There are so many organisations out there who have multiple products both hardware and software based which do the same thing and in some instances actually work against each other.
During the COVID pandemic a lot of organisations had to digitally transform over night, a process that in some instances takes over 1 year happening in less than a week. There was a huge shift from on-premise devices and network infrastructure towards cloud and hybrid working.
This shift meant that a lot of organisations have upgraded or replaced their hardware or software to meet the demand that was required during the lockdowns. The biggest impact that I saw was from some of the local charities that I work with; who had always worked in an office with all their IT, software and information locally based on-premise.
Using Microsoft Business Premium, E3 and E5 as an example; most organisations are only using a small % of the product features and this is where additional savings can be made by actually using more of the functionality with the existing product sets.
Also knowing which parts of the software you actually need to meet your strategic and operational outcomes plays a big part as well, for example if you require EDR or MDR and you want to fully deploy Microsoft Defender for Endpoint then you don’t actually need to jump from E3 to E5. You can get the Defender Plan 2 add on which roughly increases the cost by £4 a month per user instead of the jump by £25 a month per user with E5.
Now don’t get me wrong the additional functionality that E5 gives you is massive but really I would advise for you to do a feature comparison and cost benefit analysis before making that rather large jump.
Firewalls, routers and switches have all come a long way over the past 5 years and these devices now have security functionality built in. Things like Network Access Control (NAC) and centralised management for devices are key features that are a must to be able to manage and maintain your ever changing infrastructure.
Having all this functionality is great as long as you know how to use it and also that you know what is happening on both your infrastructure and software. Monitoring and alerting is the key here. Not every organisation needs a fully blown Security Operations Centre (SOC) but what they do need is to be able to correlate all their logs and have alerts generated t identify issues and potential security problems as they occur.
So many time I see organisations that have bought something and put it onto their infrastructure and then nothing has been configured or even maintained, let alone actually monitored. This is normally done to tick the compliance box. I have to say that this is not as common now which is a good thing as boards become more aware around Information and Cyber Security and are asking the CISO, CIO and IT Directors how and more importantly what they are actually doing to protect the organisations data and assets.
The Bottom Line
- Identify what you have already and the features available
- See if you can consolidate if you have multiple vendors and features
- Up skill your internal teams to use the full extent of the features available from both your software and infrastructure based products