Handing over control
Weighing it up
Nintendo plays the security game
Queensland company saves with security
Like with most outsourcing initiatives, your service level agreement (SLA) between yourself and your provider can either be your saviour, or the bane of your existence.
The SLA could very well be the most important part of your relationship with your managed service provider. It will define the roles your provider has in regards to your company, and what you should and should not accept for your money.
Traditionally, your money will ultimately drive what you can and can't have in your SLA. The more you pay, the more customisation you can expect.
Standard SLAs, for instance, may simply determine how many changes you can have within your business for firewall protection under a particular cost. But no matter how small your security objective, the SLA must be clearly identified.
Frost & Sullivan analyst James Turner says contracts are one of they key areas of concern with any outsourcing venture. "No one wants to spend six months arguing over who is responsible to pay, say, for hardware maintenance. Just like with all good business projects, ownership must be attributed to each task," Turner says.
For security, the key areas you should be considering when you write up your SLA are:
- Security management -- how will your security be managed?
- Monitoring -- what level is acceptable to both parties?
- Incident response -- what response time is acceptable and processes carried out in doing this?
- Documentation -- what audits will take place and what feedback will you receive and under what time frame?
You can also add in security tests, penetration exercises, authentication and access control and auditing if suitable. But remember, with outsourcing, each service comes at a cost.
Modesto, and other providers, believe managed security will become all the more critical in coming years as companies place increasing importance on technological advancement and information protection.
With that in mind, companies must be ready to do their own homework before they choosd their managed security provider as it is one thing to baton down the hatches to the outside world, but yet another to throw away the key.