As your IT environment grows and evolves, providing for its security becomes more complex. With increased complexity comes greater vulnerability: More things can go wrong or be overlooked, and hackers have a larger “attack surface” on which to find weak spots.
At MicroStack, many of our clients come to us because securing their IT landscape has come to require more expertise and a broader skill set than are available to them in-house. For these client engagements, we evaluate the current state of their IT security apparatus and formulate a corrective action plan.
In this article, we discuss how we build a corrective action plan and how we help our clients execute their customized plans.
We first conduct a high-level risk assessment of a client’s software development landscape, including on-premise and cloud-based compute services (servers, container clusters), network infrastructure and identity, and access management. We examine the current state of DevOps and SecDevOps practices (if at all), and measure the client’s major cybersecurity risk factors.
From the high-level risk assessment, we move to a detailed gap analysis for each risk area, in order to answer questions such as:
From the gap analysis we formulate a comprehensive action plan that consists of the following broad areas:
We understand that in some cases even critical issues cannot be addressed right away. For example, a mission-critical legacy system that depends on outdated hardware or software often can’t be replaced or upgraded in the short term. For these cases, we recommend short-term workarounds to minimize the vulnerabilities while the organization works on a permanent solution.
The specific recommendations in each area of the action plan are prioritized according to risk level. Any dependencies between action items are also considered when writing the plan so that it can be executed in a logical order.
MicroStack takes an active role in helping clients execute their cybersecurity corrective action plans. We have the knowledge, expertise, skills, and resources to take every step of the plan through to completion. For many clients, the corrective action plan is not a standalone, one-and-done document, but a component of a long-term service plan for maintaining client cybersecurity.
At MicroStack, we are passionate about protecting our clients’ IT assets. If your organization’s cybersecurity isn’t as tight as it should be, contact MicroStack today to learn how we can help.