Feature
News
12/14/2006
02:55 PM
Connect Directly
RSS
E-Mail
50%
50%

Outsourcing Security Doesn't Mean You're Desperate

Handing over security to a service provider just might be the best way to stay safe.

On the surface, giving the security of your networks, systems, and data over to someone else seems like a desperate move--an acknowledgement that the threats are more than you can handle. The reality is that tapping into a service provider might be the best way to protect your company and comply with the latest government regulations.

One caveat: Do your homework. You must know what's in your networks, systems, and databases and clearly define how the service provider is going to help your company meet its security and compliance needs. You also must be sure the service provider is financially stable before trusting it to manage intrusion detection and prevention, log analysis, firewall, or other security services.

Offload AgendaLack of resources and expertise is most often the reason for subscribing to security services. "In the security world, it's a game of catch-up. I couldn't possibly throw enough resources at it internally," says Ken Emerson, director of strategic planning and CIO at Boiling Springs Savings Bank in New Jersey. He tapped Perimeter Internetworking to manage e-mail security and an intrusion-detection system. "I didn't feel like I had the necessary knowledge on my staff, especially with the rapidly growing volume of spam," he says.

Emerson thoroughly checked Perimeter and found it had passed the Statement on Auditing Standards No. 70, a standard set by the American Institute of Certified Public Accountants that requires an in-depth audit of a service provider's control activities. "The other outsource firms I looked at didn't have SAS 70 certification," Emerson says. "I'm not going to have depositors if I can't protect their information."

After Boiling Springs signed with Perimeter, a worm got into a PC at one of its branches. Perimeter notified the bank so it could shut down the infected computer, Emerson says.

Kettering Medical Center Network, a group of 50 health care facilities around Dayton, Ohio, turned to managed security services to augment its internal IT security resources, particularly the time-consuming task of sifting through data collected by its Check Point Software Technologies and Cisco Systems firewalls, which protect remote physicians' offices that are part of the Kettering network.

Kettering owns the network security equipment, but for the last two years it has had Symantec collect and analyze data from firewall logs. "We need to be concerned if someone is trying to do a port scan against our systems or if our network contains ad bots or spy bots trying to communicate out," says Bob Burritt, Kettering's IS network and technology manager.

InformationWeek Download

The ability to detect and avert downtime is crucial to any organization, but particularly a health care operation. Added incentive is the $1 million a day Kettering would lose if it couldn't bill or collect fees. Burritt declines to say how much Kettering is paying for Symantec's services, but he notes that outsourcing firewall log analysis saves as much as $150,000 annually, roughly the cost of hiring two full-time IT pros.

Previous
1 of 2
Next
Comment  | 
Print  | 
More Insights
The Business of Going Digital
The Business of Going Digital
Digital business isn't about changing code; it's about changing what legacy sales, distribution, customer service, and product groups do in the new digital age. It's about bringing big data analytics, mobile, social, marketing automation, cloud computing, and the app economy together to launch new products and services. We're seeing new titles in this digital revolution, new responsibilities, new business models, and major shifts in technology spending.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest - August 20, 2014
CIOs need people who know the ins and outs of cloud software stacks and security, and, most of all, can break through cultural resistance.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.