Finally, run a gap analysis and tier out systems of your infrastructure, starting with the most critical.
* Map back to your desired business outcome. Once you’ve identified the gaps in your security protection compare it to the initial goals and objectives. There may be a mission-critical processing system that is not getting enough attention with current systems so you’re not able to scan-certify them when rolling in patches.
The next questions you need to ask are:
“Based on current toolsets what can we apply to that environment and what else do we need to purchase?”
“What are our internal systems, like ITIL, Slack, GITHUB, that need to be tied into the whole process?”
* Make It right. Chances are good you’ll find something amiss, lacking or broken in some fashion. The options moving forward include fixing the problem in-house, hiring professional services that can contract out the problem(s) for you, or investing in emerging tech such a security virtualization to fill any holes as a service.
If you find that you don’t have tools, have too many or don’t know enough you may want a solution that helps you automate or integrate it all. Especially if you don’t have the time, money or personnel to find and fix vulnerabilities quickly across your environments. The cleanup can include replacing, retiring, modernizing or consolidating applications.
As cybersecurity fears trump other business concerns and become a board-room discussion the question of how secure we are as a company is not an “if,” but a “when.” Getting in front of these questions with answers early is likely to benefit your organization’s bottom line, your team and possibly your own job.
Sign up for CIO Asia eNewsletters.