Article

Learn how to leverage your current challenges to drive support for a purpose-built case management solution

As a corporate security leader responsible for investigations, your primary objective is to keep your people and assets safe. Despite the critical nature of your work, you may be forced to manage investigations with tools that aren’t designed to facilitate the complexities of your processes. That might be a home-grown tool built by your IT team or a system of generic pieced-together tools already used across the organization — sometimes just email and spreadsheets. 

If this sounds familiar, you know that this setup is only making it harder for you to carry out the duties of your role. You probably also recognize the need for a more sophisticated system. However, since it can be challenging to change the status quo and secure software budgets (especially within large enterprise organizations), you have to make do with what you have. 

At Ontic, we work with many corporate security teams in similar situations. Many have overcome the challenges of changing perspectives and gaining support for modernization. Here’s what we’ve learned about the problems with home-grown systems and how to leverage those problems to secure the buy-in you need.

What Does Home-Grown Case Management Mean?

Home-grown or pieced-together case management could mean many different things, like: 

• A custom system built by your IT team
• A pieced-together system of familiar or existing tools like Slack, Dropbox, or Microsoft Excel
• A repurpose of generic project management tools like Jira or Asana that are already used by other functions or departments

While leadership teams typically view these approaches as smart ways to repurpose existing tools and save money, you likely see a different picture. Generic collaboration tools serve as nothing more than static “containers,” where information from disparate communication channels and research sources is copied and pasted — lacking automation, transparency, and integration with one another.

Generic collaboration tools serve as nothing more than static “containers,” where information from disparate communication channels and research sources is copied and pasted — lacking automation, transparency, and integration with one another.

Even with your best effort, you waste time on manual, redundant work and are forced to make critical security decisions with an incomplete picture of threats. Despite these relatively common challenges, most corporate leadership teams hesitate to invest more in programs they see as cost centers. How do you convincingly relay these issues to decision-makers and change their perspectives?

Leverage Your Challenges

Getting buy-in to modernize is difficult because most corporate executives can’t conceptualize the fundamental risks associated with continuing to underinvest. In reality, any highly collaborative team forced to operate with inadequate tools will have workaround penalties that result in miscommunication, disconnected data, and delays. Corporate security is no different. 

When making the case to modernize, leverage the following challenges you’re likely facing to support your argument and overarching story.

An incomplete threat picture 
When conducting an investigation, you aim to create the most complete picture of the scenario. Disconnected data collection and documentation lead to incomplete investigations where pieces of critical evidence live in different tools. Without a system that integrates with research tools and tracks historical records and incidents, making informed decisions and taking the right actions is challenging.

Hindered cross-functional collaboration
It’s important that all corporate stakeholders — from HR and legal to IT and physical security — can view incidents or investigations relevant to them from the same lens. Disconnected systems prevent this degree of transparency, hindering cross-functional collaboration and preventing cohesive decision-making.

Let’s look at hostile employees as an example. If your HR team places an employee on a performance plan, you need to be alerted so you can monitor that employee for strange behavior like threatening remarks on social media or unusual network access. Without a centralized system for HR to share this incident (or one that allows you to set up alerts when performance plans are issued), you might not even know this is happening and, in turn, miss any unusual behavior.

Workaround delays
Timely evidence collection is critical for minimizing the risk or impact of an incident. Pieced-together systems require you to add workarounds to your process, slowing you down and leaving your people and assets vulnerable. 

For example, let’s say you learn that a back door at a facility was left open overnight. Given your workload, if that incident had been logged via email, it might take you a few hours (or days) to get to it. You might then add the details to a shared spreadsheet to alert your team and move to Asana to assign tasks to the appropriate people to investigate further. From there, your team uses disparate tools to conduct research, collaborate with HR or other relevant departments, and complete the investigation. 

At this point, your team has spent extensive time jumping from tool to tool or manually transferring information — extending the time it takes to get to the core of the issue, stop it from happening again, and prevent further losses.

Reporting challenges
Ideally, you regularly produce reports to keep stakeholders and executives informed about case statuses and demonstrate the value of your work. However, when using disparate tools for case management, you must manually gather information from various sources. This process adds significant administrative tasks to your already full workload, reducing the time available for more pressing investigative work. Additionally, disparate tools rarely provide accurate and complete data, limiting the value of your reports.

Upkeep difficulties
Any software solution — especially one built internally — requires extensive upkeep to continue working as intended. If you’re using a system like this, maintenance is time-consuming work that requires dedicated headcount. If the person who built and manages the system has competing priorities or leaves the company, or if the software becomes obsolete, your processes break down. 

No matter how much effort you put into making a pieced-together system work, these issues are inevitable and can result in large blind spots. And with large blind spots come large vulnerabilities.

Demonstrate Potential Results

The alternative to a home-grown system is a solution built intentionally for case management. This system should integrate investigative research, establish a common operating framework, and automatically track and send alerts for new data related to current or old cases. With this type of solution, everyone can access a centralized and always-on dataset for any investigation, enabling informed and rapid decision-making.

Even when armed with solid arguments, shifting the mindsets of key decision-makers to see the value of a sophisticated solution is still a real challenge. It requires demonstrating how addressing the above problems can drive results that aren’t always visible to non-security professionals. 

Below are some ways you can turn the challenges mentioned above into cost savings when you’re asking for buy-in and budget:

Given the importance of corporate investigative work, you need a modern solution to help you carry out the duties of your role. But making the case for this can be difficult as leadership teams naturally resist change. Understanding how your current day-to-day challenges can translate into cost savings can be the key to winning your case for modernization.

It may feel like an uphill battle to influence this mindset shift. Still, with every conversation, you’ll get one step closer to securing the investments you need to improve your security initiatives and make a real impact on your organization.

The post The Path to Modernizing Your Home-Grown Case Management System  appeared first on Ontic.

*** This is a Security Bloggers Network syndicated blog from Articles - Ontic authored by Ontic. Read the original post at: https://ontic.co/resources/article/the-path-to-modernizing-your-home-grown-case-management-system/