If you’re reading this, chances are your company has plans to move to a flexible work arrangement. While employees may welcome this change, your security team has a lot of work to do to prepare. Technology can play a make or break role in their success.
Your technology ecosystem can add a layer of protection against security threats. But if it’s not well-managed, it can be a vulnerability. With the average cost of a data breach being $3.86 million, unmanaged technology isn’t worth the risk. Is your technology ready for flexible work? To know for sure, you need to conduct an assessment of your company’s tech stack.
How to evaluate your current stack
Assessing your technology ecosystem is the first step to securing it. To accomplish that, you need to understand where your organization is in its integration maturity. This will help your team define the steps it should take to prepare your technology for hybrid work.
Early stage: Your organization hasn’t created a process to regulate its technology and still does some critical work manually
Your company could be in the “early” stage if it has limited processes for regulating its technology. For example, your workplace team uses several tools across locations and doesn’t have a standardized process for using them. They even use a pen and paper sign-in sheet to check in visitors. After evaluating these tools, your team concludes they don’t meet your security needs.
In the early phase, your team should define its workplace security requirements. To do this, create a test plan that helps you score different tools that are critical to your business. These requirements will come in handy when you score your company’s current tools against other options in the market. The goal is to find the right technology for your company that meets your security standards. Also, consider what your organization is doing manually, such as pen and paper sign-in. The ideal tool may offer a solution that automates and secures these manual processes.
An example decision matrix your team could use to score solutions might look like the chart below. Some criteria to consider include:
- Service-level agreement
- Contract length
- Ease of termination
Don’t forget to work with the administrators of these tools to agree upon possible replacements to compare.
Growth stage: Your organization has made significant technology investments but its ecosystem lacks oversight
Your organization may be in the “growth” stage if overseeing your technology stack feels cumbersome and hard to manage. For example, after some investigation, you learn that your company is paying for multiple tools that provide the same service. Or maybe you’re paying for tools that aren’t used. Auditing your technology stack will help uncover inefficiencies that cost you time and money.
To start, categorize your vendors. Include the systems and tools that would ideally make up each category. For example, you might have a “Communication” category that includes Slack, Zoom, Google Chat, and other tools. Once you have a comprehensive list, conduct internal interviews with administrators. Ask questions to understand how (or if) they use each tool. Here’s a list of things to be sure to find out:
- How often they use a tool
- Whether it integrates with others in your stack
- What kind of impact losing it would have on their work
- If there are alternative solutions
The answers to these questions will help your team get rid of unused or surplus vendors. They’ll also ensure your company’s technology meets your security requirements. Planning for the long-run will help prevent having to switch vendors as your technology stack evolves.
Mature stage: Your organization’s technology ecosystem is well-managed and regularly optimized
Your technology ecosystem may be in the “mature” stage if you’ve already performed and taken action against a full audit. As a result, you have a good understanding of the tools your business needs to operate. For example, to welcome hundreds of guests across different locations, it uses a robust visitor management system. You also have security and integration criteria to evaluate future tools. Your team feels your technology stack is well-managed and can focus on upkeep rather than major improvements.
In this stage, you should focus on making sure your technology meets future security requirements. For example, your company may adopt a long-term hybrid work model across all of its offices. If so, it could require new technology down the line. Work with stakeholders who will use these tools to identify options. Be sure to focus on ones that will integrate with your current ecosystem and across multiple locations. You can use the matrix template above to evaluate different technologies.
It’s good practice to evaluate your tech stack regularly. Think of it as a living system that needs upkeep. Your assessment may reveal that you need to add, change, or remove tools. With technology being even more critical in a flexible work environment, people may push back on changes to the tools they rely on. There are several ways to get your company on board.
We’ll show you how to do that, as well as how to build, refine, and optimize your tech stack. Find all this and more in our latest ebook, the security leader’s guide to the connected workscape.