Handing over control
Weighing it up
Nintendo plays the security game
Queensland company saves with security
Security software company Sophos resells its products to large ISPs who in turn sell the software as part of a managed service. Sophos managing director Rob Forsythe says he views the general company cut-off for the hire of specialised security staff to be businesses with less than 1000 employees.
"A larger enterprise would buy our product direct, and manage their own network which would allow them greater internal flexibility, but a smaller one, to have the same level of security, would have to look for outsourced flexibility," Forsythe says. "Then you also have the difference in cost in relation to having the capital expenditure per month, instead of the outright cost and total cost of ownership."
|"The cost must be considered last otherwise it can end up costing you a lot more."
-- Rob McAdam, Pure Hacking
"Security is something most organisations can afford to have, but they don't always realise that you get the best bang for your buck so you really want to know what it is you are needing," he says. "Like in most industries there are plenty of shonky salesmen out there, you have to be really careful you are getting a reputable operator for your money. You need to really ask what it is you want from your service: if they have around-the-clock appropriate staffing, if they have more than one operating centre, if they have good customer references and what sort of audits or reports they will offer."
Security is a big concern, but trusting your security, in the first instance, must be an even bigger one to get it right. Plenty of companies have been through the trial-and-error process of doing security in-house, and that of selecting a credible security provider.
"Selecting the right person is even more important than getting your infrastructure right," Bulletproof's Modesto says.
"You have to get a good feel for a company, from the top down to the bottom. Do your homework and never underestimate the selection process. A good provider should be able to provide ethical resources in the pre-sales process and should allow you to talk to their tech people as well as the initial supplier to get a good idea of how the two groups interact."