July 31, 2006 | Comments: (0)
InfoDefense: Managed Security for SMBs
Larger enterprises have come to look at managed security services almost as a standard part of their IT budgets. Reason? I'd love to say to keep customer data safe, but the real reason is probably more along the lines of legal peace of mind, especially on the compliance front. Unfortunately for the SMB set, the word "managed" usually reads "priced-for-mega-businesses-only". Hey, until now.
If you look around, you can now find managed security firms with service prices aimed at the SMB set. My favorite so far is InfoDefense. Prices are down to around $800/mo on average with a few grand up front for initial setup charges. It goes up from there for specific things like compliance monitoring, but it's still in the realm of reality for businesses with smaller budgets.
Another up and comer is DataNode, but if its web site is any way to judge the company, it's still got a little ways to go before I'd feel solid about it. Rumor has it that Symantec's Managed Security Service has an SMB pricing plan, too, but I haven't been able to specific numbers yet. Worth checking out if you're willing to sit through the sales pitch first.
What should you expect from one of these services? To a degree, that's dependent on the kind of biz you're in, but here's a quick three-point checklist:
1. Look for the service to automate IT security tasks that normally require specialized (and expensive) on-staff talent. Intrusion detection, network vulnerability monitoring, maybe even security patch management and testing.
My lil' company, for example, is thinking about InfoDefense because we offer a Web-based application and that company has a new Web app security testing program. Something we can sorely use, but don't necessarily want to spend full-time staff money on.
2. If compliance is on your radar, look for service offerings in this department. But don't blindly buy anything that says 'compliance' on it. Identify your specifc compliance regulatory issues and make sure the service offering can address those things directly.
3. Walk through your contact points with the service. Look for specific reports, how those get delivered, the frequency with which they're delivered and whether you can run your own or not. Don't go for services that monitor your network and only tell you if you've been attacked or compromised once a month.
Posted by Oliver Rist on July 31, 2006 08:53 PM
RATE THIS ARTICLE:
-
- COMMENTS
| EMERGING ENTERPRISE PODCAST |
| Listen to the latest podcast: |
MP3
•
•
•
Archive
•
![[VoiceIndigo Mobilize - Listen to podcasts on your mobile phone]](http://www.voiceindigo.com/ht/images/mobilize_logo_sm.gif){kind=logo}
|
TOP STORIES
ADDITIONAL RESOURCES
- Remote Access: Maintain Security and Decrease the Burden on IT
- Beyond AntiVirus: Symantec Endpoint Protection
- What Every Enterprise Needs to Know About VDI
- Help Simplify Virtualization
- Solution for Open Virtualization Provides Server Consolidation
- A Guide to Rich Internet Application (RIA) Security
