By VMware Director, Information Security Strategy, Craig Savage, VMware Senior Program Manager, Eddie Eriksson, and VMware IT Consultant Sebastian Campos
This is the fourth in a blog series on Beyond Zero Trust
Implementing a Beyond Zero Trust (BZT) program isn’t as simple as flipping a switch. It demands the majority of employees to change their culture and daily habits, sometimes in significant ways that require a complete overhaul of how tasks are accomplished. Even in the fast-paced world of high tech, change is still met with resistance if people believe unwelcome restrictions are being put in place (when the opposite is actually the case, as the intention is to change organically).
Understanding this reality, our teams created an overarching change management strategy similar to what a project manager would traditionally create when starting a project. See Fig. 1.
Fig. 1—Overview of a program change strategy
By nailing down the above first, we were able to avoid a lot of issues later on. We held frank and open discussions with affected stakeholders so they could best understand the extent of the impact on their jobs—and how to best mitigate the change so that it wouldn’t block them from performing critical tasks. Typically, this involved program change management staff identifying impact details via surveys and/or a series of interviews with key stakeholders such as principal engineers (PEs). For example, our PEs were crucial in understanding the impact of requiring managed devices, as well as other critical issues we hadn’t considered.
Analyzing the qualitative data (surveys, interviews, workforce sentiment) and quantitative data (reports, dashboards, ticket numbers) enables our teams to gain a holistic view on the impact changes will bring. We are then able to adjust deployment plans, coordinate support activities, and create relevant material for impacted stakeholders in order to make the transition as seamless as possible. For instance, we hold open discussions with support teams to coordinate capacity, staffing, channels, and deployment waves.
And change management activities aren’t just relegated to the pre-deployment phase. During the deployment we create a feedback loop of continuous improvement that also serves to correct unexpected issues as soon as they occur. After a successful deployment, we ensure all material is updated and support teams continue to align with the continuity plan.
Change in the real world
Inevitably your company will be unique in the way it implements change management, especially since many stakeholders may not understand the concept or its (positive) ramifications. This includes persuading leadership to buy into the time, money, and resources required for successful implementation, an initiative that often isn’t an easy path.
The best recommendation—based on our internal experience—is to translate change management into terms your leadership understands, how they view your existing enterprise ecosystem and culture. In this manner, you can clearly and succinctly outline how change management inherently benefits the enterprise on every level, especially the bottom line. Factors presented should include program goals and realistic costs, how the changes will make audiences more productive and individual projects more seamless, and how change management can ideally balance all the complexities, personalities, and legacy methodologies involved.
Don’t beat yourself up or feel guilty if you can’t accomplish everything the first time out. As the saying goes, Rome wasn’t built in a day. While our teams made tremendous progress with change management, at the end of the day a lot was left out for various reasons, including tight schedules. That’s why we always had in mind the MVP approach—minimal viable ‘product’. How could we achieve the most goals within the given parameters of the time. In addition, we placed a priority on iterating what had already been put in place and proven successful. By maintaining constant and open conversations via Slack, we were able to better evolve our MVPs to everyone’s benefit.
Want to know more? Give us a call
Introducing a new security program from scratch is a considered undertaking. That’s why we encourage you to contact your account team to schedule a briefing with us. No sales pitch, no marketing. Just straightforward peer conversations revolving around your company’s unique requirements.
For more background on Zero Trust, check out our blogs on the topic. For other questions, contact [email protected].
VMware on VMware blogs are written by IT subject matter experts sharing stories about our digital transformation using VMware products and services in a global production environment. To learn more about how VMware IT uses VMware products and technology to solve critical challenges, visit our microsite, read our blogs and IT Performance Annual Report and follow us on SoundCloud, Twitter, and YouTube. All VMware trademarks and registered marks (including logos and icons) referenced in the document remain the property of VMware.