There is nothing like a crisis to create a sense of urgency and spawn actions. This is especially true for enterprise IT teams, who are tasked with new responsibilities and critical decisions.
Speed matters in the heat of the moment and many leaders may not take the necessary steps to assess the risk of their decisions in order to mitigate the crisis quickly. When processes are rushed, security concerns and other gaps in the system move to the front and center. Balancing speed vs. security can be a difficult tightrope to walk in the moment.
IT leaders are running into this concern and asking themselves how they can backtrack and solve these issues before they spiral out of control. Through my years of experience in the IT industry, I’ve found three approaches work best: ongoing tools rationalization, frequent evaluation and auditing of your security environment, and establishing protocols and processes from the start.
Ongoing tools rationalization
When trying to increase speed and solve issues or set up a new workflow quickly, IT teams often adopt new tools at a rapid pace. This creates tool sprawl, i.e., the redundancy and waste associated with purchasing new tools and systems with potentially overlapping functions. Tool sprawl is costly, resulting in wasteful spending, decreased productivity caused by tool redundancy, and security gaps within your tools ecosystem.
The best way to solve this problem is through ongoing tools rationalization. Tools or application rationalization assesses the complete IT tools portfolio and identifies overlap, system gaps, and unnecessary functionalities based on each organization’s needs.
Businesses can handle the rationalization process in-house, but that may take months of manual labor. Manual audits involve spreadsheets, tedious processes, and reallocated valuable resources. They are also only a snapshot in time.
Leaders can also outsource the process to a partner, who will perform an automated rapid proof of concept (POC) through a tools rationalization platform, saving time and cutting up to 15% on overall tool costs.
Using a modern solution streamlines the entire process and evaluates an IT and security tech stack in three ways:
1. Artificial intelligence to identify overlapping functions
2. Automatic inventory of capabilities and requirements
3. Continuous cadence to audit the portfolio rather than manual labor every year
Rather than slowing back down to fix mistakes made during times of rapid pace, find the right partners who can help you automate processes like ongoing tools rationalization.
Frequent analysis of your security environment
Many of us learned on a Friday afternoon in March that we wouldn’t be able to return to the office on Monday morning due to the COVID-19 pandemic. This had IT teams across the globe scrambling to set up functional, remote workflows for businesses of all sizes and ensure that networks could support them. By using figurative tape and glue, like weak multi-factor authentication, the job got done, but because of such a quick turnaround, system security was likely compromised in one way or another.
Three main security concerns that arise with remote work environments are home Wi-Fi security, insecure employee passwords, and phishing scams. Home Wi-Fi networks employ weaker protocols than office networks, while office settings also require stricter passwords. Unfortunately, your pet’s name and the year you were born just won’t cut it when working on a remote office system.
Phishing attacks are among the top causes of data breaches. They involve hackers sending seemingly innocent emails that contain malicious links or attachments, which allows the hacker to gain system access when an employee clicks on the links.
Businesses must evolve the security of each device to ensure safety in a remote work environment. This involves discarding outdated, legacy VPNs, and moving to cloud-based, vendor-agnostic network security solutions. Cloud-based systems will run seamlessly and improve the scalability of any necessary remote work training needed for employees while also allowing easier remote access for IT teams to mitigate security concerns. But remember, cloud-based systems introduce a whole new set of security challenges.
Create a playbook for the future
While this seems like a simple idea, it’s one of the most essential tips to increase speed and minimize risk: learn from your mistakes and remember them for future situations. This entire experience has been a learning curve and taught IT teams and business leaders valuable lessons about preparedness and what’s needed to ensure smooth transitions should this ever happen again.
To develop your playbook for the future, start by setting up virtual meetings with executives, employees, security, data and the rest of your IT team to assess what worked and what didn’t. Ask your team:
- What roadblocks did we run into?
- Did we experience security breaches? If so, what was the root cause?
- What are our top priorities in moments requiring rapid responses and what can we correct later?
Once you’ve answered these questions, develop a playbook with processes and policies that can be easily followed should a similar situation occur in the future.
The quick shift to building remote work environments compromised many things, but it’s not too late to correct the problems and be ready for the future. Preparedness is critical to minimizing risk in high-pressure situations. Be sure to evaluate your IT tools portfolio, analyze your overall security environment, and build a playbook for the future. Taking these steps will help keep speed a priority while effectively mitigating as much risk as possible.