SECURITY FROM PAGE 1 the management of a particular internal abuse, whether mali- it easier to use infrastructure
security device or group of cious or inadvertent.” service providers that have
Paransky uses the term devices, such as firewalls or IDS In addition, the threats are strong security offerings.
“out-tasking” to describe the ap- devices. In addition to perform- evolving so rapidly, that even One of these, Toronto-based
proach his customers are taking ance management, the service technology can’t keep up with ClearView Strategic Partners
to security outsourcing. provider takes care of fault them. Inc., selected Fusepoint Man-management and lifecycle and One of the greatest current aged Services to provide the
MONITORING IN DEMAND release management. In other threats to security, phishing, is a infrastructure for their online
The service in highest demand words, they maintain these social engineering vulnerability, whistleblower service, largely
at Symantec is network monitor- devices at their maximum level not a technological weakness. based on high level of security
ing for attempted or successful of effectiveness. There are basic steps that Fusepoint offered.
breaches of an organization’s ClearView provides a secure
security system. This is where Web site, where their clients’
customers get the biggest bang employees can confidentially
for their buck, according to report on corporate wrong-Paransky. doing, such as spending
Security event monitoring irregularities. If these reports
is no simple task. In addition were leaked, great harm could
to real-time monitoring of come to an organization, an
firewalls and intrusion detection employee, shareholders and
systems (IDS) at a 24x7 secu- even to the public.
rity operations centre (SOC), Security and confidential-security experts must collect ity are obviously of utmost
huge volumes of relevant alert importance to ClearView’s
and log data from a multitude of business model, but, as executive
devices, then carefully analyze vice-president of sales and mar-this material in light of the keting, Phil Enright explains,
client’s security environment “it didn’t take us long to realize
and the global threat environ- that the cost of building our
ment. The goal is to prevent Security service providers will be kept busy in the years ahead. own secure data centre would
breaches, or at least identify the be far greater than the cost of
target and advise the client on Companies are also willing companies can take, with outsourcing.”
an appropriate response. to hire outsiders to assess and or without outside help, to In addition to the physical
Many customers reserve to report on their vulnerabilities. increase their security levels, security, ClearView gets the
themselves the choice of best This may take the form of says Greene. “The majority of benefit of Fusepoint’s expertise
response. But they don’t usu- technical system scans for companies in this country do in firewalls, anti-virus soft ware,
ally consider the detection and weaknesses, or it may involve not do audits on their security intrusion detection, patch man-identification of the attack to white-hat hackers who do systems,” he points out. “If agement and threat analysis.
be a core competency. So most penetration testing. they do, it’s probably once or “All of the customers that
are willing to outsource this Outside security service twice a year. Once they have we take to the data centre are
function. providers are generally seen as their anti-virus, anti-spam and blown away by the level of
hired guns for specific tasks. other programs like these in security,” says Enright. “They
“It didn’t take Asking one to take care of a place, they don’t bother check- come away saying ‘We have no
single task is the norm. The ing to see if they are working. concerns about the security of
us long to realize common thread is that their That’s something that a lot of our data.’”
customers see high value in IT departments can and should On their side, Fusepoint’s
that the cost of the specialized expertise that be doing.” CEO, George Kearns, agrees
building our own these providers offer, but that the client has to have a high
would prefer to avoid the cost SECURIT Y SCHOOL level of confidence in the out-
secure data centre of hiring their own staff to fill Good policies and continuous sourcing partner. But they also
this role. employee education are es- have to develop effective ways of
would be far greater The high cost, and short- sential. Here outside consultants working together. They can’t just
age of expert staff, is leading and service providers can be assume that everything is taken
than the cost of many companies to look at particularly helpful, but it care of.
technological solutions, such is important to select those Joe Greene adds that, when it
outsourcing.” as security appliances that with relevant credentials and comes to security, clients have
— Enright perform more than one func- references as well as experience to educate themselves about
tion and will send reports or in the client’s industry. the threat environment and the
“The reason,” Paransky immediate alerts. Smaller companies may find potential responses available to
surmises, “is that staffing to find IDC’s Greene sees an impor- them. They have to know what’s
the bad guys yourself on a 24x7 tant role for these devices as well happening in the marketplace,
basis is very expensive. You have as for managed security service and hold their service providers
to staff a 24x7 team of security providers. to their service level agreements.
professionals who are engaged They all have a part to play “Companies have to ensure
in what those professionals in a comprehensive, holistic that they have good security
typically find mundane work plan that covers all aspects of policies in place,” he advises.
— hunting through log data security, which companies need “They have to do their homework
or looking at the output of an to develop. when selecting a vendor. Go with
incident management product “You can have the best a reputable firm, but check refer-internally.” security technology in the ences, particularly in the security
Another high-demand world,” says Greene, “but if services area. Talk to end users
service is what Symantec calls your employees aren’t trained — two or three of them. Com-
“element management.” This is properly, you can still be open to parison shop.” 056878
The market for
SECURIT Y
SERVICES
will almost double from
$436 million
in 2004 to
$846 million
in 2009.
