Question: What is the biggest factor impacting an organization’s ability to do what it wants today?
Answer: Obligations to its past.
It is a harsh reality to acknowledge that an organization cannot simply install a new system or migrate to a new environment or start a new business initiative because of the dependencies on the choices that were made just a few short years ago, when everything was so entirely different.
If we only knew then what we know now…
Unfortunately, this is exactly what happens within IT and Security environments at organizations everywhere both big and small.
What often appear to be mundane decisions or details that can easily be skipped over when implementing a new technology or security service for the sake of ensuring that the deployment meets its intended timeline, regularly become the anchor points that lock out entire approaches in the future.
Further exacerbating this issue is the routine lack of detailed inventories of systems, applications and dependencies. Without this detailed roadmap, organizations walk on eggshells and previous decisions are felt even more heavily, becoming unintended debts to the past that result in organizational paralysis over the best options to follow when attempting to move forward. This has the secondary effect of increasing security risk exposures.
It is rare that anyone ever has the opportunity for a “do-over” or to press the proverbial “reset” button. Yet, with the advent of cloud, microservices and a host of new development and deployment approaches, organizations are now being provided with a unique opportunity to do so for both systems and security.
When planning new deployments, organizations should consider redesigning the concepts and frameworks behind the tools and technologies they plan to deploy within their environments. This will offer them the ability to support more nimble and secure business processes now and into the future.
Additionally, organizations should consider incorporating the concepts of adaptability, scalability, resilience and built-in security as the core starting points of any new IT initiative. Challenge the “one-size-fits-all” approaches that were often favored with previous iterations of deployments. While there are benefits to a “one-size-fits-all” approaches, new frameworks support greater malleability to unique use cases while still leveraging common security technology stacks.
It is important to assess the growing costs of maintaining and supporting the existing IT debt and determine the actual total cost of ownership (TCO) over time. This will highlight the impact of previous decisions that continue to anchor the organization firmly in its past and will put in perspective the true costs of skipping over mundane decisions or details.
Lastly, ensure oversight of new deployments with transparency, ownership and collaboration. These are the true hallmark of a new generation of IT Security operations.