eBooks & Reports

Cloud Infrastructure Security Buyers Guide

Issue link: https://resources.threatstack.com/i/878717

Contents of this Issue

Navigation

Page 13 of 14

14 CLOUD INFRASTRUCTURE SECURITY BUYER'S GUIDE 2. Will this product help you achieve security or just compliance? Being compliant does not equal being secure. Even if compliance is the reason you're shopping for a new vendor, why not reduce risk while you're at it? If you buy the cheapest op on just to check a box, you're not ge ng much leverage from your tech dollars. It's far be er to buy a solu on that will help you with compliance and also provide security at cri cal points throughout your environment to keep your data and systems secure. 3. How much me will this product save you vs. how much me will you need to put into it? Automa on is great way to save me and resources — but it's important to really think about how much me you'll put into se ng up and maintaining this automa on so you can decide whether it's really worth it. What you're really doing here is evalua ng part of the Total Cost of Ownership (TCO), and it is cri cal to do this before you make a commitment (i.e., sign a contract). 4. How experienced does a person need to be in order to run this product? Do you need someone with ten years experience wri ng custom code, or can you put a junior engineer on it with a few hours of training? The answer to this ques on, as with the previous one, is part of calcula ng the true cost of the product — and an indicator of whether you'll s ll get results even if your best engineer isn't available. 5. How will this product help you differen ate between day-to-day ac vity and actual problems? Your security products shouldn't hold your coworkers back from doing their jobs — and they won't if you can readily determine what's normal and what's not. Ask yourself if this will slow you down or enable you to take ac on when it's really important. 6. If you're compromised, what will your process look like? How will this product fit in? Everyone in security knows it's not a ques on of if you'll be breached — it's when — and how will you respond? Mentally walk through every step of your incident response process and try to think ahead about exactly how the product you're purchasing will aid you in that me of need. 7. Does this vendor use their own products? If a vendor doesn't prac ce what they preach, eat their own dog food, or drink their own champagne — it's a sign of a weak product. Ask your vendor how they use their own technology and how it has helped create efficiencies for their own team. If they don't have a strong story, think twice before you buy. 8. What do you know about the vendor's stability and performance record? Do a li le research to determine how well qualified and reliable they are. If you can, and if it's appropriate, check out their cer fica ons, ask for customer a esta ons, and find out what you can about their performance on SLAs. Also, find out how long they've been in business. Alone these ques ons might not give you everything you need to know, but together, they create a very revealing profile. 9. Does the vendor provide good Tech Support and good Customer Service? At no point do you want to be stranded if something goes wrong with the product or if you need further informa on on how to use it. So insist on high quality, 24x7 coverage in these two areas. 10. Will this vendor con nue to evolve as technology changes? Technological infrastructure looks almost nothing like it did ten years ago, and it will probably look completely different in another ten. You need to know that your vendor has a product roadmap: You need to feel confident that the technology you're choosing today will evolve alongside your company so you're not was ng me and money replacing it a couple of years down the road. Takeaways Whether you're in security, opera ons, or another related discipline, choosing vendors and products can be overwhelming and frustra ng — and making bad choices can be costly up front as well as down the road. Obviously, the preceding aren't the only ques ons you should ask about your security needs, available products, and vendors, but they will get you off to a solid start. And if you do proper diligence, ask addi onal related ques ons, and treat security as a serious investment (rather than a checkbox requirement), you will be able to iden fy a cost-appropriate solu on that meets your requirements, along with a knowledgeable, experienced, and trustworthy vendor who can support your current needs as well as the needs that emerge as you grow and evolve your business.

Articles in this issue

view archives of eBooks & Reports - Cloud Infrastructure Security Buyers Guide