yes, but that is rapidly changing in the commercial sector. And it may very
well be that although the current MSP offerings may fit the small guy model
today, it may just be driving the train that drags the fortune 500 along
tomorrow. Especially when you consider all the new laws and regulations
that are being implemented, or are in draft forms these days.
Just look at the banking or health care industries. When the government
mandates certain levels of effort that must be taken to protect or certify
data systems, it makes a lot of people nervous. Or how about the push for
protecting emails, data transfers, PKI et all... The need for seasoned
professionals is going to shift more to the role of consultants, and shift
many of the day to day operational issues to outsource providers.
An MSP would provide plausible deniability of liability.... "Hey, we paid
them to do this"... so there are many more issues involved than what meets
the eye. It is easy to become jaded to it all.
> -----Original Message-----
> From: Zachary Uram [SMTP:[EMAIL PROTECTED]]
> Sent: Wednesday, June 27, 2001 9:08 PM
> To: Bill Royds
> Cc: [EMAIL PROTECTED]; Ron DuFresne; [EMAIL PROTECTED]
> Subject: RE: Managed Service Providers
>
> maybe it is a mute point because most non-Fortune 500 placs I
> know of don't want to or don't feel it is warranted to spend the
> cash on a local security guy OR a MSP. it depends on the
> context. some smaller places may have a security guy of their own
> who could rival the service these large MSP's provide. as you
> said they look for patterns etc. they can't/aren't motivated to
> spend the same time or intensity a local person may be able to
> give (IF QUALIFIED). a bad MSP is no better than a bad local
> guy. a MSP shouldn't be the sum total of one's security policy.
>
>
> On Wed, 27 Jun 2001, Bill Royds wrote:
>
> > Which would you rather have watching your network security?
> > Your local IT jack of all trades who spends most of her day recovering
> deleted Word files?
> > or
> > pay a professional IT security guy to watch your network connection
> (and 100 others to catch patterns) 24x7.
> >
> > For anything under a government department or Fortune 500, that is your
> choice.
> >
> > A good Managed Security Provider will work with a client to develop a
> security policy, establish the security needs and procedures, and provide
> the personnel support to achieve this. For some companies, it might mean a
> regular staff person during working hours who handles policy and local
> support, with a MSP providing management outside of office hours,
> installation and hardening and installation of patches and monitoring of
> alerts.
> >
> > A firm should be able to work out a service contract that fits the
> firms needs. Most firms are not in the IT business, so the security
> expertise is certainly not in-house..
> >
> >
> > -----Original Message-----
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED]]On Behalf Of Zachary Uram
> > Sent: Wednesday, June 27, 2001 17:59
> > To: [EMAIL PROTECTED]
> > Cc: Ron DuFresne; [EMAIL PROTECTED]
> > Subject: Re: Managed Service Providers
> >
> >
> > i don't understand what someone would rely on an outsider to
> > manage their security structure?
> > it seems this is best handled on the inside (with firewalls, IDS,
> > etc..). and if you are just one of many customers won't you get
> > less intense/frequent scrutiny than if you had your own dedicated
> > security staff person whose job is to manage your network
> > security?
> >
> >
>
>
> [EMAIL PROTECTED]
> "Blessed are those who have not seen and yet have faith." - John 20:29
>
> _______________________________________________
> Firewalls mailing list
> [EMAIL PROTECTED]
> http://lists.gnac.net/mailman/listinfo/firewalls
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
