Tips for Making Security Technology Purchase DecisionsCISO Mark Eggleston on Picking Solutions and Stretching Budgets
How can organizations decide what security technologies best meet their needs? Mark Eggleston, CISO at Health Partners Plans, shares his tips for making the right purchase decisions.
At the Philadelphia-based nonprofit health maintenance organization, "we're always trying to make sure security does its job and makes things easier for our users, members, vendors ... any of the people that we classify as a customer," he says.
To help evaluate security technologies for possible implementation, Eggleston and his team use a variety of approaches.
"In today's software-as-a-service, agile-type workplace, we've done less [requests for proposals] because that takes so much time," he says in an interview with Information Security Media Group.
"It's very helpful to document your deep requirements - those three to six things you really want to get out of a technology platform. Then rank those and score those" in a worksheet provided to the candidate vendors, he suggests.
He also recommends that organanizations "look at the gaps in your last risk analysis and see if there are technologies that can help address those in an efficient and time-sensitive manner."
In the interview (see audio link below photo), Eggleston also discusses:
- Health Partners Plan's efforts to boost email security and its plans to implement cloud access security broker technology;
- Advice for getting buy-in from the CEO and other top leadership when making security technology purchases;
- Weighing the pros and cons of working with smaller vs. larger vendors;
- Tips for assessing costs and stretching the security technology budget.
Eggleston is vice president and chief information security and privacy officer at Health Partners Plans, a managed care company. He previously served as director of security and business continuity at the company.