<div dir="ltr"><a href="http://www.cbronline.com/news/cybersecurity/business/how-to-choose-the-right-security-solution-for-your-business-4883429">http://www.cbronline.com/news/cybersecurity/business/how-to-choose-the-right-security-solution-for-your-business-4883429</a><br><br><p>Last year, it seemed like we couldn't get through a single week
without hearing about yet another data loss. Breaches like TalkTalk and <a href="http://www.cbronline.com/news/cybersecurity/data/ashley-madison-hack-5-experts-measure-the-infidelity-of-the-data-dump-4650934">Ashley Madison</a>,
increases in insider threats both accidental and malicious, and the
rise of BYOD and remote working as the new normal have all combined to
create the perfect security storm for every organisation with data.</p><p>As
a consequence, the security technology market has and continues to grow
and evolve based on these new threats. The worldwide cyber security
market is set to hit $101bn in 2018 according to Gartner. With that huge
a market and the slew of solutions available, choosing the right
security solution can be as confusing as the variety of threats
organisations now face.</p><p>So what are the key questions organisations should ask when deciding on new security technologies?</p><h2>1. Are you expecting to grow, expand, merge or acquire?</h2><p>Almost
all organisations, especially IT departments are tasked with doing more
with less so costs will always need to be considered but it's important
not to consider them in isolation and not without thinking ahead. Every
organisation will be different but if you can think about what you need
right now and what you need in the short and medium term future, you
can avoid some unexpected issues, and costs.</p><p>For example, if you're a <a href="http://www.cbronline.com/news/verticals/finance/has-market-consolidation-killed-vc-investment-in-cyber-security-startups-4876842">small start-up that is likely to quadruple in size in a year</a>,
you need to think about whether a potential security technology scales
and if it does, what does the cost look like at scale? Many small
businesses opt for software rather than hardware solutions but buying
additional licenses, for example, can be an expensive business so
providers who offer scalability and flexibility in terms of switching
tariffs etc can be worth a small premium at the outset.</p><p>Most cloud
and XaaS solutions offer great scalability and are often cheaper than
on premise solutions but you need to consider the security implications
and indeed the security record of your solutions provider and complete
the due diligence of investigating what security provisions they have
themselves as well as what back up and disaster recovery might be
offered as part of that cloud security solution.</p><p>In addition, if
you're likely to get bought or buy or merge with another company, you
might favour open technology that's more compatible with other systems
that you may need to integrate with at a later date.</p><h2>2. Do you have a remote workforce?</h2><p>Employees
now expect to be able to access information from anywhere, anytime and
from any device. So much so that BYOD has now become the norm. But even
without the challenges of BYOD, organisations will always have senior
team members who travel and are expected to work while they do so, and
IT teams will need to give them remote access to systems and secure any
data on their mobile devices.</p><p>There are two key considerations
around securing remote workers. Firstly, you need to ensure that the
remote access to data on your network is secure. For this you'll need
some sort of Network Access Control (NAC) solution. And secondly, you'll
need to secure any data stored on a mobile device because mobile
devices by their very nature present a huge data loss risk in terms of
the devices themselves being lost or stolen. To combat losing the data
on these devices, there are geo-location technologies that will track
the device, technologies that can disable or wipe the data remotely and
of course, there are also encryption technologies to consider.</p><h2>3. Do you have offices in different locations?</h2><p>Many
companies have more than one location and as such, they need to
consider how information is going to be accessed and shared among those
locations. The main decision here is whether to operate a 'mother ship'
approach whereby the servers and databases reside at one location and
all other locations connect to this either through a WAN or a <a href="http://www.cbronline.com/news/telecoms/network/top-5-vpn-services-of-2015-4636634">Virtual Private Network (VPN)</a> or to go with a fully cloud based approach.</p><p>There
are still security risks with the cloud but not necessarily more than
on-premise risks and there can be considerable cost savings to the often
huge CapEx associated with on premise hardware. Of course, there are
also firewalls to consider and how solutions like anti-virus will be
managed depending on which solution is chosen.</p><h2>4. What kind of regulations do you need to consider?</h2><p>Depending
on your location and industry, there may be strict compliance
regulations that you need to adhere to that could impact what exact
security solutions you choose. There are always compliance and
regulations in sectors like banking, insurance, law etc, there is the
HIPAA Act that protects the privacy and security of health information
in the US and in Europe, the <a href="https://en.wikipedia.org/wiki/General_Data_Protection_Regulation">EU GDPR</a>
will come into force in just two years time which will see fines to the
tune of 4% of global annual turnover doled out for data security
breaches.</p><p>It's imperative that any organisation does its due
diligence not only about the regulations within their own industry now
and in the near future but also the regulations within the industries
they might wish to supply to. Otherwise, the benefits and features of
the security solution you choose could be irrelevant very quickly.</p><h2>5. Will one solution do or do I need a combination?</h2><p>You
should consider what exactly you need to protect and not be afraid of
using more than one provider. To use the example of securing remote
workers above, there's no point securing your network if you're not also
going to secure any mobile devices that connect to it - you might find a
provider to secure both or two that specialise in each, either is
perfectly acceptable as a strategy, you just need to understand how they
will interact and ensure you're not giving the IT department double the
work.</p><p>Security is a complicated and ever-expanding business and
realistically, it's unlikely that you will find just one provider that
will look after all your firewalls, antivirus, mobile, network access
and back up and disaster recovery solutions. Consultancies and managed
service providers can help to either advise what solutions can work
together or even take most of the problems of resource away by offering
outsourced security management with SLAs.</p><p>Once you have security
technologies in place, there will be onboarding and there should be
ongoing educational activity so that all employees understand their
responsibilities in using the security solutions correctly and handing
data carefully to avoid breaches.</p><p>But, before everything, before
you even google 'security solutions', there's a lot of upfront thinking
to be done and a lot of questions to be asked before you're really in a
position to make an informed decision about what you need.</p><br></div>