Security services firms: When and how to choose the right consultant


This article can also be found in the Premium Editorial Download "Information Security magazine: How to tell if you need the help of security integrators and consultants."

Download it now to read this article plus other related content.

Organizations are looking for security help, and integrators and consultants are often their first stop.

With an aging firewall starting to cause network performance problems and under pressure to get it fixed fast, David Robinson was in dire straits. He needed some additional expertise, and decided to hire a local security services firm he'd heard about from colleagues in a CIO group.

"We were taking apart the heart of our architecture," says Robinson, CIO at Lockton Companies, a Kansas City, Mo.-based insurance broker. "It had to be done right, it had to be done quickly and it had to be secure."

He kept a close eye on the new consultants, but it didn't take long to know he'd found the right firm for the job. The FishNet Security professionals offered several options for replacing the firewall. They didn't bully or berate, but instead cooperated with his security staff and complemented them. Despite the complexity of the project, the new firewall was installed, tested and operational in three weeks, within budget.

"They also helped us simplify our overall architecture so we could manage it better going forward," Robinson says. "I got the expertise, a great design, and I got it done in the time frame my company was expecting."

Whether it's to tap expertise for a firewall overhaul or to get help with an emerging technology or compliance, many organizations turn to security consultants or security- focused value-added resellers

    Requires Free Membership to View

(VARs). In fact, companies looking for security help have a lot of choices, from large consulting firms to small boutiques. In an age of regulatory requirements and growing cyberthreats, the security services market has thrived.

Market research firm IDC estimates the worldwide security services market to be worth $20.3 billion this year, up from $17.2 billion in 2006. In the U.S., the market is expected to jump from about $7.4 billion in 2005 to nearly $17.8 billion by 2010. In addition to regulatory compliance, companies are increasingly looking for help with risk management, creating demand for services such as enterprise risk assessments, incident response preparedness and business continuity planning, according to IDC.

But finding a VAR or consultant to entrust with some of your organization's innermost secrets can be daunting. Hiring the right one requires weighing your needs, performing due diligence and watching for warning signs that a firm may not have your best interest in mind. After all, security is highly sensitive business. Done incorrectly, it "could really make for a bad day," Robinson says.

This was first published in June 2007

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: