Securing all fronts

Summary:Securing what is sacred to a business takes more than just a new program -- it can be a full-time job, which at times is better left to the experts.ContentsBenefitsHanding over controlWeighing it upSLA securityCase studiesNintendo plays the security gameQueensland company saves with securityThe start of the 21st century has redefined the word "security".

Handing over control
Weighing it up
SLA security
Case studies
Nintendo plays the security game
Queensland company saves with security

SLA security
Like with most outsourcing initiatives, your service level agreement (SLA) between yourself and your provider can either be your saviour, or the bane of your existence.

The SLA could very well be the most important part of your relationship with your managed service provider. It will define the roles your provider has in regards to your company, and what you should and should not accept for your money.

Traditionally, your money will ultimately drive what you can and can't have in your SLA. The more you pay, the more customisation you can expect.

Standard SLAs, for instance, may simply determine how many changes you can have within your business for firewall protection under a particular cost. But no matter how small your security objective, the SLA must be clearly identified.

Frost & Sullivan analyst James Turner says contracts are one of they key areas of concern with any outsourcing venture. "No one wants to spend six months arguing over who is responsible to pay, say, for hardware maintenance. Just like with all good business projects, ownership must be attributed to each task," Turner says.

For security, the key areas you should be considering when you write up your SLA are:

  • Security management -- how will your security be managed?
  • Monitoring -- what level is acceptable to both parties?
  • Incident response -- what response time is acceptable and processes carried out in doing this?
  • Documentation -- what audits will take place and what feedback will you receive and under what time frame?

You can also add in security tests, penetration exercises, authentication and access control and auditing if suitable. But remember, with outsourcing, each service comes at a cost.

Modesto, and other providers, believe managed security will become all the more critical in coming years as companies place increasing importance on technological advancement and information protection.

With that in mind, companies must be ready to do their own homework before they choosd their managed security provider as it is one thing to baton down the hatches to the outside world, but yet another to throw away the key.

Topics: Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.