The key to getting your money's worth out of IT security tools
- By William Jackson
- Sep 04, 2013
Federal budgets are tight and money is not likely to get any looser in the foreseeable future, so making sure you get value from a cybersecurity investment is critical, said U.S. Postal Service corporate information security officer Chuck McGann.
“I want my money’s worth,” said McGann, a self-described frugal Yankee.
Getting that requires a vendor willing to stand behind products and ensure that customers get the expertise needed to make a product work. “You have to hold the vendor accountable to making you successful quickly,” he said. “If you don’t make the vendor commit to value by the end of week one, you’re selling yourself short.”
When the USPS was in the market for a network monitoring and analysis tool, it considered licensing software from RedSeal networks. But McGann was cautious about spending money for a platform that he was unfamiliar with. He went to RedSeal with his concerns that there could be a long break-in period before results were seen. Their solution was to offer it as a service rather than a product. “Either it works, or you don’t pay,” he said.
It worked and McGann is happy with the investment and with RedSeal’s willingness to stand behind its product. It is not just the quality of the product that matters in a successful implementation, but the customer’s ability to use it properly. Experienced personnel are in short supply in many shops, and agencies might not have the in-house expertise to get the most out of their tools. Again, look to the vendor, McGann advised.
“If you don’t have the expertise to make it a success in the first week, buy the knowledge,” he said. “Make the vendor bring it to the table.”
Success in the first week with a new security tool might sound like a tall order, but McGann goes even further. “On day two I expect results,” he said. That might be a high bar, but it is not an unreasonable one, he said. “If you don’t set the bar high, no one will reach it.”
William Jackson is freelance writer and the author of the CyberEye blog.