E-CommerceALERT.com is part of the Bennett Gold LLP web site network.
LINK TO: Bennett Gold LLP, Chartered Accountants, home page.
LINK TO: E-CommerceALERT.com Home Page.
CLICK to GO BACK to Main Page.

Research and retrieval of news articles by Bennett Gold LLP, Chartered Accountants

Effective December 31, 2012, articles are no longer being updated on this web site.
The site is now maintained as an historical archive, covering articles from the period 1999 to 2012.


Source: SecurityNewsPortal.com

Posted on March 13, 2002

      Companies are increasingly handing over security provision to specialist third parties as they recognise they do not possess the in-house technology to manage the technologies properly.

      Areas such as penetration testing are now considered better outsourced than conducted internally by the people that built and developed the system.

      Other popular features of hosted security include virus scanning, firewall configuration, intrusion detection and audits of network security.

      Chris Thorn, operations director at consultant Chameleon Net, argued, "It is preferable to outsource some aspects of security, such as penetration testing, which looks at how far an outside company can get through the corporate defences."

      Sal Viveros, marketing manager at the McAfee division of Network Associates, believes these features fit a service model, because they need constant updates."There are still companies out there that don't do anything on security - it's scary. Even among mid-size companies, there are many who haven't touched the configuration of their firewall for a year. Those are also the companies that are not backing up their data," he said.

      McAfee has launched hosted services for the popular security areas and Viveros argued that most of them found an eager uptake in small organisations. Larger organisations, he said, were also looking at the services to secure the laptops of their mobile forces.

      "Laptops are difficult to manage because they are rarely in the office," he said. "But people do read email. Users cannot uninstall agents, so every time they log onto the internet, their system is updated and the network manager is alerted the update took place - this gives great visibility on laptop security."Thorn agreed that virus filtering was safe to outsource without compromising network security. He argued network managers would benefit from handing over the "nightmare" task of managing latest updates and patches for new viruses.

      Viveros also believes outsourcing intrusion detection is a good idea, because it can be "very time-consuming" to get it right. He advised checking the expertise and confidentiality of the provider of this service, as incorrectly configured intrusion detection could be abused to bypass network defences.

      But Thorn was ambivalent about outsourcing security audits. He argues it is a grey area that needs to be treated with great care.

      "To get security audits done by a third party, is better than failing it in-house. But be careful: the responsibility stays in-house. Third-party reports can give a reference, but continue to do internal checks," he warned.

      "Enforce contractual confidentiality with your provider - this may not stop people from breaking in," he laughed, "but at least you've got it in writing.

      E-CommerceALERT comment: Visit http://SecurityMatters.com for the scoop on Network Security Assessments, and why you need one.

CLICK to GO BACK to Main Page.

E-Commerce Alerts are issued by Bennett Gold LLP, Chartered Accountants as situations develop. Bookmark this site and check back often. Our e-mail address is: info@BennettGold.ca

In accordance with United States Code, Title 17, Section 107 and Article 10 of The Berne Convention on Literary and Artistic Works, the news clippings on this web site are made available without profit for research and educational purposes.

Final Entries

LINK TO: Bennett Gold Chartered Accountants: A Licensed Provider of WebTrust Services.

WebTrust Is Your
Best Defense
Privacy Breaches.

Get WebTrust
Working For
Your Site.