Recently I attended the RSA Conference in San Francisco. Conferences like this are always a great place to learn about new products and trends, not to mention great for networking and picking up potential customers. This massive conference held row after row of cybersecurity and technology corporations vying for my attention and business.

From venerable industry brands to unique startups, everyone was there showing off their problem-solving products. However, they all seemed to be lacking one critical component: a knowledge of end-user processes and the education it takes to see the big picture. Hear me out on this one, because it would seem that the many problems companies have with their technical solutions don’t necessarily call for more technology.

Often it calls for more process and education that no one had the foresight to develop or establish over the time the company has been around. It can also mean that the process and education are so poor that new technology solutions are also needed due to lack of education on the IT side as well, but we’ll get to that shortly.

Cutting Through the Sizzle and Getting to the Steak

While technology solution companies are not the focus of this article, they nevertheless play an important role in this issue. There are so many innovative technology solutions that can catch the eye of an IT Administrator that would fill a gap in their overall corporate structure that the forest is missed for the trees.

There have been multiple times where I’ve walked into a company running disparate firewalls at their locations with no true uniformity. Or a company has three to four databases running when one could be used to fill these needs, which then requires a fifth database to automatically link and move data between them.

Each of these databases may be advanced solutions that fill a certain need. However, many times the full capabilities of the database are never explored and added in haste, which can sometimes take a full year to get operational anyway.

IT staff are one of the worst offenders with this issue. They’re apt to purchase the latest solutions, install and configure them to once again fill a particular gap and then end up having no real uniformity in monitoring, reporting, enforcement and threat management.

When your IT staff has to flip through a dozen screens to get an overview of the infrastructure, serious or critical items can be missed. Consider that, on average, a company will not actually detect an intrusion for 146 days. 146!

We must begin the process of curbing impulse buying of shiny objects because we can simply justify the need. I can convince myself I “need” a Ferrari because I do drive quite a bit and haul things around, but if I’m honest with myself, a Ford truck will get the job done more effectively.

Yes, there are specific needs that would require Ferrari ownership, but most of us just want an awesome car we can drive fast, so we convince ourselves that this is the best option! In this industry, we walk a fine line between performance, need and cost. Therefore, being strategic in our solutions while maintaining proper process and control should be a requirement.

What We’ve Got Here is a Failure to Communicate

At the core of our issue here are the inherent problems that arise from the continuous acquisition of gap-filling technology combined with a lack of centralization, process and education.

What we end up seeing more often than not is Frankenstein’s monster, and it’s a serious problem. Add several layers of complexity to a non-IT worker’s day, and you’ll experience a staff who is willing to grab their torches and pitchforks and slay the monster themselves.

Consider for a moment a prospective customer I was interviewing. They are actively using around half a dozen databases, and they require data entry of the same information in multiple places.

I haven’t even dived into their process flow yet, but a few have already come to light just in the general discussions. The sales staff appears to lack data discipline and there is no enforcement. Discerning open orders from prospective orders takes a trained eye and mistakes are being made.

Add to this a lack of upper IT management, very common in this kind of situation, and that means no one is advocating for streamlining, education or advancement. When the need for a new solution arises, the process appears to be gap-filling instead of trying to take a bigger picture outlook.

I’ve met with about a dozen companies in the last six months with this exact issue. Left unchecked, these companies almost always suffer breaches, data failures, process and control issues and perpetually become less competitive and less profitable over time.

However, a sinking ship’s crew can always be bailed out, even if it means having to get a whole new ship.

Technology Doesn’t Stop at the Virtual Water’s Edge

At this point, if you’ve learned one thing from this article, it’s that the human factor is just as important as the technological factor when it comes to creating a solution or complete vision for direction and growth. In this vein, here are some major steps that will help any organization understand the technology issues they face and also how to begin to fix them.

1. Perform a Technology Gap Analysis. Understanding where the pitfalls are in the infrastructure is the first step, even before the human factor. The goal should be to build a solid infrastructure platform that everything else can build on.

Without this step, the rest will surely fail in some way, shape or form.

  • Is the equipment newer with excellent warranties?
  • Is the equipment up to date and running proper speeds to ensure performance?
  • Is the infrastructure properly defended by having the correct hardware and software in place?
  • Do remote users have secured access that performs the way it should? Backups?
  • Are the internet connections fast enough to accommodate everything that needs to be done?

…and on and on. Once these issues are identified, and a plan for upgrading or replacing is in place, we can begin to move on to the deeper issues.

2. Perform a Workflow Gap Analysis. Like the technological gap analysis, we are looking for gaps in the average user’s day and how we can gather information to analyze to help create a proper solution.

  • How does a user login and how much time/effort does it take?
  • What policies do the users fall under and why?
  • How many data systems does the user work with daily?
  • How do they enter data into the system(s) and how fast is this process
  • What are the kinds of input methodology employed?
  • What are the education levels of the users on the databases and programs they use daily?

