Many enterprises and larger SMEs have established security teams. Within these organisations, security companies may be selected to fit with an existing client strategy, act as a sounding board or assurer, or simply provide products and services within the security stack. In other SME organisations, security is often a shared responsibility amongst IT staff. In either case, finding the right security partner and fit is essential.
As a layperson, you need help to navigate the world of security companies that can act as partners, providing support from strategy to technology integration and managed services.
With years of experience serving in senior and technical roles within end-user organisations, as well as selecting new security companies to help with developing security capability, here’s what our Opliciti staff valued when considering a new security partner, which we believe will complement your procurement process, too.
Find a Listener and Interpreter
Does the security company listen, interpret and feed back what they feel are your requirements in simple, easy to understand language? With so many definitions, acronyms and technical jargon, end users can be lulled into a false sense of security. A company that provides transparent clarity of requirement from senior executives to technical staff, aligned with industry best practice, will help build confidence and will inspire trust.
Find a Capability Builder
The security market is not a level playing field. Commonality often only exists in that they all sell products and/or services. Those that differentiate themselves will seek to provide independent and security product-agnostic advice. To further differentiate, security product advice should equally be coupled with discussions on capability. To make a capability effective, it must balance people, process, information and technology.
Imagine buying a security detection and response product, deploying it to your staff laptops, but failing to implement supporting process flows or training the staff responsible on how to interpret and act on the alerts! Does that sound silly? It happens!
Find a Domain Expert
Whichever domain(s) you wish your security company to support, they must demonstrate skill and experience within your industry, or similar industry scenarios. Often, security companies will demonstrate a cross section of supporting security qualification and certification. The security certification market is also fraught with varying standards that can be tricky for laypeople to rate or measure accurately. Therefore, companies aligning certifications with international standards or, industry-recognised training brands and government, will fare better.
Find a Governor and a Reporter
A security partner must provide good governance and regular reporting. The depth of reporting will often differentiate the weaker security companies from those with more competence and capability. Performance metrics and evaluation is a minimum threshold. Additional reporting should cover analytics, market insights and formal reports.
Find a Scalable Adapter
Business change is inevitable, and therefore, so are security requirements. It’s important to find a security company that is adaptive to your requirements, capable of scaling up, or down, as required.
Find a Security Partner that Practises What They Preach
Security providers are an extension of your organisation, thus a conduit into your organisation. Some managed security service providers have been targeted by cyber threat actors for this very reason. Therefore, better security partners will demonstrate their own internal security maturity through evidencing their own control and international certification.
A good security company should be able to cut through complexity, focusing first on requirements before advising holistically about developing effective capability. They will demonstrate collaborative development, good governance and transparent tangible reporting tailored to different audiences from CEO to technician.
Opliciti is more than a simple security company, we are a security partner. We differentiate ourselves with our highly skilled and experienced staff to be thought leaders, strategists, technicians and analysts. We focus on building effective capability, combining IT and security to both improve productivity and reduce cyber risk. Our goal is to create tailored security partnerships providing continuous value.
Book a discovery call with us today to start talking about your business’s cyber security journey and a tailored cyber security partnership you can trust.