Don’t Just Turn It On

Most businesses do a pretty thorough job of planning and researching their security purchases. These processes often take 9–18 months of planning from start to finish. They usually include gathering of specific business requirements, compliance requirements, long term forecasts (for growth), analysis of existing security investments, potential vendor analysis, triplicate quotes, and proof of concepts.

Often overlooked is the planning and budgeting for the operationalization of the new security purchase. This should include more than what it takes to “turn it on.” It should include the time, resources, and headcount necessary for complete configuration, deployment, and customization to achieve the security outcomes that are commonly used to make the business case for the purchase to begin with. Not only does this oversight often lead to “shelfware” or “default-ware,” but it can create budget over-run and impact authorization for future security purchases. 

To avoid this problem, start gathering the following information as soon as possible: 

  • Goals—what security problems do you want to solve?
  • Document existing or possible use cases. What type of reports you will want? What type of reports might management want? Will this be used for prevention as well as incident response?
  • Get a complete picture of the size and architecture of the environment and assets you want to protect.
  • List any 3rd party integrations you need to consider. Does this need to feed into a SIEM, remediation/ticketing solution, DLP system, etc.?
  • Consider any other departments that might need to be involved in the process. Security teams often need resources and assistance from network operations; network monitoring systems teams might need advanced notices of interruptions or availability of certain systems.
  • Ask vendors for details about how long it takes to operationalize their offering, and how they can assist in the process.

For example (not a blatant advertisement!), every new customer integration at Alert Logic is managed by a dedicated onboarding team that includes over 20 specialists, including project managers, network and system administrators, security analysts, and product trainers. Some of the various tasks that this team manages include:

  • Development of a detailed project plan, scheduling, testing plan, and implementation plan
  • Identifying and establishing security goals for desired protection outcomes
  • Discovering and prioritizing assets that require various levels of security and alerts
  • Creating network topology diagrams
  • Network resource planning, configuration, and testing
  • System tuning and customization
  • Testing of security outcomes, reporting, and notifications
  • Creating event/incident escalation plans
  • Administrator and user training 

This is just to get the new stuff properly installed, tuned, tested, and trained—that gets you to the starting line, not the finish line. Next week, we will cover some of the various ways companies plan and budget for daily administration of various security technologies.