Security teams are struggling to keep up. With cyber threats and security mandates growing at a rapid pace, how do you keep your team’s morale and motivation strong? And, how do you ensure your strategy to protect your company’s assets are sound and your efforts continue in the right (read “effective”) direction?
Partnering with a third-party security expert can often provide the skills, knowledge, and support needed to keep your defensive measures strong. Particularly at a time when there are too few cybersecurity professionals available—a talent short expected to increase to 1.5 million professionals by 2019—the right security partner can make certain your defense strategy stays on track, rather than derail due to a lack of resources.
Here are three questions to consider when evaluating potential security partners:
- Are they proven security practitioners?
When it comes to security, the best partner is often one who has “been in the trenches.” When you engage with a company who is an actual practitioner of security—someone who has traveled your path and understands what you’re up against—you get a different, and arguably better perspective and guidance over someone who’s simply read a book on security.
Having defended our own systems for more than 15 years, Leidos’ analysts have seen first-hand the many challenges companies face. Experienced in security operations, data analysis, testing, and insider threat detection, as well as various security technologies, our consultants now apply their unique perspective and expertise to help clients around the world defend against intruders.
- Do they offer end-to-end solutions?
Our clients hear us say time and time again, security is a journey, not a destination; and every company’s journey is different. Regardless of where you on that path, whether you’re just starting out or you’re a mature security organization, you need different solutions, services, and product offerings. You’re not going to benefit from working with a one-size-fits-all behemoth firm, nor from engaging with multiple security vendors to get the pieces you need.
Too often, companies rely on security software vendors for broader support. While these firms offer security consulting services, their knowledge and capabilities are often limited to their technology stack. Instead, you should look for a security vendor who can meet you wherever you are on your journey.
Whether you need guidance, tools, or managed services, a diversified vendor will have what you need to meet your goal(s). For example, you may decide to bring all security operations in-house. If your security partner doesn’t offer the right technologies or training to help you meet that goal, you’re forced to find another vendor. Or, perhaps you’ve decided your organization would be better served by having a 3rd party manage system monitoring and alert management. Again, if your partner doesn’t offer managed services, you’re forced to look elsewhere. You can piece together what you need from multiple vendors, but this approach adds more cost and complexity for your organization and doesn’t necessarily make your security team stronger.
This challenge is a common theme of conversations we have with clients when we begin a consulting engagement. A truly unified enterprise defense strategy is best executed by leveraging a partner that can manage the balance of people, process and technology at every phase of your project.
- Do they offer tailored security options?
There are many factors that drive security choice decisions, including budget, risk tolerance, compliance requirements, resource constraints, and technology stack. You need a partner who understands these various drivers and can support you with different delivery models.
Maybe you are required to adhere to specific standards when performing business objectives, such as ISO or NERC CIP. You need a security vendor who can provide security assessments and roadmaps with these standards in mind, or even evaluate implementation against these standards. In addition, your buying profile and contracting process may require extensive vendor vetting, where having a single vendor who work collaboratively with procurement and legal, and then retain vendor credentials may be a challenge. You may find it hard to find that long-term security partner that is easy to contract with, while being technically astute, delivering on-time and on-budget. That’s why Leidos chooses to view every contract as a long-term partnership.
Engaging with a single vendor that only has a single delivery model or single technology, limits you to what they can provide. On the other hand, working with multiple vendors adds unnecessary complexity and higher costs for your organization. Instead, you should seek out a single firm that offers a range of services and solutions designed to meet every possible challenge your organization may have. This approach offers more cost control, lower complexity, and lower overhead.
When selecting the right security partner for your organization, remember that cyber is a forever challenge so team up with a forever partner. Wherever you are on your journey, it’s never too late to engage with the right partner. Contact a Leidos’ security expert today to learn how our services and solutions can help you on your security journey.