New security technologies call for user, business involvement
Strong methodology and a clearly defined path for implementation are key when applying sustainable information security technology solutions. This is according to Raymond du Plessis, managing consultant at Mobius Consulting, who was speaking at the ITWeb Security Summit 2017.
Brag, be proud of it... Report back on project successes and user adoption, and articulate the successes to business.
"As security practitioners, we are pretty good at implementing firewalls and backend security technologies. Typically they don't affect users and we don't require business involvement," he said. However, this is changing and the newest security technologies "now require us to start relying on users more and more".
"So if you are talking about identity and access governance, data leakage prevention, electronic signatures and some really sexy technologies that are coming out around mail encryption and data encryption from a user perspective - we need to start getting users involved. We are also to some extent reliant on business to assist us in actually making those technologies effective."
He said that organisations may not fully realise the capability and true value of the technology without taking into consideration key components such as governance, people, process and the mechanism to embed the use of the solution within the organisation.
"We are looking at technologies that impact on users or where we need business involvement or interaction to make them successful and those things typically fail because of a lack of buy-in or a lack of support or governance - but they don't necessarily fail because of a lack of technology capabilities."
Organisations are also expecting to get better return on investment on security technologies than in the past.
Du Plessis laid out how to build your own methodology for implementing sustainable solutions but said organisations should not try to replace existing methodologies or project process - rather augment existing technical methodologies to improve success.
His methodology example had three stages: the planning stage, the building stage and the running stage.
In the planning stage, you first need to define the need for the solution and obtain buy- in and a clear vision. You must then have a clear definition of the requirements, the solution and what plans are needed for implementation success.
In the building stage, you must remember to develop the core enablers of the solution that are often neglected such as the people, process and governance. This is also the time to ensure that all relevant stakeholders are well prepared for the transition of the solution into business as usual. You can do this by running training and user awareness sessions.
Once you move into the actual adoption and operationalisation of the solution, you need to be able to monitor adoption rates, provide support and take corrective actions during the process.
"Something we don't do well is managing and driving adoption. We tend to hand it over to someone else but I think it's becoming increasingly important to have the project team involved and available in the roll-out and adoption as well," he said.
"The final step which we don't do well is report back on the benefits of the solution. Brag, be proud of it because some of these things are incredibly exciting to watch roll out and see the benefit. So report back on project successes and user adoption, and articulate the successes to business" he concluded.