Bolstering security with a trusted advisor

The security landscape continues to evolve, as organisations look to prevent and protect against increasingly sophisticated network threats, meet stringent compliance and industry regulations, and achieve an overall robust security posture.

A key element in achieving this is trust - trust in systems and processes, technologies and strategies. And when selecting a systems integrator to partner with, trust also takes centre stage, as companies are increasingly seeking to partner with not just any integrator, but rather a "trusted advisor" who understands and is immersed in their infrastructure, security strategy and overarching business goals - as well as the broader security market, including both the threat and vendor landscape.

This type of close partnership brings with it significant advantages for organisations and integrators alike as they work toward a common goal of bolstered security.

It's a common misconception that companies can "cover their bases" and mitigate risk by working with a dizzying array of security partners, who provide and implement point solutions for as many different aspects of the network as possible. With this piecemeal approach, it's likely that none of the partners have the "big-picture" and holistic approach of what a given company is trying to achieve, and thus are limited in their ability to implement solutions that support that vision.

On the other hand, working with a select - or select few - trusted partners can help organisations better understand, identify and quantify their risk. With insight and visibility into business goals - as well as all the moving parts in an organisation's security strategy - integrators can better assess and address a company's risk profile, and design architectures and networks that are ideal for that environment. In order to serve as a trusted advisor and have this visibility, it's particularly important that the integrator approach security projects with a life cycle strategy - spanning assessments, planning, architecture, integration and ongoing management - to maximise benefits.

In addition, having established this type of partnership typically provides organisations with a more consistent level of service. It bears mentioning, too, that this service - when working with one integrator - is oftentimes even more "above and beyond", as that partner is more financially invested in the engagement's success and therefore more motivated to exceed expectations.

It's to an integrator's advantage, too, to build, establish and maintain a trusted advisor relationship with its clients - accruing both financial and reputational benefits. This type of relationship defrays customer acquisition costs and spreads them over multiple projects - ultimately enabling integrators to realise more profit from a given client engagement and focus on other areas for business growth. In addition, a productive and longstanding client relationship tends to result in ongoing projects, which alleviate the financial instability that systems integrators can otherwise experience with a short project here and a short project there, etc, a common hurdle in a challenging economic climate.

Furthermore, a positive and prolonged client engagement often results in a happy customer who is willing to serve as a reference for an integrator's services and aptitude - a positive outcome for all involved.

So, how do organisations know when they've met their perfect match? What are necessary qualities integrators can hone and acquire to help build that chemistry? And when it comes time for an RFP, how can integrators best position themselves for a spot on the short list? While client needs differ, the end goal of an improved security posture is a common denominator - and one that integrators can best address through a variety of skills and qualities:

* Life cycle approach - IT security, itself, is an ongoing process/lifecycle - one that constantly evolves and, as such, needs to be addressed. Consequently, integrators that can cover as many elements of the security lifecycle as possible are strong choices to partner with. Their far-reaching expertise also boosts companies' overall ROI - as different security phases and subsequent projects can easily leverage intelligence accrued and investments previously made.

* Focus on consulting - To be competitive and effective, integrators should build a full-service capability, encompassing architecture, technology, managed services and - as the cornerstone - consulting. Being able to identify risk - rather than just implement technology - is a valuable asset that benefits both the integrator and the client.

* Pen testing prowess - Organisations also benefit when working with an integrator that, as a best practice, begins a security project with a penetration test to highlight unknown risks and potential deficiencies. The results set the stage for a fact-based discussion around security architectures and significantly aid in clients' decision-making processes.

* Discrete project engagements - Clients should stay with an integrator because that integrator does a good job - not because each project locks them into subsequent ones, which can be a turn-off. When integrators provide thoughtful options and recommendations - rather than lock companies into a specific course of action - they promote trust and build stronger relationships.

* Specialised and best-of-breed partnerships - Rather than be completely vendor-independent - which can lead to integrators doing a passable job with lots of different technologies - it's important to work with an integrator who can do a superior job with a more specialised repertoire. For that reason, it's important that integrators have a strong portfolio of total security solutions from select vendors and demonstrate their deep experience with these technologies - as well as their commercial engagements with security vendors to support best-possible procurement options and escalation routes.

Maintaining stringent standards of security is a crucial enabler toward achieving organisations' business objectives. By adopting a strategy that allows organisations to prevent, detect and respond to threats - and honing that strategy with the insight and ongoing help of a trusted advisor - organisations are well en route to achieving a more effective and strengthened security posture.