Establishing a governance council is a key first step for any segmentation effort.
Segmenting an IT enterprise is one of the most challenging initiatives an organization can undertake. Why? Enterprise segmentation requires the alignment of many critical IT capabilities across the organization. These capabilities span key stakeholders with responsibilities for security, network management, infrastructure, applications, data centers and business, to name a few.
Structure is key
Adding to this complexity are interdependencies — known or, in many cases, unknown — that each discrete organization must understand to effectively connect to a larger segmentation plan.
With such immense challenges, how does an organization tackle enterprise segmentation, develop a collective strategy and achieve a successful outcome? The key is having a governance structure that drives enterprise segmentation with organizational intent and purpose.
A path to gridlock
Before describing how governance is the key, let’s examine some of the challenges that lead to gridlock. These challenges are based on WWT’s in-depth experience, gained from a significant range of customers. We’ve spent hundreds of hours helping customers develop segmentation strategies, define architectures, design solutions and assess operational changes.
The gridlock organizations experience during segmentation initiatives consistently arises from differing priorities, a lack of policy and, frequently, an inability to agree on decisions. This is most typical when separate teams within an organization own a piece of the segmentation puzzle (e.g., security owns compliance, network owns operational responsibility and application owners are responsible for business decisions). It quickly becomes apparent that each leading role has its own singular view for segmenting, and that these views are usually contrary in terms of policy requirements, zone framework, solutions selection and, ultimately, risk management.
This lack is of governance and alignment undoubtedly results in gridlock and worse, wasted resources, which every organization wants to avoid.
A segmentation governance council with vetted authority can provide the required leadership to align all stakeholders and avoid gridlock. The role of the council includes making key decisions on policy, risk-based security architecture, funding requirements, executive and managerial reporting, and, importantly, clarifying all aspects to ensure consistent implementation.
This structured approach translates into a cohesive strategy that unites risk management and outcomes across the IT organization. At a minimum, an effective segmentation governance council should:
- Be represented by stakeholders with established decision hierarchy;
- Identify the enterprise segmentation requirements;
- Act as a sponsor and determine strategic guidance; and
- Approve a plan ensuring funding and oversight.
Don’t start an enterprise segmentation initiative unless you have first established a governance council. When you eliminate segmentation gridlock with purpose and intent, you greatly increase your chances for success.
Request our Enterprise Segmentation Workshop to get started.