Now that you have a solid blueprint for how your cybersecurity program will look, you need to begin engaging proper project management procedures to prepare for the smooth implementation of the program. Requirements gathering is the next big step, but before that, you need to stop and analyze the capacity requirements for new technologies and controls. In previous sections, you learned about specific pieces of technology that can enhance your digital security environment, like cloud platforms, IAM providers, and virtualization techniques. You may have even decided to embrace some of them and plan for their implementation. However, you need to remember that cybersecurity is all about securing your workflows. All the new shiny security technologies in the world aren't going to be completely effective if they interfere with daily business operations. Thus, analyzing your capacity requirements is a must if you want the components of your cybersecurity program to be effective.
A good place to start is to gather your major stakeholders and discuss the key drivers of your business.
- How much growth are you expecting over the next several years?
- How many more employees are you expecting to add?
- Are you planning to open additional facilities?
- Are you planning to move locations?
- What are your peak periods of business activity?
Figuring out your key business drivers, trends, and plans will help you identify where increased capacity for technology is going to be needed.
Next, you should consult your ever-handy Business Impact Analysis (BIA). This document lists the most critical components of your organization's digital infrastructure. Study the digital assets prioritized in the document and analyze their performance. For the most thorough assessment, study performance trends from the last 30 to 90 days.
- How has your eCommerce website performed under heavy traffic during peak business periods?
- How do your temperature controlling IoT devices handle seasonal changes?
- How much storage are employees using on their workstation hard drives?
- Is one domain controller providing sufficient performance during work hours?
Answering these questions will clearly reveal what components of your digital infrastructure need to be scaled up or down. Using this information, you can start designing baselines for your assets. A major rule of thumb for system requirements is to cap capacity at 60% to 70% sustained utilization. For example, you never want the utilized space on your backup systems to ever hit 80%. You want the backup server storage utilization to cap off at a maximum of 60 % to 70% throughout the system's entire lifetime.
You also need to factor in spikes. Major spikes in resource utilization are bound to happen in every business. If digital resources are not powerful enough to handle spikes, then they can quickly break down and create bottlenecks. Purchase digital resources as if they are going to be used at spike levels constantly. For example, purchase Internet speeds from your ISP that can sufficiently handle your organization's maximum activity during the holiday season. Tackling this sort of issue is where the scalability and elasticity features of cloud platforms shine. If your business environment has unpredictable and rapidly changing peak usage levels, then you should consider migrating those resources to the cloud for optimal availability.
Once you have made a capacity assessment for your digital components, make sure to use it in the next step where requirements gathering is performed. Plan to revisit and reassess capacity requirements twice a year, with each new assessment forecasting 12 to 24 months ahead.