  |
 |
|
Research and retrieval of news articles by: SPECIAL NOTE TO ALL VISITORS: | ||
 |
|
WHY THE SECURITY BUCK STOPS WITH YOUSource: SecurityNewsPortal.comPosted on March 13, 2002 Companies are increasingly handing over security provision to specialist third parties as they recognise they do not possess the in-house technology to manage the technologies properly. Areas such as penetration testing are now considered better outsourced than conducted internally by the people that built and developed the system. Other popular features of hosted security include virus scanning, firewall configuration, intrusion detection and audits of network security. Chris Thorn, operations director at consultant Chameleon Net, argued, "It is preferable to outsource some aspects of security, such as penetration testing, which looks at how far an outside company can get through the corporate defences." Sal Viveros, marketing manager at the McAfee division of Network Associates, believes these features fit a service model, because they need constant updates."There are still companies out there that don't do anything on security - it's scary. Even among mid-size companies, there are many who haven't touched the configuration of their firewall for a year. Those are also the companies that are not backing up their data," he said. McAfee has launched hosted services for the popular security areas and Viveros argued that most of them found an eager uptake in small organisations. Larger organisations, he said, were also looking at the services to secure the laptops of their mobile forces. "Laptops are difficult to manage because they are rarely in the office," he said. "But people do read email. Users cannot uninstall agents, so every time they log onto the internet, their system is updated and the network manager is alerted the update took place - this gives great visibility on laptop security."Thorn agreed that virus filtering was safe to outsource without compromising network security. He argued network managers would benefit from handing over the "nightmare" task of managing latest updates and patches for new viruses. Viveros also believes outsourcing intrusion detection is a good idea, because it can be "very time-consuming" to get it right. He advised checking the expertise and confidentiality of the provider of this service, as incorrectly configured intrusion detection could be abused to bypass network defences. But Thorn was ambivalent about outsourcing security audits. He argues it is a grey area that needs to be treated with great care. "To get security audits done by a third party, is better than failing it in-house. But be careful: the responsibility stays in-house. Third-party reports can give a reference, but continue to do internal checks," he warned. "Enforce contractual confidentiality with your provider - this may not stop people from breaking in," he laughed, "but at least you've got it in writing. E-CommerceALERT comment: Visit http://SecurityMatters.com for the scoop on Network Security Assessments, and why you need one.
E-Commerce Alerts are issued by Bennett Gold LLP, Chartered Professional Accountants as situations develop. Bookmark this site and check back often. Our e-mail address is: info@BennettGold.ca In accordance with United States Code, Title 17, Section 107 and Article 10 of The Berne Convention on Literary and Artistic Works, the news clippings on this web site are made available without profit for research and educational purposes. |
|
ALERT  WebTrust Is Your Best Defense Against Privacy Breaches. Get WebTrust Working For Your Site. |