GUEST ESSAY: 3 sure steps to replace legacy network security systems — in a measured way

Keeping up with the pace of technology, information, and the evolving threat landscape is a challenge for all enterprises.

Related: DHS launches 60-day cybersecurity sprints

To make matters more difficult, implementing new security software and processes to address these issues is another big hurdle, often causing disruption—and not the good kind. But with mounting pressure to replace legacy, perimeter-centric defenses with cloud- and hybrid-cloud protection, many organizations are stuck between a rock and a hard place.

It goes without saying that phasing out a legacy system and putting something modern in its place is a substantial undertaking. IT teams are stretched thin as they install the new system while supporting the old one.

Simultaneously, end-users with years of expertise on the old system must suddenly learn a new one. Between potential downtime and retraining an entire organization on new workflows, processes, and user interface, productivity is at risk, and with it, the bottom line.

Take identity management—arguably one of the most important defenses against cyber threats—for example. Companies make significant investments in identity governance and administration (IGA) or identity access management (IAM), only to realize that these siloed, on-premises systems can’t meet the needs of a modern, flexible, cloud-centric, and digital enterprise.

But with sunk cost making outright replacement of the IGA or IAM solution a sore subject, most enterprises opt to stick with the system they have, imperfect as they are.


Still, according to Gartner’s recent Security and IAM Adoption Trend Survey 76% of enterprises report that they want to get more out of their identity management programs. So, how can businesses strike the balance between proper security measures and a modernized IT infrastructure with the headaches of migrating systems? Fortunately, there are several best-practices to help ease the process.

Step 1

Leverage third-party resources wisely. The last few years have looked like an arms race to the cloud, and as a result, a lot of projects fail. Migrating all your data with different levels of sensitivity and access privilege should be done intentionally, and many bite off more than they can chew. Another common practice is defaulting to the latest and greatest solution thinking it’s a fix-all remedy.

This causes mistakes, unnecessary costs, and it’s completely avoidable. Leverage third-party resources that have identity expertise, such as an outside consultant or an analyst firm to help you define your security or identity management requirements. Make sure stakeholders—leadership, investors, department heads, etc.—are involved in executing these projects, as they span the business.

Step 2

Consider solutions that work with you, not against you. Best-of-breed solutions have long been frontrunners in the IT decision-making process, but this approach could be overcomplicating and even hurting your business. While there’s nothing intrinsically wrong with these solutions from a technical standpoint, many enterprises overlook how they will integrate with existing systems.

Smart leaders are beginning to look at technology through a ‘best-of-suite’ lens, focusing on solutions that will complement the tools and processes their company has come to know. This also lessens the burden on IT staff, as migrations are typically more transitional, meaning they happen gradually over time, and less labor-intensive than a ‘rip and replace’ method.

Step 3

Never stop evaluating and auditing. With security, and especially identity management, even with proper solutions and practices in place, the work is never really done. Once new technology is implemented and employees are trained, new threats arise, and business leaders have to evaluate how they’ll defend against them.

One way to achieve this is to use a cloud access security broker, an independent software that sits between cloud service users and cloud applications, and monitors all activity, or an ethical hacker to help identify weak areas and enforce security policies. For highly-regulated industries, such as healthcare or finance, managing evolving threats becomes especially important.

‘Rip and replace’ doesn’t have to be the only option for upgrading enterprise security systems, and identity management is no exception. By taking a more measured approach to replacing legacy defense systems, organizations can reap the benefits of modernized systems while avoiding the disruption synonymous with major IT overhauls. By doing this, businesses can ensure they’re keeping security top of mind, while arming employees with the tools they need to get work  done.

About the essayist. Jackson Shaw is chief strategy officer at Clear Skye, an Identity Governance and Administration (IGA) software company focused on enterprise identity access and risk management.

*** This is a Security Bloggers Network syndicated blog from The Last Watchdog authored by bacohido. Read the original post at: