Security may be worth the investment but ask what exactly you’re getting

Over the last month, telecom and IT networking vendors have been placing far more emphasis on security. It has almost become a game of one upmanship. One vendor says security is a big problem, and then another vendor comes along and says, “”It’s not just a big problem; it’s a huge problem.””

Last

month, Symantec CEO John Thompson warned it won’t be long before hackers launch an attack the day someone discovers a security vulnerability, rather than six months later (please see story, page 8).

One might expect the CEO of a software security maker to warn companies about security threats, but it’s not just the security specialists (such as Symantec, McAfee, Fortinet and BorderWare) who are sounding the alarm. Cisco Systems Inc. and Bell Canada are also catering to businesses’ fears of attacks on their networks.

Bell, for example, has launched Bell Canada Security Solutions Inc., a subsidiary that focuses exclusively on security (please see story, page 10).

Meanwhile, Cisco Systems Inc. released the 10 products of its “”self-defending network”” strategy at the RSA Security Conference in San Francisco (please see story, page 10). Cisco’s strategy includes application security, controlling the network and combining different functions (such as intrusion prevention, firewall, anomaly detection and anti-spyware) into one device.

Most of the time, when vendors launch security products or initiatives, they present charts showing the cost of security breaches — due to downtime, lost business and other damages.

Before you sign a service contract with a major contractor or buy the latest and greatest security appliance, ask the provider a few questions. What specific threats will the product or service protect you from? Does the vendor offer money back if the product doesn’t work? What sort of guarantees are provided? Don’t be surprised if the vendor doesn’t guarantee anything. If this happens, it doesn’t mean it’s a bad idea to buy the product. But it might change your return on investment calculation — instead of preventing an attack that would cost $1 million, you’re only reducing the probability of a loss.

Share on LinkedIn Share with Google+