A Better Deployment Maturity Model

By Pravin Kothari  |  Posted 2010-09-13 Print this article Print

A better deployment maturity model

Now that the GRC industry is more mature and there's a bit of 20/20 hindsight, it's time to adjust the deployment maturity model to avoid these known pitfalls. The following model, derived from user feedback, is ideal. It's simpler and lowers project risk. For easy reference, the traditional model just explained will be referred to as the "horizontal maturity model" and the new model about to be explained will be referred to as the "vertical maturity model."

The vertical maturity model starts with a narrowly defined use case and deploys an end-to-end automated solution for that use case in Phase 1. In other words, all three phases of the horizontal maturity model are tackled all at once but in a smaller scope. Three common approaches in picking a narrow use case are:

Approach No. 1: A single compliance requirement such as the Payment Card Industry Data Security Standard (PCI DSS) or Health Insurance Portability and Accountability Act (HIPAA)

Approach No. 2: A single process such as incident management or vulnerability management

Approach No. 3: A single stack of technologies that make up a critical system

For the selected use case, a fully-automated, closed-loop automation solution with accompanying processes should be designed. The use case should include a combination of process automation and control automation. Once Phase 1 is successful, then the same approach to additional use cases can be replicated. The use cases ought to be narrowly defined, and each use case must achieve "end state" automation within a single phase.

Pravin Kothari is founder and Chief Technology Officer at Agiliance. Pravin is responsible for product vision, product strategy and engineering at Agiliance. Pravin has over 20 years of success at bringing new products to market in information security, compliance, enterprise software, software as a service, and large-scale software infrastructure. Prior to founding Agiliance, Pravin was the founding vice president of engineering at ArcSight, where he led the product development for five years from inception to market dominance. Prior to ArcSight, Pravin was the founding chief architect at Impresse Corporation. Previously, Pravin held technical leadership positions at Verity, Attachmate, and Tata Consultancy Services. Pravin holds a Master's degree in Computer Science from the Indian Institute of Technology (IIT), Bombay. He is a Certified Information Systems Auditor (CISA), a Certified Information Systems Security Professional (CISSP) and Charter Member of TiE, a global organization dedicated to the advancement of entrepreneurship. He can be reached at pkothari@agiliance.com.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel