For many IT and security teams, migration is a dread-inducing word. The idea of embarking on a time-consuming and complex migration process can even be enough to keep organizations using solutions that no longer fit their needs. The University of Oklahoma is no stranger to this dilemma.
When James Cassidy, an intermediate security analyst, joined the University of Oklahoma (OU), each of the three campuses had their own IT security environments, creating silos of valuable security and logging data that was difficult to access. Searching data across campuses was time-consuming and complex, and prevented the teams from getting true visibility across all of their environments. Each campus also had its own IT security maturity, dependent on the needs and requirements of the student body it was serving.
As security incidents increased, managing on-prem solutions strained resources, and the campus teams wanted more visibility, the OU staff decided it was time for a change. They started to search for a cloud-based SIEM solution instead.
Making the Switch
OU students and services generate a wide range of data. From student information to classified research to HIPAA-protected data, their regulatory requirements were complex and varied by campus and department. Cassidy and his team had to work closely with GRC to determine their exact needs for the new solution.
“The big concern was that we do have protected data,” said Cassidy. “How do we make sure that the protected data is staying within our protected data systems, and how do we make sure that a new solution is going to work for us?”
It took months for OU to evaluate SIEM vendors and determine which could best meet their needs, operate within data protection regulations, and meet budgetary requirements. After a lengthy RFP process, the OU team selected Devo as its first-ever cloud-based SIEM vendor. And this was only step one of the process.
Key Considerations for Migration
Migrating to a new solution is typically the most difficult part of switching to a new security solution. While the OU team was excited to leverage Devo to better fit their needs, they worried about how the migration process would affect day-to-day operations. Not only is it time-consuming to move all of an organization’s data, but it can also take time to get security analysts up to speed on using new solutions.
“One concern was the rate of onboarding security analysts in order to use a cloud-based SIEM for day-to-day activities,” said Cassidy. “There is definitely the concern of okay, well, we can buy a tool, but how long is it going to take before people are actually going to be able to use it?”
Another advantage OU observed during the migration process with Devo is that they were able to run their legacy system and Devo SIEM concurrently while onboarding. The gradual shift to Devo helped ease the transition and gave the team time to ramp up.
During the transition, the OU team was “kind of doubling up work, but it’s in a way where you’re not doing that in a live pressure situation where there are business impacts for any kind of delay,” said Cassidy.
It only took the OU team around one month to get their core functionality set up on Devo. For about 90% of their log sources, they were able to use Devo’s out-of-the-box parsers. For the remaining 10%, the team worked with Devo professional services to get custom parsers working shortly after.
The entire process took around two months, and Cassidy credits the extra month mostly to getting the OU team onboarded with using the Devo Security Data Platform. The team leveraged Devo’s existing training and education resources, which allowed them to confidently use the platform in one month.
The Devo Difference
One of the reasons OU ultimately procured Devo was not for the technology alone, they were investing in the Devo team as a strategic long-term partner for migration and beyond.
“A lot of the concerns I had were alleviated when it came to moving through the deployment process and continuing to work with professional services and customer success,” said Cassidy. “There is definitely a learning curve when we add new people to our team, but in hindsight, that discomfort is worth it.”
Devo prioritizes maintaining an ongoing partnership with new customers throughout the migration process. Moving your data, ensuring the right parsers are in place to ingest it, and learning how to use the platform can be hard. That’s why the Devo team is there every step of the way to ensure a seamless transition.
“Professional services was fantastic. I felt like I had a lot of access to the back end, which, for a SaaS service, is different because typically it’s just you get what you get,” said Cassidy. “When it came to feature requests, explanations for the health of our environments, or really getting down to the nitty gritty, I liked that they actually wanted to explain things to me instead of just trying to sell me something else.”
In addition to the hands-on support from Devo teams, Cassidy found value in using Devo Connect, Devo’s user community. The availability of support from a wide range of mediums made it easier for OU to maintain ongoing lines of communication between meetings with professional services.
“The main thing for me is that I work in a very dynamic environment. InfoSec is never going to sit still for a second,” said Cassidy. “So it’s really nice to have a tool that is as dynamic as we are.”
Migration Processes Should Work With You, Not Against You
Transitioning to a new security solution is hard, no matter what. But it doesn’t have to be impossible. When considering a new tool, organizations should evaluate more than just the technology itself – They need to understand how a new vendor will support them throughout the migration and beyond.
Ready to learn how your security team can experience similar benefits? Dive into Devo.