This is the second post in a two-part series by elevenM Senior Project Manager Mike Wood on how businesses can benefit most optimally from the deployment of security products.
In the first part of this blog series, we explored how to extract value from security products. In this post we discuss how to sustain and extend this value, especially as your tool evolves.
You’ve nearly finished your delivery project and you’ve got some great data on the value the tool is starting to deliver. You’re also clear on how you’ll measure remaining value. Stakeholders are pleased with what they’re seeing. Time to focus on the next thing, right?
Not necessarily. Success with security products is not just about getting them to work in today’s context. It’s about how they will work and improve over time. Attackers don’t stand still. Threats evolve and tools and security processes and procedures must keep pace. A benefit of SaaS security tools is much of the advancement is done by the vendor. But these benefits will be lost if you haven’t got the capability and/or capacity to keep pace.
The SaaS vendor will keep the tool working and manage uptime. Your tech support teams can look after the integration points and manage user access. How you effectively support the tool’s outputs and outcomes that deliver value / sustain benefits over time is critical to success.
It is therefore essential to build a support model for not just the tool, but the tool’s value.
A value support model needs to take the benefits and associated context and align them to how business processes run and the metrics/incentives of the people who are responsible. Who does the work? Do they have the skills and capacity? Have they been trained? How are they rewarded and what KPIs are in place? How do escalations flow?
Surely, delivering a value support model is part of project success?! You’re right. It should be. But often support is thought of in narrow terms – does the tool work, does it deliver the data we need. Value support is often missed.
An example of a value support model is with a Cloud Access Security Broker (CASB), a tool used to enforce security policies for your business’ use of cloud services.
A CASB can flag alerts, but it is how those alerts are handled where much of the value lies. How are alerts prioritised? What SLAs are in place within the SOC / Forensics / Security team who manage alerts and coordinate responses to them? How do alerts and trends feed into cloud governance and architecture decisions and strategy? A CASB value support model will have specified and tested this, meaning the organisation doesn’t just have a tool it can run, but outcomes it can actually use to the fullest possible extent to drive security uplift and deliver the target benefits.
Our advice is to get the project to design a value support model as early as practicable in the project. This model should align to the vendor’s product roadmap and your organisation’s security goals and strategy. Stakeholders should be consulted and agree on a governance approach for the tool’s threat area and the tool outputs that will drive decision-making.
If you are clear about all this early on, it will allow you to test the value support model and make iterative improvements in lockstep with tool deployment (typically, such improvements will also cost you less and be less disruptive if made during the project than afterwards). It will also give you a clear view on the funding requirements for the tool.
Building the value support model is something we help businesses with. It requires a blend of key skills and experience: security knowledge, program delivery, systems integration and support. Investing in getting this right is key to success and also contributes towards higher cyber security maturity, which examines process efficacy as well as the systems in use.
If you have also clearly defined how you’ll measure value (per the first post in this series), then tying this value and its associated support model to a funding request will allow you to make a powerful business case to take the steps needed to not just deliver powerful new security capabilities that deliver value now, but long into the future.
Then you can focus on the next thing (as much as your value delivery model allows!).