This article can also be found in the Premium Editorial Download "Information Security magazine: Special manager's guide: Monitoring identities."
Download it now to read this article plus other related content.
"Build a better mousetrap, and the world will beat a path to your door." Or not. Startup information security companies continue to bring real innovation to market, hoping to attract customers willing to try something new.
"Sometimes you have to be on the edge a little, look for things that enhance and extend security," says Carl Snyder, COO of Washington-based SafeHarbor Technology, which designs and deploys online support environments for businesses. SafeHarbor took a shot on GraniteEdge ESP, which uses causality relationships from traffic data to build a real-time picture of what's going on across your network.
We all like to see cool new stuff, but investing limited budget and stretched resources on technologies with little or no track record is another matter—how do you know you're making a smart purchase? Overall value is a big motivator.
"We have a number of integrated tools from one vendor, rather than a point solution," says Elemental Security customer Mark Lund, director of IT for GlobeImmune, a Colorado-based pharmaceutical company. "[With the Elemental Security Platform], we can analyze traffic; create policies across networks, groups, or a single server; and then audit."
Early adopters of such start-up technologies lay out these guidelines:
- Price. Can it meet your needs at the same or less cost than the competition?
- Business requirements. What are your business drivers and how well
- does the product map to them?
- Company viability. What is the company's financial backing, who are the early adopters, and what is the reputation of their management? "Meeting some of the people that made up the team—cofounder and CTO Dan Farmer is well-known—was reassuring," says Lund.
- Risk exposure. What's at stake if the product eventually disappoints, or if the company goes under?
- Impact on infrastructure. Is this going to require major changes in your network to deploy?
- Testing. Can you thoroughly test the product in a non-production or safe pilot environment? "We did extensive testing within the company and did thorough testing with external organizations," says John Heaven, CEO of Canada's Musicrypt, which adopted BioPassword's dynamic keystroke technology for multifactor authentication to protect digital music delivery to radio stations around the world.
- Versatility. Can the product do more than one job? Curt Purdy is security information officer at Sandy Spring Bank, operating in Maryland and Virginia. Purdy initially deployed KoolSpan's remote access security tool, SecurEdge, for his WLAN and is planning to use it as a VPN to replace the frame relay network connecting the bank's branch offices. "Every day, I find a new use," Purdy says.
This was first published in August 2006