It’s a well-known fact: IT staff shortages exist throughout the corporate world. And practitioners with expertise in security are especially sought after. Unfortunately, that means some of your key staff may eventually get lured away by a better offer.
Filling the void of expertise when key individuals leave can be a challenge—regardless of the expertise at stake—but this type of loss takes on greater importance when it might expose your organization to additional threats or security breaches.
But designing a strategy around the best security posture for the organization – and working to ensure redundancy in knowledge -- can help better protect against the loss of expertise that comes with attrition.
A Lean Tool Set Strategy
With security at the forefront of many professionals’ minds, from the Board to the help desk staff, there’s no doubt organizations will invest in new technology. Before you rush into any buying decision, however, it’s important to first understand which security tools are best for the organization.
Additional tools aren’t always the best security solution, especially when individuals become “masters” of different technologies. Other members of the security team may not know how the solution works, or how to continue to build out or support the solutions if a key member leaves.
Let’s say an organization has a 5-member security team, but they have 2o or more applications. Justin Grant, strategy director, IBM Managed Security Services, North America says typically each person becomes responsible for 4 or 5 different applications, and there is little time to share their expertise for redundancy.
In order to avoid gaps in security when key people leave, security needs to be designed and integrated strategically, he says.
Invest in professional development training for all staff; certifications can help everyone keep up with changes in technology. Plan for succession by pairing experts with new hires to exchange knowledge.
Prepare for change. Recognize that both risks to business and employees will change over time, so it’s essential to develop a clear understanding of where your organization’s security strategy is headed. Set strategic goals with a plan driven by the many facets of a security posture—from cloud solutions to disaster recovery plans. Then, work backwards toward technology, leveraging a small number of vendors that give security practitioners the tools they need to achieve the security goals.
Build redundancy in skillsets. “Try to have good policies, procedures, and documentation around what people are doing,” says Grant. “Build systemically around the overall picture of information security, relying on the right security technology for the business. Don’t build the technology around the team.”
Work with third-party partners. Identify the routine processes within the business that can be outsourced to third-party suppliers. Document specific contracts with managed security services that—unlike employees—can’t walk away.
No comments:
Post a Comment