It is extremely important to determine where and how to store backups of the users' computers and which data will be copied. For example, it may be useful to enforce the rule of backing up only work-related information, asking employees to remove all personal data, audio and video files in advance (if your information security policy allows for this in the first place). This will help you keep the size of the backup copies at a reasonable level. And, of course, these backups have to be secured from falling into the wrong hands. Don't neglect a test of a rapid recovery procedure that will save you time and money if anything goes wrong.
Second stage: Pilot migration
A pilot migration will allow you to run the entire scenario from beginning to end, identifying and eliminating any technical or organisational weak points that might have eluded your attention in the planning phase. As a result of the migration process, each user must receive a fully functional computer containing all necessary software (including an information security suite), data and settings — so they are able to start work the very second after they get the system. If this is not achieved, the severity of impact on the business will depend on the amount of additional effort IT specialists have to put into fine tuning the systems.
That is why it is especially important to cover as many different configurations as possible for the pilot migration process: different capacities of the operating system, office and language packs. Bear in mind that even the slightest differences in hardware may complicate the migration process.
Third step: Migration
After the scenario has been rehearsed, all complications considered and all vulnerabilities eliminated, you can finally move to the main step - migration to the new OS. When the time to migrate comes, IT specialists are prepared and armed with a detailed action plan. This is the only way you can be confident of avoiding unpleasant consequences for the company.
In conclusion, here are some tips that will help avoid information security incidents during the migration process:
- Pay attention to where data backups will be stored and how the data storage is protected against unauthorised access. The same applies to the data transmission channel.
- If you have no experience of migration, outsourcing specialists will help prepare a suitable plan and avoid unnecessary difficulties.
- Technical support should be prepared. Employees should be trained. A scenario of prioritising users' requests should be developed.
- All employees should be informed that during the specified period certain maintenance works will be carried out. Never forget to have a special emergency scenario.
- When shaping a migration schedule, be aware that other vendors whose software you are using will need time to update their products to support the new OS. Wait for the updates and only then launch the migration process. This will help to avoid unnecessary administrative and technical difficulties and make sure that you don't get surprises with new vulnerabilities in corporate networks.
- The most optimal migration scenario, in our opinion, is to do it department by department starting with the IT department and ending with the business-critical units (finance, sales, procurement, etc.). By taking this approach, IT specialists will accumulate knowledge and experience to help avoid business-critical errors during migration of the business-critical units.
Sign up for CIO Asia eNewsletters.