Part Four Putting It Into Production
Develop A Migration Plan For The New Technology Being Deployed
You and the team have spent time researching the business needs, documenting them in the RFP, evaluating the responses, and finally, selecting a winner. Don’t let all that hard work go to waste, make sure you and the vendors have a migration plan before you do anything else. The three big phases, Plan, Build, and Run have 6 sub-phases.
Plan – Work with the vendor’s team and your project team to document key elements of the deployment. Dedicating time here will help keep the process on track and prevent “shelfware.” What data types are being protected, how are they classified, how are alerts/alarms defined, who resolves them and how, when will you kick off the project, when will you cut over, what are the escalation steps (on both sides) if issues arise that are not being properly addressed. A security risk assessment is a key item in the Plan phase, especially when deploying security solutions!
Build – Put your plan into action! Work with the architects to get the design right and put the new solution into play, often times alongside the old. (as much as possible; there are occasions where technology conflicts will arise, precluding a side-by-side approach). Do as much testing as you can in a sandbox, then roll out in smaller, but increasing numbers to validate as you go.
Run – It’s go time! The operational phase requires you and the team (and the vendor!) to be ready to take over responsibility as you outlined it. Even in a managed security program, the organization needs to commit resources to own, operate, and handle the internal side of the project. Tracking improvement in the business outcomes that you tied the project to is key to show ROI. If you are struggling to get the ROI you expected, work with the vendor to determine where things went astray. Were your assumption up front off base? Did something change internally (or externally – Hello, COVID, I’m looking at you) that altered the environment?