The Path to Desired State Configuration: Where to Focus and Why

Managing devices has never been a simple task … and organizations’ adoption of “work from anywhere” policies are now making it that much harder for IT and security teams.  

As we settle into this new normal, organizations are working on better processes to manage computers, secure the modern enterprise, and elevate end-user experience. Once they reach (or at least articulate) their desired state, they want to stay there, but new technologies and upgrades are constantly made available. 

We recently hosted a discussion with several IT and security leaders about this exact topic, asking them how organizations can best plan for and reach their desired state, and what technologies are essential to help them achieve their goals.  

Our CEO Josh Aaron was joined by Patrick Benoit, VP of Global Cybersecurity at GRC, Anthony Johnson, Founder and Managing Partner at Delve Risk, and Diana Kelley, Co-Founder and CTO at SecurityCurve, for this conversation. Here’s what they had to say. 

What is Desired State Configuration? 

“We tend to think of Desired State Configuration as a destination, but it’s not,” Patrick says. “Desired State Configuration is a journey. And even if you ‘arrive,’ you still need to maintain that state. The work is never done.” 

Diana and Anthony agree, and both noted that organizations should review multiple facets of IT and security as they work to define their own Desired State Configuration.  

According to Diana, “A desired state is when the company is informed and aware and defines where they want to move to from an IT and security perspective. They think about their risk appetite, they define their priorities, and they understand the compliance and regulatory provisions they need to meet. At that point, companies can begin to outline their Desired State Configuration, and then can formulate a roadmap to guide their teams in achieving that.” 

Ultimately, Desired State Configuration helps an organization strike a balance between people and technology. “Let people solve the problems that only humans can tackle, and let technology solve your routine and repetitive tasks,” notes Anthony. 

Easy Ways to Improve Your Organization’s Cyber Hygiene 

There is an endless amount of to-dos when it comes to strengthening an organization’s cyber hygiene. So many, in fact, that it’s often difficult to know what will be the most effective for your own teams and environment. All three of our panelists recommend consulting trusted advisors – such as fellow CISOs – when making purchasing decisions as to where to invest in new tech and processes. 

“By and large, the biggest thing that’s going to help us is automation. As soon as we get things automated, we eliminate a lot of possibility for error. We can reduce a lot of the ‘oops’ moments that are causing breaches,” says Patrick.  

Additionally, Diana underscores the importance of understanding native cloud security tools … and using them. “I think what’s really helping customers the most is being able to understand and use those native cloud tools. The good news is that we’re building security into our networks now, instead of having to ‘add’ security or retrofit things after the fact.” 

Beyond using native cloud security tools, Anthony stresses the need to hire people who understand how to use them. “You have to have the expertise and knowledge to know how to use those native tools. Recruiting and keeping the right talent is paramount.” 

The Move to Desired State Configuration: Where to Focus First 

Once you’ve created a plan and have some tools to leverage as you work toward Desired State Configuration, our panelists say that there are several important areas that you should focus on … first and foremost, taking a closer look at how AI and ML can support IT and security programs. 

Diana and Anthony both acknowledge that automating repetitive tasks in your environment is a great place to start as you work toward Desired State Configuration.  

“As a society, we’re generally good at solving human capital problems. Think about the printing press. We didn’t have enough people to copy and write books, and all of a sudden the printing press was invented. Suddenly we could do those things at scale,” says Anthony. 

All the panelists agree that leveraging IT automation whenever possible is essential – like AidenBot, AidenLabs and soon AidenCloud – particularly as so many organizations still struggle to recruit and retain great security talent.  

“The longer we have human capital problems, the more likely we are to try to find technological solutions to solve those problems. Those challenges actually motivate us to ask, ‘Is there a way to automate this?’” says Anthony. 

Learn More 

If you’re thinking about or working toward your own organization’s Desired State Configuration, we can help. 

Send us a note and let’s talk about how Aiden can support your security and IT goals … and take the tedious to-dos off your team’s list.