Security Tools Can Build False Confidence

In case you haven’t heard, a vulnerability in SNORT was just announced. SNORT is a very popular Open Source intrusion detection and prevention technology. With more than 3 million downloads of the software out there, it’s safe to call it the premier product in the category.

The good news is that Sourcefire (the for-profit company that produces intrusion detection appliances built on SNORT) responded quickly with a workaround and a software update. But here’s my question: How many SNORT users have heard the news or downloaded the fix? While I don’t know the answer, I do know that SNORT.org reports about 100,000 active users. Who’s using the other 2,900,000 downloads? And are they aware of the problem?

Before I go on, let me say that my issue is not with SNORT (or any other security technology). The problem resides in the realities of the business environment. Executives and business owners are too busy minding the store. Their IT administrators have their hands full dealing with end-user problems, data backups (hopefully), general network responsibilities, and day-to-day IT hiccups. And IT companies typically only get called when the business perceives a problem.

Recognizing the criticality of the data on their computers and appreciating what a security breach could do to their operations, revenue generation and reputation, management is taking steps to protect their networks and data. That's good. But buying security software and appliances without investing in security professionals creates false security. When you start investing in security solutions you need:

• High tech AND high touch: Hire security professionals to install and configure your security software and appliances. They will work with you to create a ruleset and configuration that works for your company.
• Offsite backup strategy: Protect your data at all cost. It’s the heart and soul of your business. Without it, you have no business. Get it off site and into to a secure location. Data replication is a cost-effective option.
• Managed Security Solution Provider: Threats are like the flavor of the month. They’re ever-changing…requiring newer, smarter, better technology. Keeping up is a full-time job. It’s also expensive. An MSSP offers a cost-effective alternative because it leverages the investment across many customers. It also provides the added benefit of a trained professional on duty, watching for network anomalies 24/7, interpreting activity and taking action when necessary.

Renew your faith in security and fall in love with all your IT again by working with a technology partner that lives by the 2.0 paradigm.

Why Digital Barracuda 2.0?

I'm tired of hearing people say, "I hate my IT people!"

I used to ask myself why anyone would stay with a company or individual that they hated. Life's too short for that kind of pain. Then I began to see a pattern...a pattern whose elements include frustration, uncertainty, confusion and uninformed decision making. And it's not surprising, considering...

1. With all that business owners, educators, government officials and nonprofit executives have to know and do to run their organizations effectively, how can they possibly be experts on IT and data security too.
2. Technology plays an ever-more-important role in our organizations. It is missed more than ever when it is down. Can you simply pick up a pen and paper and continue with business as usual during downtime? When your IT people can't prevent downtime, and charge you an arm and a leg for every emergency, of course you're going to hate them. You're going to hate them even more when you feel you don't have an alternative.
3. Then there is the question of security. What software and security appliances do you buy? How much protection is enough? Is my IT company selling me the right solution? Am I really protected? These are scary questions to be asking, given that your organization is on the line. And unless you start sending your employees back to school for security certifications and training, you aren't going to get good answers until you find an IT company you can trust.

For this reason, we recreated Digital Barracuda as a 2.0 company to signify a different paradigm. Actually it's our same paradigm, we're just shouting it from the top of the page (as well as the roof tops) now. Twenty-first century companies deserve an IT company that SERVES THEM. That's right SERVES. You should settle for nothing less. Here are a couple of the things you should expect from your IT company:

• Attention to your systems BEFORE you have problems. This will prevent much unnecessary downtime and enable you to keep working every day. The less you have to see your IT company, the more you are uninterrupted in your work. It's time to change how you think about your IT company: Pay for expertise and the power to get your work done, don't think you're not getting your money's worth unless the IT guy's hanging around working on your network. That's unproductive. And it's costing you a lot more than the IT guy's hourly rate.
• A contract that delivers Price Protection. You can budget when you know what your annual IT services will cost ahead of time. And should there be an emergency or new project for equipment not covered under the contract, make sure you have an hourly rate stated in your contract. Now you can begin to control costs...that means less to hate.
  
  You don't need to blame your computers. Just fire your IT company and find one with your best business interests in mind. We'll continue to write about this subject and a lot more in the days, weeks and months ahead.