An Architect’s Guide to Deploying Microsegmentation: Building the Deployment Team
Micro-segmentation deployments can be a challenging undertaking for architects and project managers. But proper preparation and planning helps ensure optimal results. In part 1 of this series, we explored the implications for altering your security model and discussed how the modifications unlock the benefits of micro-segmentation.
In part 2, we’ll review the cross-functional team required to reach maximum success with your micro-segmentation project. “It takes a village,” as some say, but when different functions within the organization are part of the process from day one, the benefits are unbound.
Building the deployment team
The best approach to deploying micro-segmentation involves assembling a cross-functional team. There are several core positions that will need to be sourced and filled. Each organization has its own convention for naming, titles, and roles, so these descriptions will be functional, rather than organizational in nature. In smaller shops, one person may perform several of these roles. In larger organizations, whole teams may represent each function.
The benefit of buy-in and participation from the following key players is critical to success. Some of these individuals will have relatively little time invested, others, like the tech lead, will be highly engaged. When representatives of these functions are engaged early, you will avoid surprises and get an early indication of where any latent complexity may lie. Getting them enough knowledge and then inviting them to help scope the plan ensures that there are no surprises across the organization and surfaces the detail needed for a solid plan.
Executive sponsor: Has overall responsibility for the success of the project. Ensures proper status reporting and project management are in place. Removes roadblocks and facilitates cross-functional work. Maintains exec connection to the vendor’s exec sponsor.
Project architect/fixer: Typically the trusted “right-hand” of the exec sponsor — the person who is technical enough to interact with a tech lead at any level, yet senior enough to reach across silos and get stuff done. Typically one of the “MVPs” on the team, and the one the team looks to when it “must be done and done right”. His or her help will be invaluable at several critical points to remove roadblocks, but not required continuously.
Technical lead: Has first admin login to the micro-segmentation solution, develops initial policy, has overall technical project responsibility.
PM: Develops deployment plan with vendor and tech lead to desired milestone dates. Maintains status tracking and project coordination.
Security policy approver: Has responsibility to confirm the initial and subsequent security policies. The tech lead will implement what this person approves or specifies.
Agent installer: Has responsibility to deploy agents to the target infrastructure. Typically has root access to the servers in question.
Automation lead: Has responsibility to automate agent installation, management console installation or both. May also be responsible for metadata interface or maintenance.
Network lead: Has responsibility for existing network security controls. Often manages internal firewalls and VLANs. The “Tech Lead” often comes from this team.
Active Directory/Windows lead: Has responsibility for AD, can create and modify user groups, able to coordinate Windows deployments through GPO or SCOM. Your vendor should provide a matching set of resources to complement the internal team.
Account manager: Maintains overall responsibility for customer satisfaction and project completion.
Systems engineer: Maintains overall responsibility for customer satisfaction and technical coordination for the vendor team.
VP of customer success: Responsible for project completion internal to the vendor. Coordinates necessary teams and resources, Maintains reporting cadence with Exec Sponsor from the customer side.
VP of service & support: Responsible for contracted professional service engineers, maintenance, and support contracts. Maintains reporting cadence with Exec Sponsor from the customer side.
Solutions architects/office of the CTO: Assist with design, architecture and integration planning.
Professional service engineers: Deliver on-site assistance in all aspects of the deployment and implementation.
Project managers: Responsible to maintain status, coordinate vendor resources to match customer plan, jointly owns the project plan with the customer PM.
During the first set of project meetings, both teams will gather and sort out which of these functional roles will need to be filled and how the communication process will flow.
This may seem like a daunting list, but keep in mind that one person may hold many of these roles. What’s important to remember is that micro-segmentation is about more than a change in your process. It’s about an ethos change that will require cross-functional support. Once you bring others into the process, they too will see the value that micro-segmentation can bring to your organization.
Looking for more? Read my full guide on Medium today: https://medium.com/@nathanael.iversen/executive-guide-to-deploying-micro-segmentation-60391e7d1e30