Securing all fronts

Summary:Securing what is sacred to a business takes more than just a new program -- it can be a full-time job, which at times is better left to the experts.ContentsBenefitsHanding over controlWeighing it upSLA securityCase studiesNintendo plays the security gameQueensland company saves with securityThe start of the 21st century has redefined the word "security".

Handing over control
Weighing it up
SLA security
Case studies
Nintendo plays the security game
Queensland company saves with security

Weighing it up
Security software company Sophos resells its products to large ISPs who in turn sell the software as part of a managed service. Sophos managing director Rob Forsythe says he views the general company cut-off for the hire of specialised security staff to be businesses with less than 1000 employees.

"A larger enterprise would buy our product direct, and manage their own network which would allow them greater internal flexibility, but a smaller one, to have the same level of security, would have to look for outsourced flexibility," Forsythe says. "Then you also have the difference in cost in relation to having the capital expenditure per month, instead of the outright cost and total cost of ownership."

"The cost must be considered last otherwise it can end up costing you a lot more."

-- Rob McAdam, Pure Hacking's Wise says a company must carefully manage the level of risk they are at -- security wise -- before putting out the cost for managed security, however.

"Security is something most organisations can afford to have, but they don't always realise that you get the best bang for your buck so you really want to know what it is you are needing," he says. "Like in most industries there are plenty of shonky salesmen out there, you have to be really careful you are getting a reputable operator for your money. You need to really ask what it is you want from your service: if they have around-the-clock appropriate staffing, if they have more than one operating centre, if they have good customer references and what sort of audits or reports they will offer."

Security is a big concern, but trusting your security, in the first instance, must be an even bigger one to get it right. Plenty of companies have been through the trial-and-error process of doing security in-house, and that of selecting a credible security provider.

"Selecting the right person is even more important than getting your infrastructure right," Bulletproof's Modesto says.

"You have to get a good feel for a company, from the top down to the bottom. Do your homework and never underestimate the selection process. A good provider should be able to provide ethical resources in the pre-sales process and should allow you to talk to their tech people as well as the initial supplier to get a good idea of how the two groups interact."

Topics: Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.