Get to grips with remediation and understand what it means in a business context

January 25, 2023

One of the buzz words you won’t be able to avoid in 2023 is “remediation”. Customers ask for “remediation to be provided” as part of a solution, or perhaps a vendor claims “full remediation” is built into their platform. Service providers offer to “remediate issues” as part of their service offerings. Sounds great!

But what is remediation, exactly? Well… it depends. For example, it depends on who you are within the Business. Your role may well define your expectations of what remediation entails. A Network Manager may have a different set of expectations to the Infrastructure Manager, or to that of the Service Desk or Desktop Support manager.

Once you’ve defined what remediation means to you, based on your own remit or personal bias you then need to translate that expectation into reality. How is that remediation delivered? Like answering a cause-and-effect statement, you must quantify what Business outcomes you are trying to achieve.

And then once you understand which entity will be responsible for performing remediation, in whatever form that takes, you should look at what the low-level steps are to achieve that. Ask what is happening specifically, who is doing what and how that is measured?

Using the example above, a network manager may expect remediation to include automatic blocking of IP addresses on the corporate firewalls, based on a detected threat. An Infrastructure manager however may expect remediation to include patching of operating systems and vulnerable applications.

Translating those two examples into reality and how they would be delivered, what you’re really talking about is a firewall managed service and a patch management managed service. Both may be included in the same overall solution offered by an MSP, they might not – but they are certainly different things.

An EDR solution may offer remediation actions as part of its set of capabilities. But to what extent? Which teams are involved in the delivery and management of that, and where do you go if you still have questions or need advice to progress your journey towards an increased security posture?

A service provider who claims to provide remediation, but when you pick apart the marketing may turn out to simply provide advice around patch management. Which is fine if that is all you’re after in a solution. Remediation has unfortunately become an umbrella term to potentially mean anything and everything, when chances are it doesn’t mean what the customer may either expect or need.

You should speak to a partner who is able to act as your trusted advisor who can take you through what challenges your Business has, identify where those remediation gaps are and positively identify how they can be addressed most effectively.

To continue the conversation and to find out more about what Logicalis UK have to offer, visit us at uki.logicalis.com.

WEBINAR: How prepared are you for an incident? Are you using endpoint defenses to their fullest potential?

REGISTER NOW to join us on the 21st of February at 10am where we will look at endpoint protection and the transition from IT Operations to Security Operations and how this is needed to ensure ongoing business operations.