Like most things, "it depends". As Josh said, if the outsourced vendor does a great job, it can be very good. Big honking "if" there, though.
A few questions off the top of my head: What are the SLAs, and how are they enforced? How long does it take to get changes applied? Do you retain ownership of the hardware on premises? Do you "own" the configs, or can they flatten the box when terminated? Do you have audit rights to the systems? What kind of reporting and documentation do they offer? Do they guarantee configurations compliant with your regulatory requirements? What about patching/updating, do they provide a guaranteed update window after patches/fixes are released? Is it all in writing? Jack On Fri, Feb 11, 2011 at 7:12 PM, Matthew Perry <[email protected]> wrote: > All, > > We have been acquired by another company that is use to outsourcing > their management and monitoring of firewalls to another company. I > have always been against this especially since they would have the > keys for any point to point connections. How does everyone else in > the pauldotcom community feel about this and is it a standard > practice? > > -- > Matthew Perry > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com > -- ______________________________________ Jack Daniel, Reluctant CISSP http://twitter.com/jack_daniel http://www.linkedin.com/in/jackadaniel http://blog.uncommonsensesecurity.com _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
