There is a wise man in the office — OK, there is more than one — who during a conversation about TrackTik features and benefits said to me, “When you need a hole, you do not go out and buy a hole. You actually go buy a drill and then drill the hole you need based on the specifications of your plan.” No, the wise man is NOT Bob the Builder! The comment stuck with me, and I started applying it to a few other situations, namely security planning and security technology.
When a security manager sets out to buy security services, security technology, or security solutions, in general, they are buying the drill. The hole they are striving for can be described as peace of mind, compliance, governance, or whatever the goal of the security program is.
Some of my top FAQ
I am often asked by colleagues, clients, peers, and friends, “What do you think about this security technology, or that measure?” Also, “What do you think about that feature within TrackTik?” Or, “Should we add X or Y to our current security workforce management platform?” Or even, “Hey, wouldn’t it be cool if we did this or that?”
My answer usually starts off the same way: a thoughtful, “Hmmm. It depends.” (A lawyer friend taught me that one, but not his trick of billing for it!) The frequency of the questions led me to think about a few technology tools that are prevalent in the security industry today. The answer to the question of “Should your program integrate these tools into your solution?” is, you guessed it: “Hmmm. It depends, on multiple factors.”
A few of these factors are:
- Importance of the asset
- Risk assessment (and its components: Threat, Vulnerability, Impact)
- Desired outcome
- Budget
Before you go shopping
When considering adopting technology into your security solution, make sure you follow these top 5 guidelines:
1. Understand your security environment
Determine why you need to secure something before deciding how to secure it and what you need to secure it with.
2. Plan your roll out
By starting with the end in mind, you can avoid ad-hoc silo applications of solutions. For example, your payroll software should integrate seamlessly with your scheduling system.
3. Have solution synergy
The sum of the solution parts should be greater than the sum of the individual pieces. As your business grows the benefits should be clear, scalable, and repeatable.
4. Benefit from an ROI
If the technology does not improve your security position and does not deliver a return, then ask yourself, “Why do it?”
5. Use battle-tested tools
When the going gets tough or an incident happens, your tech needs to work. It needs to work together and needs to work well. So it is best to test it.
Measure twice, cut once
When the “shiny new tech thing” mesmerizes you, it may be tempting to short-cut one or more of the five planning guidelines I have recommended above to select a security technology. There is no question that this holistic planning approach involves some homework, perhaps more than you are used to.
It is helpful to think of your careful research and planning as insurance against a lot of potentially nightmarish discussions and meetings. After all, the stakes keep rising in your job, and one thing is absolutely clear: When the “bad guys” are going full tilt against you, silo thinking will not offer you opportunities to shine in the boardroom.
