SmartAdvice: Consider Hardware, Software, And User Education In Securing Your Networks
If you don't have the right skills to secure your networks in-house, run a security audit, then look for outside expertise, The Advisory Council says. Also, boost software quality with a formal application-development methodology.
Editor's Note: Welcome to SmartAdvice, a weekly column by The Advisory Council (TAC), an advisory service firm. The feature answers three questions of core interest to you, ranging from career advice to enterprise strategies to how to deal with vendors. Submit questions directly to email@example.com
Question A: We don't have the skills to properly secure our network. What factors should we consider in selecting a managed security service provider?
Our advice: Since the consequences of not properly securing your network can be extremely costly to business, it is wise to take network security seriously. Recognizing that you don't have the necessary skills in-house is the first step toward securing the right resources. Ask about network security companies that other businesses had good experiences with. Don't skimp on your pre-qualification research--after all, you'll be entrusting your company's information to them, so you must feel comfortable that the vendor will deliver peace of mind. To minimize your vendor risk, look for a combination of good references, deep experience in securing network systems, and industry-recognized certifications.
Before committing to any system changes, hire a firm that specializes in security audits to make an assessment of your existing conditions. Choose an auditor with deep experience and solid references. Computer security has been a specialty for more than 10 years, so there are plenty of firms available with the expertise you need. For extra assurance, there are a number of reputable security certifications that will ensure that the person at least knows enough about computer security to pass the exams. The Certified Information Systems Security Professional certification is best known for being comprehensive, but there are others.
It's important to think about how much security you actually need. For example, if you're in the health-care industry, HIPAA requirements will mean that you'll need to concentrate on applications security in addition to the standard firewalls and antivirus software. Remember that computer security is a combination of hardware, software, and user education; you'll need to consider all three to create an effective security system. If you need specialized security expertise due to the nature of your industry or business, don't hesitate to confirm that the vendors you're considering have that expertise.
Once you've completed the audit and determined your real security needs, there are a number of approaches you can take to secure your networks. You have the choice of hiring an outside firm to manage all of your systems, or use an outside company to manage just your firewalls, so you can concentrate on strengthening your internal security. If you're already using a vendor for managing your desktop systems and servers, chances are they'll already have the expertise you need. If not, there are products on the market designed to help businesses secure their systems without the need for a deep knowledge of network security.
In conclusion, select computer security companies on the basis of a combination of security expertise, good customer references, and certifications. Perform a systems audit to determine existing conditions and your security requirements before making radical systems changes. From the audit information, you'll be able to implement an appropriate mix of systems to ensure your business against computer-security threats.
2014 Next-Gen WAN SurveyWhile 68% say demand for WAN bandwidth will increase, just 15% are in the process of bringing new services or more capacity online now. For 26%, cost is the problem. Enter vendors from Aryaka to Cisco to Pertino, all looking to use cloud to transform how IT delivers wide-area connectivity.
The UC Infrastructure TrapWorries about subpar networks tanking unified communications programs could be valid: Thirty-one percent of respondents have rolled capabilities out to less than 10% of users vs. 21% delivering UC to 76% or more. Is low uptake a result of strained infrastructures delivering poor performance?
Join us for a roundup of the top stories on InformationWeek.com for the week of December 14, 2014. Be here for the show and for the incredible Friday Afternoon Conversation that runs beside the program.