It’s important not to shortchange any of these steps, but this particular step is beyond critical to ensuring the future performance and health of the solutions soon to be implemented.

3. Analyze Analyze Analyze. This is the step that starts to bring it all together. Consider that a complete technology vision is a symphony orchestra. All musicians have to be in place, know how to use their instruments, have practiced on the music they’re going to be playing and must pay sharp attention to the cues of the conductor.

All of that starts here, in this step. This is taking the knowledge gathered in the first two steps and bringing it into focus so that a new solution can be found. This step includes plotting out the infrastructure, creating workflow trees to see how users are being inefficient and then marrying all of their data needs with a new solution. The solution must be implemented on a scalable infrastructure that will allow it to thrive and grow, not to mention actually being implemented properly.

This stage is usually overwhelming for management because, if done correctly, it will begin to enumerate inefficiencies in their workers’ daily lives, much of which is out of their control. This process, more than anything, gets the CEO and CFO completely on board with spending the time and money to fix this issue.

This is the phase where a requirements list should be built and agreed upon. This list will drive the solution and process creation.

4. Create the Process Standards. This step, like #2, can be make-or-break for the entire vision or solution. All the processes needed for the solution should be created. From IT staff’s management and reporting to the user’s processes for data entry and data lifecycle, care should be enumerated and listed out step by step.

This step absolutely requires input from all levels of employees. I’ve found that those organizations that include the rank and file in this step tend to have employees that are more invested in the success of the project and of the company since they feel ownership over their aspects. These processes are the “human infrastructure” portion of the solution, and without being thorough and in-depth here, we might as well cancel the whole project.

5. Vetting the Solution. Once the gaps have been discovered, analyzed and the whole team has bought into the vision, it’s time to begin looking at solutions that fit said vision. Now, here’s the kicker…one solution may not actually be the answer!

Often we cannot find a single software package, for example, that fills all the gaps in one perfect implementation. Sometimes it can take a combination of software packages to accomplish this task. This is exactly where we have to be careful as it is unbelievably easy to fall into the trap of data duplication efforts, a disparity of process and other issues that got this company into the initial mess they were in.

This is where malleable software comes into play. It is possible to find multiple software solutions that both fill the gaps enumerated in the earlier stages AND will also work together in concert to create a streamlined single interface (pane of glass for you IT types) that will optimize workflow and minimize duplication of anything. This is big picture thinking.

Never forget the conductor of the symphony is the most critical role here. These solutions should be verified so that it can be confirmed as correct for the vision and then several demos and testing phases should be considered before purchase with buy-ins from multiple levels of staff.

There should be no such thing as unilateral decision making in a situation like this (sorry, CEOs) as everyone’s voice should be heard before the trigger is pulled.

6. Planning the Implementation and Training. A major pitfall of technology projects is that non-technical upper management can put unreasonable deadlines on the project, thus requiring the rushing of critical areas to meet deadlines. Resist this urge.

If you’re a CEO, you’re already trusting your CIO to drive your technology vision, so trust this person to understand the proper time frame for the project. I know you want it yesterday because you have a total vision to move things forward in all directions for your company but take a step back from this. You will never go fast in a car if you don’t have brakes. In this sense, let the CIO be the brakes because when they’re thorough and the project is done right, there is no speed you won’t be able to go.

Finally, never ever short-change the education and training of the staff; otherwise, the problems of old will creep in. Vigilance over training and proper data use has to be adhered to. Basically, if the salesperson (take your pick of employee type here but salespeople are notorious for this) isn’t cleaning up after him or herself in the data then they’re not doing their job. It has to be that black and white.

I could go on and on here, however, the above six steps are some of the major and most critical points to understanding that a technological solution is also a human solution and we cannot lose sight of the fact that technology is supposed to complement and supplement the human processes and not the other way around. With this in mind, the people come first always. Building an infrastructure to help them removes obstacles for their success in your organization and allows them to achieve faster and more effectively than imagined. Best of luck!

Understand User Behavior and File Access

We’re developing new tools to help users safely manage their files and let IT understand user behaviors and trace the entire file lifecycle. Interested? Become among the first to find out about these new tools!

Sign Up

Related Posts

Related Topics & Tags: Guest Post Industry Thoughts

About Nick Espinosa

Nick serves at BSSi2 as the CIO & Chief Security Fanatic and is an expert in security and network infrastructure. Nick has consulted with clients ranging from a few computers to the Fortune 100 level regarding encryption systems, infrastructure and multinational environments. When he isn’t working magic with computers or playing with his daughter, Nick relaxes by playing chess, riding motorcycles and increasing his knowledge of history. You can follow Nick on Twitter at @NickAEsp

Leave a Reply

Your email address will not be published. Required fields are marked *