RJS Software

Sprinting through Security

We’re all familiar with old school consultants. These are people hired at $20/hr and rented out for $150/hr. It’s good business, if you can get it. All too often, however, the work is neither enjoyable for the consultant nor useful to the client. After years of trying and failing to make the old model work, I decided it was time to throw it out and start over. Thankfully, RJS agreed. As of today, we are one year into the process of reinventing security consulting.

The fundamental difference is that we’ve fully embraced the fact that the idea of 100% security is a trap. You can never be completely secure, so why base a security project around the idea that you can be? Instead, we focus on achieving a measurable improvement over “today.” Different businesses have vastly different security needs, so once you shift the goal away from “find and fix all the problems” to “strike a balance between defense and response,” myriad solutions become available.

Having a large number of solutions is great, as we can select the one that fits your company’s unique situation the best. But remember, it’s not perfect and will need constant attention to avoid “analysis paralysis” and to stay current with new security trends. To combat this, we look at the second key difference: time-bound tasks, or as we call them, security sprints.

With anything you do, there is one resource that completely vanishes — time. Other consulting approaches focus on minimizing either money or an amorphous concept of risk. The catch with those is to clearly pre-identify “risk reduced” or “money saved,” time is required. Since time is billed, it can cost a significant amount of money to identify how much money you’re saving!

Want to know how much more secure a project will make you? Pick a small project that can be done in a week or two, do the project, then measure. There’s no guess-work, no scope-creep and most importantly, no spending more money than required to improve your defenses.

This process affords another advantage we did not anticipate. In many cases, security fails because the people put it in place to manage it are often not those responsible for maintaining it. Since security tends to weaken over time as attackers constantly improve, it is imperative that people explore alerts, identify what they mean to the business and take appropriate action. When the people who must manage the systems are not involved with the initial configuration, they tend to lose a lot of time tracking false alerts or worse, missing legitimate issues.

Since our consulting process is time-bound and focused on helping improve security after we leave, we work on a lot of small projects. These projects are designed so that, when done, they can be absorbed into the business’s existing operations. We then come back for iterative tuning engagements and, over time, help maximize the business’s use of technology. This avoids the common problem of security being “someone else’s” issue, while minimizing the disruption that new technologies can cause.

In the end, after a year’s experimentation, we’ve found that a cyclical short-project consulting model has given our clients a level of security far greater than the traditional defense-only approach. While this didn’t surprise us (after all, that’s why we did it), we were surprised to find that these engagements generally came in 25% to 50% lower in cost than the traditional model. We’ve done security assessments, implementations and strategy planning sessions and, in every case, have achieved better security at a lower cost.

Please contact us if you’d like to learn more about our sprint model and how it can help you achieve a better state of security at a fraction of the price.

Filed under: Product Tips & How-To's, Technical Advice

Tags: , ,

Lean Security 101: The Comic Book!

Whether embracing the 80×5 rule or learning how to effectively solicit outside advice, there’s a way to make your security strategy work smarter, not harder. Perfect security is a pipedream. So use what you have and learn from what works.

Follow the principles and strategy detailed in our very own “Lean Security 101″ comic book and you can build your own lean security model within your organization!

Follow this link to download Lean Security 101: The Comic Book.

And don’t forget … you can get a lean security review for free, just by requesting one here.

 

Filed under: Events & Announcements, Product Tips & How-To's, Security News, Security Rants, Technical Advice

Tags: ,

RJS Smart Security “Sneak Peek”

The security wing of RJS Software is growing and it’s time to change in a big way. On April 1st, we’ll be officially relaunching that segment of our business as RJS Smart Security. Not only are we rebranding, but we’re also launching an entirely new website that better speaks to our security consulting and product expertise. Check out our new logo and a few snippets from our website … what do you think?

The core messaging of our website will focus on “RJS Lean Security,” a smarter and more affordable way of protecting your business:

Our website will also lean heavily upon hand-drawn imagery:

Filed under: Events & Announcements

Tags: ,

RJS Lean Security. The Smarter Way

The idea of perfect security is a trap.

Unlike you, attackers are not limited by resources, budgets, laws or ethics. They can launch any number of attacks from anytime or anywhere. This means you have to maintain a strategic balance between defense and response. Learn More

Always stay a move ahead of your opponent.

If you are constantly focused on reacting, you are not taking the time to learn and adjust your security strategy based on your experiences. Your attackers are constantly evolving, so you must, too … just a little faster. Learn More

Make better use of what you already have.

Before you invest in yet another expensive security project, fine-tune the security products you have in place. Are your defense systems fully-patched? Have you turned on all the necessary bells and whistles that came with your original product? Learn More

The right security strategy for right now.

The days of defining and executing a rigid multi-year security plan are over. Since attackers are incentivized for rapid change, you must also adapt to the always-evolving threat landscape. An inflexible security plan will create holes quicker than you can fill them. Learn More

Part of your team, not instead of your team.

Without a highly-skilled and experienced staff of security experts, it is extremely difficult to remain unscathed from the many possible attacks waged against your organization each day. Thus, it is sometimes necessary to leverage the knowledge of others. Learn More

A smart investment for smart growth.

Once your internal operations are working well and you are effectively using what you have, it's time to grow. But before you purchase another layer of protection, first identify what really matters to your business and create goals you can measure to see if your next project will indeed be a success. Learn More

About RJS Security

RJS Software provides information management solutions that allow businesses to improve productivity, make better decisions and save money. Our software helps organizations streamline data collection, digitize and manage documents, automate work processes and optimize data delivery.

Learn more at RJS Security

What We Do

How We Help

RJS Software 1-888-RJS-SOFT 2970 Judicial Road, Suite 100, Burnsville, MN 55337

Contact  |  Privacy Policy  |  Site Map

© 2010 RJS Software