Security

You Talking to Me? How Proper Comms Management Accelerates Beyond Zero Trust Initiatives 

By VMware Director, Information Security Strategy, Craig Savage, and VMware Senior Program Manager, Eddie Eriksson 

This is the fifth in a blog series on Beyond Zero Trust 

Once the change management team has completed their process (see previous blog), the communications (comms) team came into play as the project was approaching its execution phase. Project and change managers worked with a comms professional to put together a viable comms. package.   

This included the following: 

  • Approval cycle for the comms content, ensuring that appropriate managers approve the content and timing of the message 
  • Summary of project-related activities 
  • Project resources needed for the communications to go out 
  • Key messages 
  • Target audience 
  • Total impacted audience 

Fig. 1 offers an example of a comms process ‘swimlane’ that outlines the above steps. 

Swimlane comms management infographic

Fig. 1 

Proper comms were critical to the success of the program. The mediums we used were Slack, email, Confluence, Source (VMware intranet), Workspace ONE® Intelligent Hub Messaging, and company-wide meetings with executives that emphasized the importance of the program. 

Pump up the volume? 

Tons of toy figures

One of the challenges with comms was how to deal with sheer volume of them. With more than 35 active projects, we had to be careful not to overwhelm stakeholders with too much information in too short a time. This can backfire as employees will simply ignore the initiatives altogether until forced to deal with them.  

Therefore, we made the decision to be selective about who the audience is, always offer concise, to-the-point messages with associated links (FAQs, detailed instructions, etc.), and be constantly aware of how many messages were being sent in a given time period. In addition, it was necessary to sync with corporate and IT comms to ensure we were not overlapping with similar audiences—and thus causing exacerbated comms fatigue. This meant monitoring an enterprise calendar and incorporating comms publication constraints into project schedules.  

We had a corp comms tool that allowed us to track read and click through rates for sent e-mails. This was extremely useful for how the message was being received and for any follow on comms that might have been needed.  

Seeking the right approval 

Dog with head on table

Creating an approval and protocol comms template was equally important since getting appropriate feedback on the message content was mission critical. Some leaders preferred to be in the approval chain to ensure any given message is accurate, well written, includes all key components, and is appropriate for the audience. Others wanted to be included in approvals, but were less proactive due to other commitments. Ultimately, we proposed a variable approval queue based on audience type and size to ensure drafts were vetted in the most efficient way possible. This approach proved invaluable as many last-minute/late-in-the-game comms were unfortunately inevitable in the process (as with any enterprise initiative).  Figuring out who needs to approve comms when you’re in a rush is not a good place to be.   

Want to know more? Give us a call 

Introducing a new security program from scratch is a considered undertaking. That’s why we encourage you to contact your account team to schedule a briefing with us. No sales pitch, no marketing. Just straightforward peer conversations revolving around your company’s unique requirements. 

For more background on Zero Trust, check out these blogs on the topic.

VMware on VMware blogs are written by IT subject matter experts sharing stories about our digital transformation using VMware products and services in a global production environment. To learn more about how VMware IT uses VMware products and technology to solve critical challenges, visit our microsite, read our blogs and IT Performance Annual Report and follow us on Twitter, YouTube and SoundCloud. All VMware trademarks and registered marks (including logos and icons) referenced in the document remain the property of VMware.