Cyber Talk: Cybersecurity implementation manageable but operationalization difficult?
Cybersecurity capability set up are not merely Information Technology (IT) rollouts. Hence, benefits realization doesn’t happen with just the Technology set-up. The equally important and in many cases even more critical is the operationalization of technology delivery to ensure that the project objectives are fully achieved.
Many times, Technology product vendor demos may seem that roll out of security tools is very straightforward. But benefits realization gets stuck in the post-implementation operationalization unless this is well thought through from day one of the project kick-offs. Nothing wrong with getting demos, but they provide a simplified view of the Technology product capability. The demos are often good to understand basic functionality as well as to compare different product features. But, these demos will not provide an overall impact on the upstream as well as downstream processes. When seeing the product in silos it might look fantastic, but when we try fitting the product in the overall ecology, we will come to know the overall impact. While this could be true for any technology rollouts, this is even more prominent in the security space.
Cybersecurity implementations need to be seen from the lens of change management discipline. Benefits delivery will require systematic change planning ahead of even kicking off the project. Very critical to understand the change impact even before making a heavy investment so that we don’t struggle to deliver benefits after we would have implemented an expensive technology. Start from understanding AS-IS set up through what is needed from people, process and technology point of view to ensure that the implementations are successful. Remember, not just the implementation but the operationalization that would be key to the benefits delivery as project teams will disappear post the project delivery.