The Security Catalyst» purchasing http://www.securitycatalyst.com harnessing the human side of security Wed, 25 Jan 2012 15:57:57 +0000 en hourly 1 http://wordpress.org/?v= harnessing the human side of security The Security Catalyst no harnessing the human side of security The Security Catalyst» purchasing http://www.securitycatalyst.com/wp-content/plugins/powerpress/rss_default.jpg http://www.securitycatalyst.com The Security Vending Machine http://www.securitycatalyst.com/2009/07/the-security-vending-machine/ http://www.securitycatalyst.com/2009/07/the-security-vending-machine/#comments Thu, 23 Jul 2009 11:00:30 +0000 Guest Blogger http://www.securitycatalyst.com/?p=2116

by James Costellovend

I would bet that you have someone in your life who “survives” out of the vending machine at the office. You know them:

  1. Their desk is surrounded by potato chip bags, candy wrappers and soda cans.

  2. They are the first one to get the new item out of the machine.

  3. They consistently return to the same choices, but especially love new packaging even if the insides are still the same.

  4. They base decisions on what is in the machine.

  5. They purchase items because they have money in their pockets.

Do you know of companies that treat their security purchases like a trip to the vending machine?

  1. They buy items with the prettiest packaging (or possibly the prettiest sales person). Don’t laugh; I’ve seen it happen.

  2. They purchase items just based on the fact that it is either new or a new version. And we all know that “new” means it’s good, right?

  3. They purchase items just because it’s in the machine or their sales representative presented it to them.

  4. They buy the same product that they bought last year because they are not comfortable with change.

  5. They buy because they have leftover budget for this year, but are not sure if it is something they really need.

So how do we, dear reader, avoid/prevent others from making purchases from the security vending machine?

  1. Determine your corporate goals and work toward them. Okay, so that’s a bit clichéd, but I see this everyday as a project manager. When there is not a clear idea of what is wanted out of a project, it will drag on and possibly never get implemented to anyone’s satisfaction.

  2. Identify your needs and purchase accordingly. What traffic are we trying to monitor? If you are more concerned with blocking inbound access than monitoring, then an IDS solution may not be the best use of funds. What data are we trying to protect? If all of your proprietary data is kept on one or two servers, hardening those servers will make the most impact. What services are we offering to our clients? If you are not offering any services locally, inbound traffic should be denied

  3. Don’t let your budget burn a hole in your corporate pocket. Are you with an organization that determines next year’s budget based on how much you spent this year? (I know this would not fly at my house; why does this work in business?) Work with your financial group to create the budget. This sort of spending is foolish, especially in the current financial situation.

  4. Don’t spend all of your budget at once. Plan for spending over the course of the entire year. I am reminded of my friends who are teachers for school districts in my area. They get paid once per month and have to budget for the entire time. My friends like to tell stories of first-year teachers who see this great big paycheck (well, for a teacher) and go out and spend it without realizing it will be another 30 days before they will get paid again. What is humorous for me is that they all admit to doing the same thing.

  5. Just because something is shiny and new does not mean I have to have it.

When I was a senior in college 15 years ago, I needed a car to drive back and forth from college campus and the school district where I was going to be student teaching. I needed a car and it was going to be my first major purchase. I had $3500 to make the purchase and I could look anywhere I wanted. I could have taken my time to get the most car for my money, but I wanted to get it done and I knew I could spend all of the money I had on this car. (I failed to plan, I did not determine my needs, and I allowed the amount of money I had determine when I would buy) A day after I withdrew the money from my savings account, I drove off the car lot of a friend of the family with a car with no trunk space, a short back seat, and not enough horsepower. This car would barely do 60 mph (not so good for a college student who needed to drive 40 miles each day and was still on college time), I could not haul anything in it (this made moving out of the dorms when school was done, next to impossible), and finally it developed a habit of not starting when it rained (this was lived with for about a year as I had to make money to get it fixed, since I had spent all of my money on the car). I look back on that now and wonder how I survived, making those decisions.

I bought from the vending machine. Are you or your company doing the same?

]]> http://www.securitycatalyst.com/2009/07/the-security-vending-machine/feed/ 1