I've kept quiet for a while and watched this thread. I think some
interesting points have been raised, but some may have been overlooked.
First off, I work for GNAC. We're a MSP. Let me try and answer two of the
most popular questions, without sounding _too_ much like I work in
marketing ;-)
1) What's the value proposition of outsourcing your security?
- Cost
We can do it for less money than you can, assuming you want a non-trivial
level of security. Unless you already have a 24x7 NOC for some other
reason, just staffing 8 bodies to watch blinking lights probably costs more
than we do. And that's before you try to hire and retain skilled security
staff. In some cases, we may be cheaper than the yearly recruiter fees ;-).
This is basically due to economies of scale. Most vendors' products suck,
in one way or another. If you spend enough resources, you can work around
the worst mis-features. If you have enough seats, you can afford to
implement massive automation, which both lowers costs and reduces the
chances of mistakes.
- Quality
A good MSP has several advantages over an individual company. They have
more people dedicated to security, and therefore can have better skillset
breadth and depth. They also deal with many differing environments, and
that generates experience faster than working in just one company does.
They have a 24x7 NOC, whereas most companies do not. Systems are more
automated, reducing the opportunities for "whoops" mistakes.
- Time to Market
A good MSP can roll out an integrated Firewall, IDS, and perimeter
anti-virus security service quickly. They've done it before, have automated
the installation process, and have configuration templates. It will
_always_ require tweaking on a customer-by-customer basis, but the defaults
are pretty good, and they can provide advice to the customer on what
changes may be required.
2) How do you know which MSP is trustworthy, and worth paying?
The only answer to this one is due dilligence. Pull a D&B on them. Check
their insurance coverage. Ask around to see what people think. Ask for
customer references. Make sure your contract has non-performance penalties
and exit clauses. Everything you should be doing with _any_ major business
deal.
--
Carson Gaspar - [EMAIL PROTECTED]
Security Architect - Global Networking and Computing, Inc.
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
