On March 5 in Seattle, The Great Conversation will once again feature thought leadership in security and comprehensive case studies involving the integration of current and emerging technologies. One of the case studies this year will feature the process one organization went through to move all its standalone access control systems to a common operating model. William Plante, Director of Professional Services at Aronson Security Group discusses migration methodology as a preview of the Great Conversation event.
In the security world, we demand ever-increasing efficiency, the ability to effectively leverage the company’s various infrastructure investments to achieve the best ROI, and the ability to demonstrate security’s intertwined role to support the organizational mission. Here, “legacy” often equates to liability.
Our drive to effectively integrate various data, operational processes and then to present the information in a unified common operating picture implicitly excludes legacy systems without inordinate offsetting measures such as middleware, connectors, and special scripts to force a legacy system to perform as the end-user needs it to.
Virtually every security executive is certain to face the need to deal with legacy security technology and architecture that does not fit their technology roadmap. In other words, they will need to make something happen: a migration to a different, more robust and sustainable solution.
Migrations have inherent risks that must be accounted for and mitigated, and a well thought out program is critical. As a security executive, you must have a practical understanding and sound approach to managing your inevitable migration. Any number of strategies may be employed to develop the business case and rationale for undertaking a migration; however, once the concept has been embraced by your organization, you will need to manage the execution.
Here are the essential elements of a migration program:
- Establish and maintain a rigorous process;
- Require a solid communications plan;
- Ensure roles and responsibilities are clear and that individual/team accountability is created;
- Look for “go-no go” gates;
- Require a rollback process and exit strategy where practical;
- Ensure that your program or project team have these fundamentals in place and challenge it. Borrowing the PMO concept from the IT world and using it has proven successful for many migrations; and
- Ensure your teams have the right people in the right seats. Cross-functional and multidiscipline teams will ensure that all aspects of planning and execution is well covered.
A phased approach for enterprise migrations, complete with a solid operating mechanism, is highly recommended. Almost every single migration should start with a baseline assessment and requirements analysis. The baseline assessment usually reveals “new” information and intelligence not previously understood, and sets the stage for an improved systems performance management program. There are a variety of analysis components including technical requirements, non-technical/functional requirements and so forth. If new systems or components are involved then comparative analyses is necessary. The outcome should be a snapshot of the current state, a technical/non-technical system description and a business and project plan extended from the concept and strategy phase.
Next, the requirements are translated to an architectural design and the solution is engineered. Often, a variety of contributors are crucial to designing and engineering the appropriate solution. Depending on the scope, it is typical to find system and information architects, application engineers, integration specialists of all kinds, professional consultants and IT will be involved in the effort. For the security executive, identifying and gaining IT support is often critical to deploying a successful project. A successful approach to ensure a successful migration is to work with the CIO to understand their vision and strategy for the IT infrastructure and, to the best degree possible, aligning the migration within that strategy. Gaining the CIO’s support goes a long way in the company’s IT world.
The project migration plan phase involves the implementation of design engineering — the fundamental baseline that feeds the work instructions for the team. There can be many elements incorporated into the project migration plan. Critically, the plan must include the go/no-go gates, training and integration, rollback and recovery. Always look for testing early in the project migration plan. A migration plan without rigorous test points is certain to have annoying problems crop up, and, potentially expensive ones.
The security executive's role as a risk manager comes to the forefront during the next phase, execution. Both short- and long-duration migrations are almost certain to have unforeseen complications. Putting those problems into a risk context and supporting the implementation team to manage them will ensure those problems are overcome.
Migrations, regardless of the technical elements and relative complexity, are serious endeavors. Make sure your next migration has guaranteed success by managing it using a structured process.
For more information on The Great Conversation in Seattle, please visit www.the-sage-group.com/greatconversation.