I recently spent time with the CISO of a global financial services company who found himself in a quandary. He knew that his company’s existing port and protocol firewall was woefully inadequate to protect the organization in today’s cybersecurity threat environment, but he couldn’t figure out a reasonable plan for moving to a next-generation platform.
The issue wasn’t funding or resources; his firm understood the importance of cybersecurity and was willing to invest both time and money in protecting its assets. Rather, he was facing significant pressure from his peers on operational teams to complete the migration without any downtime. After all, time is quite literally money in the financial services sector. Other teams were willing to cooperate with the migration but were not willing to endure any downtime.
As we talked through the issue, I explained that there simply wasn’t any way to carry out a firewall migration without any downtime, but that we could work together to develop a plan that would minimize the length of an outage and control the risk of implementing any new features. I’d worked with other customers under similar circumstances and used that knowledge to help my client build out a four-phase migration plan.