Flexible and Extensible
Threats continue to develop and change, so security offerings continue to develop and change too. For example, nobody was defending against ransomware five years ago, or for that matter, against two-factor authentication attacks based on SMS messaging last year. But now we have to consider both. That’s you why you must design a flexible, extensible framework for your offerings. We provide a baseline security stack built on commoditized components, so if a product line changes suddenly, we can respond quickly and without great expense while we expand our stack.
Another issue you’ll have to address is what happens when a vendor drops a product you are committed to or gets purchased by another player that doubles or triples your prices. Anyone paying attention in this industry has seen vendor acquisitions lead to wild product and pricing changes. You’ll never be able to cover every eventuality, and you won’t be able see every acquisition or strategic realignment coming. But with a sufficiently modular services design that allows you to snap new coverages and vendors in and out, you’ll have at least a leg up on it.
There’s Always More
Of course, there’s always more to offer, like data loss prevention, email archiving, proximity logouts, and more. We provide these advanced options on an a la carte basis. We also “downward propagate” our service stack. For example, at the beginning of the second year, we give customers on our Basic plan an offering from the next package up, covering its cost. A year later, we migrate all the remaining “second level” offerings to the first level, raise seat or site prices accordingly, and add a new suite of offerings at the higher tiers (raising those prices). This cadence allows us to keep adding new security and justify price increases every other year as well, a win-win situation.
Don’t Forget Comprehensive Data Protection
You might be wondering what a discussion of backup and business continuity is doing here. That’s easy; any security plan must include comprehensive data protection. No matter how well you secure your clients, eventually your protection will get beaten. And that is why having reliable backup and business continuity can save your skin. Be it ransomware, a bad patch, or anything that takes you down, the safety net of comprehensive data protection is unbeatable. That means file and folder backup, local failover, versioning for rollbacks of at least a year, and true disaster recovery with off-site imaging. This topic brooks its own discussion, but suffice it to say, without comprehensive data protection, you are not fully securing your networks.
JOSHUA LIBERMAN is president of Net Sciences, founded in 1996. A 24-year ASCII Group member, former rock climber, martial artist, and lifelong photographer, Liberman speaks five languages and has visited five continents. He also writes frequently and raises Siberian Huskies with his wife Heidi, who calls him the Most Interesting Geek in the World.