Merrill Lynch Hands Off Network Security To VeriSign
The deal will let the brokerage firm focus on risk management rather than the grunt work of security
Business is getting riskier. Digital attacks on businesses, such as the Slammer worm earlier this year, are unleashing their destruction at ever-increasing speeds. Hackers are constantly poking and prodding, trying to breach the security defenses of American companies. There's also the growing stack of federal and state legislation requiring businesses to prove they're being diligent at securing their data.
David Bauer, chief information security and privacy officer for Merrill Lynch & Co. wants to increase his company's ability to focus on these risks. He says he can better achieve that goal for the $2.83 billion brokerage firm by outsourcing a good chunk of the company's network security to VeriSign Inc., a relative newcomer to the growing managed security services provider market.
Terms of the global, multiyear contract were not disclosed, but InformationWeek has learned VeriSign will manage more than 300 of Merrill Lynch's firewall and intrusion-detection network security devices.
"It's all about being the best that you possibly can be," Bauer says. "On the intrusion-detection piece, we have a lot of [network] activities, as a lot of companies do, but now we're going to get analysis of all our activity in context with what else is going on in the world. It's not just about data, it's about intelligence. And with intelligence, you can make better decisions."
That intelligence, Bauer says, comes from VeriSign's ability, acquired by managing network security devices for hundreds of companies, to see attacks occurring elsewhere on the Internet and within its customers' networks. Bauer says Merrill will benefit from VeriSign's ability to see things his security team can't, and that will help them better decide where to focus their security resources. "Is it a random [attack], or is it targeted? Is it a sophisticated attack or not a sophisticated attack? Well, now we can get answers to those questions," Bauer says.
Bauer isn't the only security officer looking for answers. Analyst firm Gartner estimates that managed security services will be the fastest-growing service type across all vertical markets, growing annually at 19.3% from $547.8 million in 2002 to $1.2 billion in 2006.
"We're definitely seeing increasing outsourcing of 'commoditized' security functions, such as policy changes on firewalls, reviewing firewall and IDS logs, and all the other repetitive tasks involved in perimeter security," Gartner analyst John Pescatore says. "By outsourcing the grunt work, their existing security folks can respond to the new issues, like securing the ERP system connection to suppliers or what to do about wireless LANs or Web services.
VeriSign CEO Stratton Sclavos says regulations such as the Health Information Portability and Accountability Act, Sarbanes-Oxley, and the USA Patriot Act are helping to drive demand for managed security services. Managed security "allows companies to focus on the process optimization required to reduce the overall risks to their organizations," he says.
Bauer agrees. "It lets us worry about the evaluation of the data as opposed to the monitoring of the data," he says. "I'm a big fan of this risk managed approach. Now we can take the data and do risk analysis against it, and act on it--as opposed to having to do the day-to-day stuff."
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Infographic: The State of DevOps in 2017Is DevOps helping organizations reduce costs and time-to-market for software releases? What's getting in the way of DevOps adoption? Find out in this InformationWeek and Interop ITX infographic on the state of DevOps in 2017.
Digital Transformation Myths & TruthsTransformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.