Security Costs - Part I

This is the first in a series of blogs that are looking specifically at different Security Costs that companies incur or have in creating their ideal Security Architecture.

Starting today, we will talk about the first step - the Security Technologies and Engineering Resources that will lay the foundation of any company's Security strategy. This includes:

  • Security Licensing / Security Appliances - Paying for your support / licenses. This may be your Endpoint Technology, your Firewalls / Network Security Appliances.  This might be the cost of your Desktop Security Technology.
  • Engineers / Security Resources - Who are you calling when a system might be infected?  Who is handling the day to day maintenance of your security licenses / technology?  Most Security Technologies are not set and forget, and paying for high level security technologies without engineers who know how to handle them can be counter-productive.  This means hiring an effective engineer, and paying for their training an education so they can effectively manage your environment.
  • Upkeep / Staying Ahead of Threats - This would include the costs of keeping your security technologies up to date. This might include the cost to deploy new services your security vendor is offering - or the cost to train a new engineer or handle turnover by your senior engineer leaving.  It is important to consider adding a line item to the budget to handle this, and if the money isn't spent - trying to use it on furthering education or adding some value to improve the quality of your engineering resources.

I will cover some other components of costs in another blog, but here's some thoughts / questions to consider before the next reading.

When looking at new technologies, what is the cost to configure the technology to the level it was demonstrated / demoed for you at?

Security vendors will pitch their best deployment, and cost out their cheapest deployment.  When you end up implementing the technology - you don't want to find out you didn't pay for the features you actually need... and will have to write a check for a significant increase or work with an inferior version of what you thought you were getting.

Do you have a plan to test your implementation?  Do you have a company to partner with for a one time audit of your security deployment to verify it IS working?

London Security has found many clients we work with will deploy the technology, implement it, then become surprised when a malware attack or ransomware gets past their security technology.  The best technology in the world can't protect you if you aren't using it right, and the best way to find that out is to test it. London Security offers a Ransomware Risk Assessment where we can work with your security team to test how Ransomware would penetrate your environment and whether or not your security would prevent the attack.

Did you purchase the correct tools to assist with management?

This is becoming more and more of an issue that requires additional tools in order to cover the desktop implementation and deployment of various security technologies - specifically endpoint.  They rely more on your existing Desktop Management solutions, so if there is not a strong Desktop Management solution being utilized by your company, the deployment of the security technology may take an exceptionally long time.  Additionally, some security tools rely on Active Directory, or rely on an "always on" internet connection, and if those components aren't present the Security Technology may not work correctly or efficiently.

When possible, budget additional for the correct tools to implement, to manage, and to maintain the security technology being purchased.  Often the price tag is a little higher than whatever the Salesperson quoted.