Over the last few months, we’ve taken a deep dive into network security. With the volume of high profile ransomware cases lately, it’s a pretty timely topic. If you haven’t been with us so far, I started our discussion with What Security Protection Factor (SPF) Does Your Business Need, focused on how to assess your risk. The higher your risk, the higher SPF you need. Then, in Security Protection Factor (SPF) – Layering Adds Coverage, I talked about the importance of layered protection.
We’ve covered the first two layers of network security protection: people and infrastructure. Now, let’s look at the last two layers: security applications and managed security.
Network Security Layer #3: Security Applications
This is the layer where many engineers and IT team members tend to start. When asked to assess network security solutions, they immediately go out and start researching applications. While there’s nothing wrong with that, you need to be sure to cover the people and infrastructure layers, too, or your efforts could be for naught. Security apps are necessary, but they are not foolproof.
If you’re going it alone, the key to choosing an off-the-shelf security application is to make sure you know what you’re getting. While many applications offer a broad range of malware protection, others are designed to ward off very specific threats. Many experts recommend using more than one. (Not redundant applications, but the best application for a specific defense.) We often do this as well, using different applications for different requirements.
In addition to offering Managed Security Services, TierPoint also collaborates with several leading vendors of enterprise-grade security solutions. Partnering for some capabilities, instead of developing our own proprietary applications, allows us to bundle the best solutions on the market with the network security services our customers need.
Network Security Layer #4: Managed Security
Managed Security allows you to focus on what you do best – running your business – while a provider handles a part or even all of your security needs. The advantage, of course, is that you don’t incur the high cost of maintaining a security staff (security professionals can easily command 6-figure salaries in most major cities) and you still get the coverage you need. At TierPoint, we also offer additional services, such as vulnerability testing, that can help you spot potential weaknesses in your defense.
When is Off-the-Shelf No Longer Good Enough?
Perhaps the most common question we get from customers, especially those who are on a steady growth trajectory, is this:
How do I know when it’s time to move from a pre-packaged security solution to a customized, fully-managed security solution?
That’s a very important question in today’s high-threat environment. If you’re managing an office of two or three professionals, you might be able to get by with an off-the-shelf application, especially if your team is good about making sure your OS is up to date and thinking before they open attachments.
But as soon as your company starts to grow and you’re managing an infrastructure with dozens of PCs, the “set-it-and-forget-it” approach to network security just isn’t enough. The more humans you add to the mix, the greater the chance is that something can go wrong.
Here are some additional Q & A’s to consider if you’re wondering whether it’s time to move up to Managed Security:
Does my IT team have the time to focus on network security? IT organizations in growing companies tend to be heavily utilized, with individual team members wearing several hats. This may be one of the reasons hacking incidents have risen for small and midsized businesses. Hackers know that these are the businesses that are most likely to reprioritize growth initiatives over network security.
It’s a full-time job keeping up with the latest cyber-threats. Your security experts need to understand the threat landscape, be on top of the latest risks, and help develop proactive plans to mitigate any risks to the business. A packaged solution just can’t do that for you.
Does my IT team have the skill set I need? Security engineers are a hot commodity; many businesses have a hard time attracting and retaining the right skill set.
You can use an off-the-shelf application, but as you grow, at some point you’ll need to augment the app with hands-on expertise. It’s not unusual for a business to come to us because they’re tired of trying to hire and retain in-house security staff.
Should I be uncertain about my security approach? Perhaps the biggest reason clients come to us is because they don’t know what they don’t know. Their network security approach seemed sufficient when the company was smaller, but now that they’re growing, they’re just not sure anymore. The rise in phishing schemes and ransomware have certainly elevated their level of uncertainty.
We’ve just skimmed the surface of this topic, but even across three posts, we’re not going to be able to touch on everything. What we can do is help you select the right level of security protection for your organization and then create a plan to make it happen. Reach out to us to talk with one of our advisors.
Heather Sweigert, Compliance Analyst at TierPoint, is responsible for maintaining regulatory standards throughout the company. As a key contributor to the TierPoint Security team, Heather assists in setting standard security protocols and communicating updates and audit findings.