Published on March 12th, 2015 | by admin
When is it Safe to be Bleeding Edge?
The term Bleeding Edge has grown into its own over the last 20+ years. In the IT field, where beating out the competition with the most innovative products is the norm, there are a host of products available with limited beta testing and little market feedback. While success with a new product can be great, backing the wrong horse can lead to several challenges from unfavorable ROI to weakened security.
In today’s tech-savvy world, however, everyone is looking for the next big thing. Early adopters clamor for the latest and greatest innovations, accepting the associated risks as kinks to be worked out. Whether it’s an iPhone or a Tesla, the technology that comes to market first is usually the big winner, which then spurs the next generation of competitor products fighting for an edge of their own.
This wonderfully necessary cycle keeps our world advancing to higher heights. But how do you, as an IT leader, chase that brass ring and still protect your company?
Strong and experienced IT management is the first step. Most IT departments are filled with technical staff that can’t wait to get the newest technology, coming up with the most imaginative justification on why they need it. It takes a judicious leader to determine which products make sense for an organization and which ones incur too much risk – and even the most seasoned don’t always get it right.
While there are many approaches that can be taken to reduce risk, the best by far is to do your homework. You shouldn’t be looking only at the product you’re considering, but at the history of the company and other products they’ve brought to market as well. If it’s a new company, find out who the primary developers are and what their history looks like. Many times, a new company will hire for the specific skills needed to develop their vision. This, of course, doesn’t have to be a bad thing. A company willing to invest in experts could have a well-developed and long-term plan for success.
Beyond the risk that the product won’t perform as advertised, there is as great a concern with the quality of the code and the potential that it can be compromised by hackers. This second concern has a greater possibility for damage because it usually isn’t apparent that there’s a problem until it’s too late.
Obviously, the best way to protect your company is to shy away from version one of anything. But, as aforementioned, this isn’t always possible. For example, what do you do when the board of directors tell you they want you to deploy this great new software that will move the company well beyond the competition? While dusting off your resume may seem like the move to make, there actually are approaches to take that will limit the risk on the most bleeding edge of products.
The most important first step is to ensure that your network is secure. Even if a product has weaknesses that can be exploited, if the bad guys can’t get in, they can’t exploit them. It also would be prudent to run new software in a sandbox, isolating it from your production environment. This way you protect the rest of the network while you confirm that the product performs as advertised. During the sandbox testing, your team can also be performing security and penetration testing, looking for vulnerabilities and weaknesses that can be taken advantage of so they can plug the holes.
Even with web-facing products, there are solutions for mitigating risk. With the proper enterprise security solutions in place, flexible rules can be configured to alert you to suspicious events and take predefined actions.
This communications insight should also offer the ability to perform surgical extraction of communications and data flow for forensic analysis when needed. And, the time to have this capability in place is now. No longer can you focus solely on prevention and just clean up in the aftermath. Even if you’re not running the latest and greatest, the safety of your data demands that you protect your company and your customers as best you can today.
Bleeding Edge doesn’t have to be as risky at the name implies. Maintaining an overall good security policy lets you be out there on that razor’s edge while still protecting your company’s interests.