This article can also be found in the Premium Editorial Download "Information Security magazine: How to tell if you need the help of security integrators and consultants."
Download it now to read this article plus other related content.
Organizations are looking for security help, and integrators and consultants are often their first stop.
With an aging firewall starting to cause network performance problems and under pressure to get it fixed fast, David Robinson was in dire straits. He needed some additional expertise, and decided to hire a local security services firm he'd heard about from colleagues in a CIO group.
"We were taking apart the heart of our architecture," says Robinson, CIO at Lockton Companies, a Kansas City, Mo.-based insurance broker. "It had to be done right, it had to be done quickly and it had to be secure."
He kept a close eye on the new consultants, but it didn't take long to know he'd found the right firm for the job. The FishNet Security professionals offered several options for replacing the firewall. They didn't bully or berate, but instead cooperated with his security staff and complemented them. Despite the complexity of the project, the new firewall was installed, tested and operational in three weeks, within budget.
"They also helped us simplify our overall architecture so we could manage it better going forward," Robinson says. "I got the expertise, a great design, and I got it done in the time frame my company was expecting."
Whether it's to tap expertise for a firewall overhaul or to get help with an emerging technology or compliance, many organizations turn to security consultants or security- focused value-added resellers
Market research firm IDC estimates the worldwide security services market to be worth $20.3 billion this year, up from $17.2 billion in 2006. In the U.S., the market is expected to jump from about $7.4 billion in 2005 to nearly $17.8 billion by 2010. In addition to regulatory compliance, companies are increasingly looking for help with risk management, creating demand for services such as enterprise risk assessments, incident response preparedness and business continuity planning, according to IDC.
But finding a VAR or consultant to entrust with some of your organization's innermost secrets can be daunting. Hiring the right one requires weighing your needs, performing due diligence and watching for warning signs that a firm may not have your best interest in mind. After all, security is highly sensitive business. Done incorrectly, it "could really make for a bad day," Robinson says.
This was first published in June 2007