Look beyond the features when it comes to security
Leo Cole, general manager of security solutions, Trustwave
In today's internet-connected world, where emerging technologies and communication platforms like mobile and social media are being used for professional purposes, in-house IT staffs are facing mounting pressures to ensure security.
Often times, that means turning to technology to provide protection. And when deciding on a product to choose, buyers typically base their decision on a solution's feature set.
While this purchasing strategy may have worked in the past, in today's environment, where businesses face a more complex threat landscape than ever before, the “hot” new features of a product may not be enough to bring the desired results.
Businesses instead must consider the overall value of a security service – one that consists of proven solutions and skilled personnel. Technology, combined with managerial expertise, can most effectively protect valuable information from getting into the wrong hands.
We have spoken to many businesses that have purchased a security technology for its “bells and whistles,” only later to realize they did not have the resources or skills to ring those bells and blow those whistles. As a result, the product sat on the shelf, collecting dust while the organization remained less protected and looked for another alternative to improve its security.
Other businesses have told us that after purchasing feature-flooded security technologies, their in-house IT staff spent so much time learning how to install and maintain the products that they did not have time to work on anything else.
For example, a retail business approached us about a year ago saying it wanted to upgrade its security information and event management (SIEM) technology so that it could obtain faster, more accurate visibility of the activity taking place within its network. The business had been using a more antiquated version of SIEM and had its entire IT staff babysitting the product for hours every day – an arduous undertaking that it no longer wanted to do.
Instead of implementing a SIEM product with bells and whistles the in-house IT staff would have to manage, the business took a different approach by hiring a third-party security team for overall management of its SIEM technology including policy adjustments, fine-tuning and device management. By augmenting its security staff, the business's in-house staff could focus on other, business-enabling priorities.
As criminals become more sophisticated, so should their potential victims. Designing a security plan that focuses on the value of a service – and not just the features of a product – is the most effective way to protect all the potential attack vectors a business has to offer.