I was asked a few weeks back to host a webinar. When I was told I could pick my own topic, it got me to thinking. I speak at security conferences throughout the year and host PSIM Workshops as well. The one question that always comes up is ‘what can I do to make my PSIM deployment successful?’ So to answer this question, I went on a fact finding mission. My methodology was simple: I interviewed organizations and consultants that had implemented PSIM to gather the lessons they learned along the way. The result is list of best practices that were commonsensical, but surprisingly insightful as well. I’ve summarized some of these below.
1.Understand the problems you’re trying to solve: Organizations deploy PSIM to achieve specific results. During the visioning process, make sure you identify and clearly articulate your company’s vision for deploying PSIM. Are you trying to achieve better situational awareness? Faster response times? Consistent handling of incidents? Cost savings from consolidation? Fewer false alarms? Compliance with regulations? Operational savings?
2.Dream big but deploy in baby steps: Every PSIM project needs a visionary, and it’s ok to dream big. But at the end of the day, you need a phased plan to get there.
3.Avoid scope creep: Once you develop a scope for your PSIM project stick with it. Avoid scope creep which can delay the launch of your PSIM solution.
4.Get buy in: If the PSIM is being deployed as a multi-stakeholder solution, make sure you get buy in from other departments. Make sure they buy in to the big picture vision and phased rollout from the very beginning.
5.Designate a champion: Even if multiple stakeholders are involved, designate one project champion to assume overarching responsibility for the project. This will make it easier to set priorities, budget and stay on track.
6.Set measurable goals: Establish tangible goals and measurements of success that can be tracked to prove ROI and justify your PSIM investment.
7.Solicit feedback: The full extent of PSIM’s capabilities can be difficult to grasp through up front visioning alone. It’s an ongoing process. Once the PSIM solution is deployed and operators get a sense of what it can do, they often have their own ‘aha’ moments of how to leverage it even further. Don’t miss an opportunity to solicit and incorporate their valuable feedback.
8.Substantiate: During the pre-sales phase many vendors will claim their PSIM software can do just about anything. Make sure that any and all promises can be substantiated.
9.Know the difference between need and want: PSIM’s open architecture means the opportunities for integration are pretty limitless. But keep in mind, the systems you integrate the PSIM to should be a function of the finite problems you’re trying to solve (needs-driven), rather than a long random wish list. Prioritize your needs and that will help you prioritize which integrations to do first.
10.Anticipate unexpected hurdles: Recognize that there may be technical and political hurdles which you’ll need to overcome. Some companies may not have a fully supported SDK to enable system integration and in some cases competitive vendors may view each other as a threat which can put the brakes on a project. Make sure any potential problems are identified and addressed up front.
11.Engage operators early on: PSIM can have a broad organizational impact, changing the very essence of how security operators do their jobs. Make sure that operators are involved early on so they know what to expect and embrace the change, rather than fighting it. Forced change can be perceived as negative but when people perceive they are participants in change, it can lead to a positive transition. When operators are engaged up front, the rollout of the system becomes a mere formality.
12.Deal with any management transitions proactively: If there’s a changing of the guard in senior management mid-way through the project, be sure to deal with the transition proactively. Brief new senior managers on the PSIM initiative, rather than waiting for them to come to you with questions.
13.After you deploy it, you must maintain it: Your PSIM is the ‘smarts’ (or brain, if you will) of your security operation. For it to work effectively, you need to maintain and ‘feed’ it new information. Over time, you may need to add sensors, manager users, update contact information, modify maps and business rules. Designate a point person who has primary responsibility for maintaining this information so the PSIM system continues to work effectively.
In summary, PSIM deployments have many moving parts and require strong project management, stakeholder collaboration and phased approaches. Successful deployments may start with the big dreams of visionaries, but at the end of the day demand a practical problem solving approach.