{"id":21013,"date":"2023-04-27T22:44:23","date_gmt":"2023-04-27T18:44:23","guid":{"rendered":"https:\/\/me-en.kaspersky.com\/blog\/services-packages\/21013\/"},"modified":"2023-04-27T22:44:23","modified_gmt":"2023-04-27T18:44:23","slug":"services-packages","status":"publish","type":"post","link":"https:\/\/me-en.kaspersky.com\/blog\/services-packages\/21013\/","title":{"rendered":"Implementing information security solutions in SMBs"},"content":{"rendered":"<p>When deploying and maintaining corporate information security systems, it\u2019s logical to engage professionals. These experts can be either in-house or external \u2014 service providers or developers of the chosen solution. Each of these approaches has its pros and cons. After all, deploying an information security system for a business is a fairly complicated process, which, besides the software installation itself, includes the following preparatory and operational phases:<\/p>\n<ol>\n<li>Analysis of the information security risks \u2014 to identify vulnerable aspects, assess the likelihood of threats, and compile a list of necessary measures<\/li>\n<li>Development of security policies to regulate access to information and ensure its protection and integrity<\/li>\n<li>Selection and implementation of the solution<\/li>\n<li>Periodic auditing of the solution to make sure it\u2019s effective and compliant with current requirements<\/li>\n<li>Incident response<\/li>\n<\/ol>\n<p>A large business will have an information security department to handle these tasks. But SMBs face the choice of trying to deploy a security system in-house or outsourcing to third-party contractors.<\/p>\n<h2>In-house deployment<\/h2>\n<p>\u201cIn-house\u201d means a dedicated employee (or department) with information security expertise. The company can try to find such a person 0n the market or train their own. The pros and cons of this approach are:<\/p>\n<ul>\n<li>+ The company controls the training process, can adapt that process to the company\u2019s particular needs, or find a person with the necessary skills<\/li>\n<li>+ An in-house employee is better acquainted with the internal business processes, so can offer more effective and specific solutions<\/li>\n<li>+ An in-house employee will be able to respond quicker to threats and problems<\/li>\n<li>+ Company secrets won\u2019t fall into the wrong hands<\/li>\n<li>+ It may be more cost-effective than engaging outside expertise, especially if the employee is already on the staff<\/li>\n<li>+ Training will raise the employee\u2019s professional status, which may increase their loyalty<\/li>\n<\/ul>\n<ul>\n<li>\u2013 Training will take a long time<\/li>\n<li>\u2013 It can be more expensive to hire an off-the-shelf expert than a contractor, and will also take a long time<\/li>\n<li>\u2013 A trained-up employee will probably know the subject area less well than an experienced infosec pro<\/li>\n<li>\u2013 There\u2019s no guarantee that such implementation know-how will be useful going forward; this is especially true if a dedicated employee is given the task \u2014 what will they do post-deployment?<\/li>\n<li>\u2013 A trained-up employee might leave, in which case a new person or contractor will have to be found to maintain the solution<\/li>\n<\/ul>\n<p>This approach is relevant for businesses that are growing or planning to scale up, as it will lay the foundation for the future of the information security department. However, if there are no such plans, or growth does not translate into infrastructure development, there\u2019s little point in investing in new professional skills.<\/p>\n<h2>Third-party deployment<\/h2>\n<p>The market is full of service providers offering turnkey solutions: infrastructure audit; IT security system implementation and maintenance. Pros and cons:<\/p>\n<ul>\n<li>+ Saves time: no need to train or find anyone<\/li>\n<li>+ A specialized contractor is likely to have expertise and experience in the field of information security<\/li>\n<li>+ A contractor can offer a wide range of services that go beyond in-house capabilities<\/li>\n<li>+ More efficient use of own resources \u2014 all concerns about implementation are outsourced<\/li>\n<li>+ Fewer risks, plus the ability to transfer these risks to the contractor<\/li>\n<\/ul>\n<ul>\n<li>\u2013 In the long-term, a third-party may turn out to be more expensive than in-house<\/li>\n<li>\u2013 A contractor may not understand internal business processes, leading to poorly adapted solutions<\/li>\n<li>\u2013 Lack of transparency: you can\u2019t be sure how much the contractor really knows about the products being deployed<\/li>\n<li>\u2013 Confidentiality issues may arise, as a third-party contractor will have access to your data, but you know nothing about the contractor\u2019s internal security policies<\/li>\n<li>\u2013 The company could become dependent on the contractor<\/li>\n<li>\u2013 You won\u2019t have a full understanding of what\u2019s going on, with insufficient business control over the implementation and support process<\/li>\n<\/ul>\n<p>On the whole, engaging a contractor is a sensible and common way of deploying an information security system. Typically, such service providers cooperate with solution developers, are certified, have partner status and provide guarantees. There is also a third way\u2026<\/p>\n<h2>Vendor deployment<\/h2>\n<p>This approach is similar to the second one, the difference being that deployment is carried out by the developer of the solution, whose employees are guaranteed to understand it inside and out. Which means:<\/p>\n<ul>\n<li>+ No dependence on a third party: the solution will work as long as its developer remains on the market<\/li>\n<li>+ The vendor\u2019s direct guarantee will further reduce the risks<\/li>\n<li>+ Configuration and deployment of products will be as fast and efficient as can be<\/li>\n<li>+ Minimizes downtime caused by incorrect configuration and long set-up times<\/li>\n<li>+ Maximizes the payoff of investments in information security, as expert configuration will ensure products work at their full potential<\/li>\n<\/ul>\n<p>Most SMBs won\u2019t even need third-party experts to be present on-site\u00a0\u2014 server capacities are usually cloud-based these days, and in any case systems can be monitored remotely.<\/p>\n<p>We offer <a href=\"https:\/\/me-en.kaspersky.com\/small-to-medium-business-security\/professional-services?icid=me-en_kdailyplacehold_acq_ona_smm__onl_b2b_kasperskydaily_wpplaceholder_______\" target=\"_blank\" rel=\"noopener\">Kaspersky Professional Services<\/a> \u2014 our own package solution for deployment of Kaspersky\u2019s information security tools. It includes a wide range of services: analysis of existing infrastructure and policies; development of policies and elimination of vulnerabilities; implementation and upgrade of solutions; support; encryption of data storage. Kaspersky has local teams around the world that speak your language and have the necessary expertise. Our package solution is perfect for SMBs, as it will lessen the load on the IT department or even eliminate the need for a full-time system administrator.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The pros and cons of different approaches to deploying and maintaining information security systems. <\/p>\n","protected":false},"author":2725,"featured_media":21014,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1318,1917],"tags":[2632,2408,499,1022,1882],"class_list":{"0":"post-21013","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-business","8":"category-smb","9":"tag-deployment","10":"tag-hr","11":"tag-products-2","12":"tag-risks","13":"tag-services"},"hreflang":[{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/services-packages\/21013\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/services-packages\/25594\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/services-packages\/28224\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/services-packages\/25893\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/services-packages\/26269\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/services-packages\/28755\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/services-packages\/48037\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/services-packages\/20506\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/services-packages\/21199\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/services-packages\/33986\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/services-packages\/31901\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/services-packages\/31584\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/me-en.kaspersky.com\/blog\/tag\/services\/","name":"services"},"_links":{"self":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/21013","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/2725"}],"replies":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/comments?post=21013"}],"version-history":[{"count":0,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/21013\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/21014"}],"wp:attachment":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=21013"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/categories?post=21013"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/tags?post=21013"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}