The cybersecurity tech market is crowded. Very crowded.
Whether you’re in security, IT, or another related discipline, choosing vendors and products can be overwhelming and frustrating — and making bad choices can be costly up front as well as down the road. To bring some clarity to the process, we’ve put together a brief list of questions. Together, they should help you develop a basic understanding of your needs and capabilities so you can start identifying appropriate offerings and vendors in the cybersecurity marketplace.
(Note: In an upcoming post, we’ll examine some of the key technical issues you need to consider before selecting a security product or solution.)
The questions in this section mainly focus on organizational and human factors and will help you create a picture of your company: its objectives, requirements, resources, skills, knowledge, experience with security, etc.
- Does your company have a security policy, and how experienced is your company in cloud security? OK, that’s two questions, but the aim is to gauge how mature your approach to and knowledge of security are so you can plan an effective strategy. If you’re just starting out in cloud security, it’s best to take things a few steps at a time so you don’t become overwhelmed.
- Does your organization have a dedicated security team? How knowledgeable and experienced are your resources? Again, two questions, but you need to evaluate your own knowledge and skill levels at the outset so you can start out confidently and then build incrementally on your successes.
- Have you identified specific security objectives and requirements and put them into a plan that’s both strategic and tactical? If not, write a plan — even if it’s rudimentary. Without a clear set of goals, you’re operating in the dark, and it’s unlikely that you’ll get the results your organization needs. Again, buying a security product or solution doesn’t have to be daunting, but it does require a certain amount of analysis and planning up front.
- Who do you need buy-in from? This may seem obvious, but it’s easy to overlook people who will ultimately be affected by the product you select — and it’s a lot easier to get buy-in before you make the purchase than after you’ve made a decision without them. Gather a list of requests and requirements from all parties involved. You should still make the final decision, but others will feel like they have had a stake in the process and will be more likely to give the technology a real shot post-purchase.
That’s enough questions to start with. As you can see, the process really needs to start at home with an understanding of your company’s objectives, requirements, existing resources, skill levels, and your overall maturity level with cloud security.
Security Products and Vendors
Now it’s time to take a look at some questions about vendors and their products.