Saturday, February 11, 2012
Google  
Web voicendata.com
  RSS | Archive    
 Home > bpOrbit > Managed Security Seeking a Payoff
  BPORBIT
Managed Security Seeking a Payoff
Continued from page: 1
Wednesday, February 07, 2007

Service providers agree that compliance is driving demand for managed services. "Regulations basically tell an organization that it needs to do certain things in a well-defined and repetitive way, and that it needs to put in place control mechanisms to prove that. This fits very well with the nature of MSS [managed security services]," says Bart Vansevenant, director, Product Management, Managed Security Services, Cybertrust, Herndon, Va.

Another driver is that the services come with detailed reporting that documents and proves security activities, says Vansevenant. That automatically puts in place part of the framework needed to meet regulatory requirements.

Cybertrust offers both fully outsourced and co-managed services to clients. These include managed security, managed antivirus, content screening and network-intrusion detection and prevention services. The company also provides a monthly compliance report that enables clients to prove to internal or external auditors that security-operation tasks are executed in a consistent way and based on accepted standards.

Managed Security Services for Regulatory Compliance

  • Thorough assessment of regulatory compliance needs includes the evaluation of which regulations apply, what security and auditing provisions must be put in place and what internal resources are needed to accomplish compliance

  • If your organization's internal resources are not sufficient and outside help is needed for the security requirements of regulations, evaluate the available options in the market to fulfill your firm's requirements

  • When looking at service providers, consider factors such as the level and quality of services, industry-specific knowledge and capability, ability to expand service as the business grows and financial stability

  • Ask service providers for customer references, particularly companies in your industry or sectors

  • After hiring a managed service provider, conduct frequent evaluations to ensure that services are being provided as promised in the contract and are meeting the needs of the business.

TippingPoint, a division of 3Com based in Marlborough, Mass, is also seeing a rise in the demand for managed security services related to compliance. "Several factors are driving demand," says Don Ward, VP, Technical Field Operations, TippingPoint. "One is that key information is being exposed." "Corporations continue to focus on protection because they continue to read about various cases of computer hackers accessing personal information and social-security numbers," says Ward. "They're also concerned about audits."

TippingPoint, through a partnership with Counterpane Internet Security, offers services to help clients mitigate the risks of non compliance. These include a combination of managed security monitoring, capabilities reporting, professional services and managed vulnerability scanning. Among other functions, the services help companies ensure that access and authentication controls are monitored and protected and that logs are monitored and retained.

Another provider, Symantec, surveys its customers about why they purchase managed security services. "Compliance is one of the top reasons," says Jonah Paransky, director, Product Management, Symantec Managed Security Services.

Symantec's services-firewall/VPN management and monitoring and intrusion detection-allow organizations to outsource security management, monitoring and response. The company also offers a consulting service that helps organizations manage corporate compliance. It includes an assessment of compliance issues and readiness, and recommendations for and implementation of needed controls and processes.

New Security Services
Managed security service providers are rolling out new programs that allow clients to manage compliance and security in increasingly diverse environments. For example, Cybertrust recently launched a partner-security program, which allows clients to manage risk and compliance in the "extended enterprise", which includes partners, vendors, customers, auditors and internal business units. A partner-security program user can ask business partners or internal departments to complete questionnaires and assessments related to a selected set of regulations and/or standards and a rule-engine then provides a compliance "score" via a Web-based dashboard. "For the client organization, the biggest benefit is that compliance activities are centralized in one application," says Cybertrust's Vansevenant. "New managed security services are focusing on helping clients more effectively manage vulnerabilities," says TippingPoint's Ward. "New solutions are doing a much better job of reducing the effort it takes to track, remediate and report on identified vulnerabilities," he adds.

Managed security-service providers are rolling out new programs that allow clients to manage compliance and security in increasingly diverse environments.

Service providers are also developing stronger reporting technologies as companies look for tools that will help them more effectively pass security compliance-related audits. "There are several [offerings] out there that give companies the ability to put a service in place where they can utilize standard reports from the service to greatly alleviate the auditing process," says Ward.

Many of TippingPoint's customers use real-time reports that they get from the Counterpane portal. These reports can be given to auditors as part of Sarbanes-Oxley and HIPAA compliance efforts. "One of the key trends among service providers continues to be the automating of reporting and tracking processes for compliance initiatives, and setting up policies that are in the same standards and formats as compliance initiatives," says Sandra Palumbo, program manager, Enterprise IT and Communications Services, Yankee Group, Boston, Mass. "A lot of service providers are using COBIT and the standard format to provide compliance services," he adds.

While managed security services promise a number of benefits for companies seeking to be compliant with regulations, using an outside firm for such a sensitive function as security can present risks. It's important for clients to ensure that service providers regularly have their services audited, says Symantec's Paransky. "If I'm a customer looking to buy Symantec's service, I'd ask what kind of audit [measures] do you have available? How often do you audit and test your environment?" he adds. "One potential problem for clients is that using a managed service adds a layer of communication," says SAGPH's Donnellan. For example, if there's a security breach, a service provider often has to first contact the client before taking action. SAGPH dealt with that issue by authorizing Symantec to shut off service immediately when necessary and explain the reasons for the action later, rather than waiting for approval from SAGPH.

The risks of using a managed security service are no greater than performing security functions in-house "as long as the business doesn't ignore the third-party," says Yankee Group's Palumbo. "Third-party providers need to be viewed as an extension of the in-house staff. While you don't need to micro-manage, you need to be aware of what is being done on your behalf and involved in the evolution of that relationship to ensure it continues to meet the needs of the business."

Bob Violino
vadmail@cybermedia.co.in

Page(s)   1  2  

Print Comment Email DiggDigg DeliciousDel.icio.us RedittReddit
Online Services Marketplaces
Supply Management: Supply Managers Into New Shoes
Risk Management: Managing Risk In Outsourcing Arrangements
 

Subscribe to our Newsletter
Name:
Email Address:




 

Current Issue
Click here to book your copy now






Your Opinion Matters

Does cloud computing cast a cloud on the future of IT professionals?

Is your Accounts Payable Solution working for you? Think Again…

   CIOL Services
IT News | IT Jobs | IT Outsourcing | IT Shopping
 



  For Voice&Data Print Subscription
  [ Magazine Subscription ]  [ Contact Info ]  [ Media Kit ]
 
Other CyberMedia web sites
[Dataquest]  [PCQuest]  [CIOL]  [Living Digital]  [CMR India]
[DQ Channels]  [The DQweek]  [CyberMedia Events]
[CyberMedia Digital]  [Cyber Astro]  [CyberMedia India]
[Global Services]  [BioSpectrum]  [BioSpectrum Asia]  [DARE]
[Computer Shopper]   [College Buying Guide]   [Technology Review

CyberMedia India Ltd

 
  Copyright © CMIL. All rights reserved.
Reproduction in whole or in part in any form or medium without express written permission is prohibited.
Usage of this web site is subject to terms and conditions.
Broken links? Problems with site? Send email to webmaster@ciol.com