Three trends to jumpstart your 2019 IT planning
Develop a strategy that considers vulnerabilities in the network as well as employees’ workflow
As we look back on 2018 and celebrate our successes, it's time to prioritize what comes next in 2019. As technology changes dramatically, the headlines still focus on the same themes: security, cloud and digital transformation.
Executives and technology professionals I speak with are now at a point where they truly want to answer the question "Am I secure?" In the past, the question was "Are we compliant?". Compliance is important, but if you understand and are investing in a proper security posture, the compliance part becomes very easy. And as we all know, many 'compliant' organizations still have their companies destroyed by a cyber-attack. So, compliance is critical to your business, but it is not enough.
In 2019, dig in, think differently, and make security a recurring topic of leadership and all-staff meetings. Educate your teams and invest in defending your technology and data. Don't start with a compliance checklist or reactivate lists built in the past — invert control and start from your users' perspectives.
For your security planning, blocking and tackling can be broken into these basic categories:
• Software and Hardware Asset Inventory: Knowing what is out there is a critical place to start.
• Vulnerability Management: This starts with patching but goes beyond to broader business vulnerabilities.
• Event Aggregation and Analysis: Most breaches require multiple escalation steps which can be prevented by early detection. To do this properly, you need effective tools, security engineers, and effective 24/7 processes to access and respond with.
• User Protection: Endpoint protection, culture and awareness activities, click protection, account monitoring, wireless network security, and centralized identity and access Management are all examples, but the list is limitless.
• Assess Constantly: A proactive approach to security is the name of the game. Be happy when an assessment turns something up and reward the team for assessment diligence and remediation—having your teams and vendors afraid of finding things in assessments is the poison that will prevent you from achieving a security-minded culture.
Modern Desktop: Edge Computing + Cloud
The traditional centralization model is going away. Organizations are weaving together hosted applications, SaaS applications, and end users who may not be on an 'office network' ever. Every organization needs to embrace this future — because your users are on that journey with or without you. Invest this year in continuing to advance your cloud footprint while refocusing on the endpoint: How do your users access your systems? Luckily, there have been some great improvements in technology to empower users at the device. As you make cloud investments, also invest in making it easier for your teams to work from all locations and on all devices.
New paradigms in technology management like the Microsoft Enterprise Mobility Suite (EMS) will help your organization by:
• Centralizing and controlling end user identities across cloud and traditional applications. For most businesses, it is possible to do all your critical work with one identity. This is easier for your users and increases the security of your organization.
• Improving threat protection using identity driven security instead of the traditional 'moat-and-castle' model.
• Centralizing device and application management for personal and company equipment. This will allow your organization to easily control who can use what from where and on what device.
• Using proactive and user-driven information protection tools to make it easy for your users to share the right data with the right people while protecting them from accidentally leaking critical data.
The beauty about this approach is that it assists both with your security roadmap and your digital transformation by empowering users with tools AND increasing the security of the way they work.
Advanced Networking: Software-Defined Networks
Progressive technology companies have been using software to weave together more complicated connectivity and handle higher bandwidth demands. Legacy technology architectures would co-locate critical applications on a dedicated high-speed network, but with pervasive use of public cloud infrastructure and API-driven applications, your network connectivity needs to be some of the most advanced parts of your technology investments. Additionally, Internet of Things (IOT) means your architecture needs to handle more complicated segmentation to separate HVAC systems and the like from critical corporate systems. Companies that are moving in this direction, but not adopting software-defined networks, are finding the cost of network connectivity rising and reliability waning.
This year, invest in upgrading your network infrastructure to take advantage of SD-WAN capabilities. Update your architecture to allow you to weave together disparate connectivity instead of depending on expensive dedicated communication lines. These architectures will give you more advanced threat protection, more flexibility with how you use your bandwidth, and more options for disaster recovery and business continuity planning. Bottom line: upgrading your architecture will give you much more flexibility while saving your organization money.
As you look forward to 2019, organizations are increasing their investments in security, cloud adoption and digital transformation. This is not news to anyone, but as you work through your strategy, the devil is in the detail.
Key points to focus on:
• Invest in getting your entire team to understand and embrace security. Many people find it interesting and it is now a professional development element of every career
• Expand your digital transformation and make progress on your security strategy using management platforms like EMS
• Every company should be evaluating and modernizing the backbone they are running to make sure their network architecture is secure, cloud ready, flexible, and cost effective.
Looking at SD-WAN and fast advancing network architectures will save money, mitigate disaster recovery risks and add business agility.
John Sterling, director of engineering for Systems Engineering, has over 20 years of IT experience. He can be reached at 888-624-6737 or at www.syseng.com.