By Mandy Andress and Brian Fonseca
November 10, 2000
Hosted security can ease IT headaches, although data protection
remains a concern.
Demands on IT leaders to stay on top of the latest security
products, while at the same time continuously upgrading staff
expertise to handle security attacks, have brought MSPs (managed
security providers) to the forefront. These service providers
promise to ease the burden on enterprise security staff via
outsourcing.
The number of companies offering managed security services
has grown dramatically in the past few months, with everyone
joining the fray. IDC estimates the managed security market
will grow to $2.24 billion in 2003 from $512 million in 1998.
Making the decision to have an outside party manage -- and
have privileged access to -- something as sacred as a company's
stored data and business information is a course that must
be followed carefully, says Don Ursem, vice president of network
operations at VocalPoint, a San Francisco-based ASP (application
service provider) that offers voice-enabled Web content.
"In my case, there was a lot of caution because I know certain
providers advertise certain services, but it was pretty typical
to hear horror stories," says Ursem, who evaluated seven MSPs
before choosing Pleasanton, Calif.-based Intira. "You do not
put your company's crown jewels in someone else's hands unless
you checked all the boxes to make sure they have infrastructure
levels to carry out this."
According to Ursem, VocalPoint chose Intira because it offers
three key features: air-tight security in its data centers,
an option for inserting additional controls into the VPN,
and good cross-site synchronization.
"It's a lot more consistent if [security] is done in a data
center 24/7 then if I go out and hire a security professional,"
Ursem says. "That is something we want to be able to present
to our customers, because we want to build [their] comfort
level."
Managed security providers have found prosperity in the dot-com
market in particular due to the budget and staffing constraints
that many start-ups must contend with. Bargain book site Allbooks4less.com,
for example, is the poster child for outsourcing; its business
infrastructure is based on an ASP model, according to the
company's CEO, John Vogus.
Vogus says his Hauppaugh, N.Y.-based business needed a powerhouse
vendor to protect his company against crippling threats it
could never manage on its own.
"If someone steals a [shopper's] credit card, by law I'm
only liable for $50. We take that seriously," says Vogus.
"But ... if a hacker comes in or someone cracks into my server
and overrides my site, my business stops. I shut down. That's
disastrous."
MSPs offer an interesting solution, but the decision to go
with outsourced security is not an easy one considering the
variety of solutions a company has to choose from and the
gravity of the problem.
Some companies, such as Counterpane, provide around-the-clock
IDS (intrusion detection services), monitoring firewall and
IDS logs for break-in attempts, and responding immediately
when something is found. Other companies, such as RIPTech
and Intira, will manage the entire security infrastructure
of a company, from configuring and maintaining security devices
to monitoring sites around the clock. The remaining offerings
fall in the middle, with companies such as myCIO.com, NetSolve,
and many others offering a combination of monitoring and assessment
services.
You can find something for everyone, but it takes a bit of
digging to find the best MSP to fit the criteria of your company.
Before beginning the search, create a detailed description
of your company's security needs. Are you simply looking for
a monitoring solution? Do you also want assistance with configuration?
Would you like periodic audits and assessments?
Once you have determined what services you will need from
an MSP, research in detail the prospective companies. A few
key items to focus on include service agreements, knowledge
of staff, and liability if a break-in or problem occurs.
Managed security services offer great benefits to those companies
willing to accept the risk that goes with handing the keys
to the kingdom to a third party.
|