USPS

The key to getting your money's worth out of IT security tools

Federal budgets are tight and money is not likely to get any looser in the foreseeable future, so making sure you get value from a cybersecurity investment is critical, said U.S. Postal Service corporate information security officer Chuck McGann.

More on monitoring tools

How USPS merges compliance, security in its huge enterprise

The Postal Service now is using the RedSeal network monitoring platform, originally intended to evaluate firewall rules, to improve situational awareness and operational security across its extended enterprise. Read more.

“I want my money’s worth,” said McGann, a self-described frugal Yankee.

Getting that requires a vendor willing to stand behind products and ensure that customers get the expertise needed to make a product work. “You have to hold the vendor accountable to making you successful quickly,” he said. “If you don’t make the vendor commit to value by the end of week one, you’re selling yourself short.”

When the USPS was in the market for a network monitoring and analysis tool, it considered licensing software from RedSeal networks. But McGann was cautious about spending money for a platform that he was unfamiliar with. He went to RedSeal with his concerns that there could be a long break-in period before results were seen. Their solution was to offer it as a service rather than a product. “Either it works, or you don’t pay,” he said.

It worked and McGann is happy with the investment and with RedSeal’s willingness to stand behind its product. It is not just the quality of the product that matters in a successful implementation, but the customer’s ability to use it properly. Experienced personnel are in short supply in many shops, and agencies might not have the in-house expertise to get the most out of their tools. Again, look to the vendor, McGann advised.

“If you don’t have the expertise to make it a success in the first week, buy the knowledge,” he said. “Make the vendor bring it to the table.”

Success in the first week with a new security tool might sound like a tall order, but McGann goes even further. “On day two I expect results,” he said. That might be a high bar, but it is not an unreasonable one, he said. “If you don’t set the bar high, no one will reach it.”

About the Author

William Jackson is freelance writer and the author of the CyberEye blog.

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above