SMBs must step carefully before committing to security-as-a-service: GFI

Small businesses hoping to bolster their IT security by enlisting the help of security-as-a-service providers need to be sure they choose carefully, one network-security software vendor has warned.

With high-profile security incidents continuing to proliferate and demand growing as a result, many SMBs were rushing to revisit their own security strategies as a preventive measure. Yet this, GFI Software communications director David Kelleher warned, wasn't the time to be rash.

“With so much demand and relatively little supply, the market is primed for a rise in specialty firms and independent consultants offering security as a service,” he said.

“These may be tempting, especially when the latest hacks are front page news, but small to medium sized organisations should think before they act.”

For example, he said, potential security-as-a-service providers needed to be weighed based on their actual capabilities rather than simply judging them based on their advertised capabilities.

This included avoiding the temptation to judge service providers based on the number of industry certifications they have; instead, SMBs need to look for consultants that have extensive experience working as skilled security specialists.

“Just because someone can pass a test doesn't mean they are a security expert,” Kelleher advised. “A lot of consultants may choose to hang their shingle out to meet rising demand, and may relatively new working for themselves, but they should have years of industry experience working for companies as security experts.”

“Ask questions, look at resumes, and be sure that the professionals providing your services truly are professional.”

This also included speaking with past and current customers before choosing a provider. “There are no silver bullets, quick fixes or easy outs here,” Kelleher advised.

“Security is a way of life and must be pervasive throughout all your information systems, from logons through drive encryption to application hardening and secure remote access. Make sure the consultant or firm you choose has practical experience with all of your systems.”

The high degree of individuality in customers' network environments meant that no two organisations have the same security requirements – which means that no two service-provider relationships are going to be the same either.

This variability meant SMBs should resist the urge to jump at fixed-fee arrangements, Kelleher said, since the actual security requirements of any organisation only become evident once a security specialist is already drilling down into it.

“Security is best when it is layered, and security assessments have to peel back the layers to truly understand what is going on,” he said. “Until you get three layers down, you won't know what to expect at the fourth layer – so expect it to cost what it costs.”

This article is brought to you by Enex TestLab, content directors for CSO Australia.

Feeling social? Follow us on Twitter and LinkedIn Now!

Join the CSO newsletter!

Error: Please check your email address.

Tags ecurity-as-a-serviceGFIsmbDavid KelleherKellehersecurity specialistsCSO Australia

More about CSOEnex TestLabGFIGFI SoftwareTwitter

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place