' perspectives.
For your security planning, blocking and tackling can be broken into the basic categories:
- Software and Hardware Asset Inventory: Knowing what is out there is a critical place to start.
- Vulnerability Management: This starts with patching but goes beyond to broader business vulnerabilities.
- Event Aggregation and Analysis: Most breaches require multiple escalation steps which can be prevented by early detection. To do this properly, you need effective tools, security engineers, and effective 24/7 processes to assess and respond with.
- User Protection: Endpoint protection, culture and awareness activities, click protection, account monitoring, wireless network security, and centralized identity and access Management are examples, but the list is limitless.
- Assess Constantly: A proactive approach to security is the name of the game. Be happy when an assessment turns something up and reward the team for assessment diligence and remediation—having your teams and vendors afraid of finding things in assessments is the poison that will prevent you from achieving a security-minded culture.
User Empowerment: Edge Computing + Cloud Computing
The traditional centralization model is going away. Organizations are weaving together hosted applications, Software-as-a-Services (SaaS) applications, and end-users who may not be on an 'office network' ever. Every organization needs to embrace this future because your users are on that journey with or without you. Invest this year in continuing to advance your cloud footprint while refocusing on the endpoint: How do your users access your systems? Luckily, there have been some great improvements in technology to empower users at the device. As you make cloud investments, also invest in making it easier for your teams to work from all locations and on all devices.
New paradigms in technology management like the Microsoft Enterprise Mobility Suite (EMS) will help your organization by:
- Centralizing and controlling end user identities across cloud and traditional applications. For most businesses it is possible to do all your critical work with one identity. This is easier for your users and increases the security of your organization.
- Improving threat protection using identity driven security instead of the traditional 'moat and castle' model.
- Centralizing device and application management for personal and company equipment. This will allow your organization to easily control who can use what from where and on what device.
- Using proactive and user-driven information protection tools to make it easier for your users to share the right data with the right people while protecting them from accidentally leaking critical data.
The beauty about this approach is that it assists both with your security road map and your digital transformation by both empowering users with tools AND increasing the security of the way they work.
Advanced Networking: Software-Defined Networks
Progressive technology companies have been using software to weave together more complicated connectivity and handle higher bandwidth demands. Legacy technology architectures would co-locate critical applications on a dedicated high-speed network, but with pervasive use of public cloud infrastructure and API-driven applications, your network connectivity needs to be some of the most advanced parts of your technology investments. Additionally, the Internet of Things (IOT) means your architecture needs to handle more complicated segmentation to separate HVAC systems, and the like, from critical corporate systems. Companies that are moving in this direction, but not adopting software-defined networks, are finding the cost of network connectivity rising and reliability waning.
This year, invest in upgrading your network infrastructure to take advantage of SD-WAN capabilities. Update your architecture to allow you to weave together disparate connectivity instead of depending on expensive dedicated communication lines. These architectures will give you more advanced threat protection, more flexibility with how you use your bandwidth, and more options for disaster recovery and business continuity planning. Bottom line: upgrading your architecture will give you much more flexibility while saving your organization money.
This year, organizations are increasing their investments in Security, Cloud Adoption, and Digital Transformation. This is not news to anyone, but as you dig in, the devil is in the details. Key points to focus on:
- Invest in getting your entire team to understand and embrace security. Many people find it interesting and it is now a professional development element of every career.
- Expand your digital transformation and make progress on your security strategy using management platforms like EMS.
- Every company should be evaluating and modernizing the backbone they are running to make sure their network architecture is secure, cloud ready, flexible, and cost effective. Looking at SD-WAN and fast advancing network architectures will save money, mitigate disaster recovery risks, and add business agility.
If you would like to speak to a Systems Engineering representative about any of the above, email firstname.lastname@example.org or call 888.624.6737.