The 3 Golden Rules of Buying Security as a Service
Almost every aspect of IT has switched from the old approach of static hardware products to a new world of services via the cloud. There is no doubt that this flip in IT consumption model has been driven by customers having at work what they have already grown familiar with having in their personal lives. Inspired by the simple and intuitive ‘app’ experience common to all mobile devices, business decision makers increasingly refuse to accept that corporate IT consumption need be any more complicated.
This concept now extends to IT security, where firewall hardware infrastructure is steadily being replaced with virtual technology instances to protect data assets. For business customers buying managed security services (or ‘security-as-a-service’), the result is the same, or better, in the way of security capabilities but without the associated management overhead, capex burden or physical onsite footprint. With these security-as-a-service/managed security offerings, you no longer need to buy and operate complex security kit, or employ the hard-to-find skills to run it in-house.
For organisations eager to explore the opportunities around this rapidly growing area, we offer the following three golden rules to help to inform your buying choices.
1) Do your homework on the service provider
It didn’t really matter who you bought your IT security solutions from in the past, so long as they were right-sized to your need and properly installed. That changes in the security-as-a-service model as you are significantly more reliant upon the stability of the provider’s own business. Don’t be squeamish about asking some very searching questions in areas such as:
- Financial solvency (will they still be in business in three-years’ time?)
- Ability to scale (can they accommodate your growth?)
- Track record (how long have they been doing this for?)
- Relevant experience (do they have references in your market sector?)
- Customer satisfaction (is their NPS rating above the market average?)
- Customer referencing ( what could have been improved?)
Part of this ‘homework’ exercise should also take note of how the provider intends to engage with your organisation. Are you just another customer prospect or do you get the impression they are genuinely interested in your business challenges and committed to adding value?
2) Ensure your unique business requirements will be addressed precisely
It’s hard to imagine exactly what your relationship with a managed security provider will be like before you’ve had the chance to see it for real. Who knows, for instance, if they take the time to get under the skin of your business objectives and locate innovative, bespoke solutions to tailor their services to your precise needs?
To reassure yourself, there are several telltale signs that your provider has the necessary capability to support your goals. Look out for the following:
- Appropriate documentation around SLAs with clearly defined roles and responsibilities
- High levels of uptime and performance as standard
- Comprehensive security capabilities, incorporating:
- Web application firewall
- Intrusion detection and prevention
- Email encryption
- URL filtering/proxy
- Commitment to using the latest best-of-breed technology from leading security vendors
- Flexible contract terms
3) Test what-if scenarios
Sooner or later you need to confront what will happen if your systems come under attack from cyber threats. For this reason, it is worth delving deeper into the strength of the underlying infrastructure of your provider to be as confident in your choice as possible. Luminet, for example, offers a 99.99% firewall platform SLA as part of its robust and scalable fully managed firewall service.
Looking at Luminet’s firewall-as-a-service offering, this is centralised and hosted inside private cloud Tier 3 data centres. Such infrastructure is highly resilient, supported by uninterruptible power supplies, diverse connectivity for failover protection and a host of security controls.
Luminet is also a provider with a fully staffed 24/7/365 NOC (network operations centre), further reducing risk and increasing uptime. By constantly monitoring the health of the security systems and services under its control, NOC teams can intervene proactively to emergent issues as well as perform planned upgrade and maintenance tasks.
Another attribute to look out for is a robust reporting and alerting process to keep you informed about security events so that you can address patterns and pinpoint recurring issues to resolve. This not only provides valuable security intelligence to ensure safe ongoing operations, but also demonstrates the effectiveness and ROI of managed security services to other stakeholders in the organisation.