How to Strengthen Network Security on a Smaller Budget

Tip No. 3: Pick the right MSSP

An MSSP should show you a clear path to meeting your business goals and prove that its solutions meet your business requirements and save you money. Any MSSP or other vendor should bring value to the organization. Any proposal should detail methodologies and technical strategies that are suitable for your specific needs.

Don't tailor your business to meet the MSSP; select an MSSP that can truly meet your needs. Your success will come from having chosen the best solution for your business requirements, which means the solution must show thought leadership (beyond just the latest technology) and a clear road map. This will allow you to focus on your areas of expertise—your business. Outsource what you must, and leverage outside MSSPs and consultants to do what they do best.

Tip No. 4: Hire a partner, not a vendor

You need to partner with an external company with which you can find solutions that you need now, but also remember to plan for the future. Will you have an internal point of contact with which to work? Are the managers and executives available and involved so you can determine the level of customer service? Pick external companies that can show technical depth—as well as a plan for the future—so that you can ensure that their future plans meet yours.

Tip No. 5: Invest—yes, invest—in your team's technology and information security training

Nothing causes disruption like employee turnover. People need to know that they are valued—an acknowledgement that most information systems and security professionals appreciate. So be creatively proactive with a training agenda. Leverage Internet training and local ISSA (Information Systems Security Association) meetings. Create study groups for CISSP (Certified Information Systems Security Professional) or other professional services certifications. Conduct internal lunch-and-learns.

At the very least, encourage staff to keep up on technology and security, and then actually give them time to do so. Ask your vendors for help as part of their contracts. Now is the time to let your good employees know that their concerns are yours. Turnover will cause your organization more than the actual cost of the training.

It's critical to not lose sight of what is important to your company's survival, especially during these difficult economic times. Your network can still be secure, even on a smaller budget.

Jon-Louis Heimerl is Director of SAAS Development for Solutionary, Inc. Jon-Louis has over 25 years of experience in security and security programs. His background includes everything from writing device drivers in assembler to running a worldwide network operation center for the United States government. Jon-Louis has also performed commercial consulting for a variety of industries, including many Fortune 500 clients. His consulting experience includes security assessments, security awareness training, policy development, physical intrusion tests and social engineering exercises. He can be reached at jonheimerl@solutionary.com.