Security services firms: When and how to choose the right consultant - Information Security Magazine - Page 1

Security services firms: When and how to choose the right consultant

Organizations are looking for security help, and integrators and consultants are often their first stop.


With an aging firewall starting to cause network performance problems and under pressure to get it fixed fast, David Robinson was in dire straits. He needed some additional expertise, and decided to hire a local security services firm he'd heard about from colleagues in a CIO group.

"We were taking apart the heart of our architecture," says Robinson, CIO at Lockton Companies, a Kansas City, Mo.-based insurance broker. "It had to be done right, it had to be done quickly and it had to be secure."

He kept a close eye on the new consultants, but it didn't take long to know he'd found the right firm for the job. The FishNet Security professionals offered several options for replacing the firewall. They didn't bully or berate, but instead cooperated with his security staff and complemented them. Despite the complexity of the project, the new firewall was installed, tested and operational in three weeks, within budget.

"They also helped us simplify our overall architecture so we could manage it better going forward," Robinson says. "I got the expertise, a great design, and I got it done in the time frame my company was expecting."

Whether it's to tap expertise for a firewall overhaul or to get help with an emerging technology or compliance, many organizations turn to security consultants or security- focused value-added resellers

    Requires Free Membership to View

    Login

    SearchSecurity.com members gain immediate and unlimited access to breaking industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.com today!

    Michael S. Mimoso, Editorial Director

    By submitting your registration information to SearchSecurity.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchSecurity.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

(VARs). In fact, companies looking for security help have a lot of choices, from large consulting firms to small boutiques. In an age of regulatory requirements and growing cyberthreats, the security services market has thrived.

Market research firm IDC estimates the worldwide security services market to be worth $20.3 billion this year, up from $17.2 billion in 2006. In the U.S., the market is expected to jump from about $7.4 billion in 2005 to nearly $17.8 billion by 2010. In addition to regulatory compliance, companies are increasingly looking for help with risk management, creating demand for services such as enterprise risk assessments, incident response preparedness and business continuity planning, according to IDC.

But finding a VAR or consultant to entrust with some of your organization's innermost secrets can be daunting. Hiring the right one requires weighing your needs, performing due diligence and watching for warning signs that a firm may not have your best interest in mind. After all, security is highly sensitive business. Done incorrectly, it "could really make for a bad day," Robinson says.

This was first published in June 2007

Join the conversationComment

Share
Comments

    Results

    Contribute to the conversation

    All fields are required. Comments will appear at the bottom of the article.
    Back to top