Conversion risk. Identifying and managing it
It’s the risk that nobody is talking about, but everyone should be worried about. We call it conversion risk. Defined, it’s the risks you encounter when switching to a new technology platform.
Switching technology providers isn’t the same as changing banks or shopping for a new cell phone carrier. Your data is at risk during a conversion, and data security is the 800-pound gorilla in the room. If you mismanage your data, you could face a serious fine, an outraged audience or both.
Our goal is to educate you—first by making you aware of conversion risk and then by empowering you to manage that risk when the time comes to transition to another technology platform.
Identifying conversion risk
Before you can manage a risk, you must first identify it. Conversion risk can appear at multiple stages in the process. Internal processes can break down, you can hit snafus with configuration and integration, and productivity is lost during the transition period.
Access management, privacy concerns, IT vulnerabilities, even corporate espionage are also risks associated with conversion risk. When moving to a new technology platform, your data is more vulnerable, and bad actors are more likely to see this window as an opportunity. When a transition occurs, you just have to manage the risks.
Managing conversion risk
There are two ways to go about managing conversion risk. Option one is to treat the new technology platform like a third-party. By following best practices for managing third-party risk, including planning, due diligence, contract negotiation, business integration, ongoing monitoring/analysis and business continuity, you’ll be able to manage conversion risk more effectively. On that note, 7-step Guide to Third-Party Risk Management. You can apply the third-party risk management guidance in the guide to your efforts at managing conversion risk.
The second option for managing conversion risk is to select a technology platform that offers a smoother upgrade path. For example, with Keylight, our risk management platform, you can start with Keylight Team Edition and seamlessly upgrade to Keylight Standard or Keylight Enterprise without losing time or work. With a simple license key change, you’re upgraded, and your data your data never leaves the system so conversion risk is lower or non-existent.
Cloud vs. On-premise
Let’s assume you’re informed about conversion risk and have pursued a course of action to manage it. One aspect you shouldn’t overlook is the location of your new technology platform. Whether it’s located in the cloud or on your company premises, there are still risks to your data.
If your new technology platform is cloud-based, make sure the provider’s information security management system is tested and monitored, and ask if it’s ISO 27001 certified. If your new technology platform is on-premise, account for both physical and logical security. How many people will have access to your data? What is your recovery plan if your network goes down? Is your data center ISO certified and compliant with SSAE16, SOC1, SOC2 and HIPAA?
Switching to a new technology platform can be an exciting time for your organization. Your users may be anticipating new features and capabilities. That’s great, but as someone aware of conversion risk, it’s your job to sound the alarm that data could be at risk and that the company might also be vulnerable during the transition. Conversion risk is like any risk to your organization. You must first identify it, and then set up processes for managing it.
Learn about CIS’s first five controls and examine what each control addresses.
Learn about how privacy programs and the importance of being prepared for a breach.
Learn about the constant vigilance of continuous security monitoring.