|
Taking the Services-on-Demand Plung
by Barbara Darrow
Tight budgets and regulatory demands are driving companies to tap service providers for security.
It may seem a counterintuitive move, but a growing number of companies have signed on outside services to protect their internal networks and data.
Vendors like Qualys, Alert Logic and Google subsidiary Postini lead in answering this security-as-a-service charge, while incumbent security powers figure out how to enter the fray without cannibalizing their existing businesses.
Some of these subscription services watch overall IP traffic, some scan email, some watch Web content. They all issue alerts and take action in the event of
a threat.
So what leads a business to trust outsiders with its inside-the-firewall treasures? Constrained IT budgets and burgeoning regulations are prime factors.
Scott Smith, senior network engineer for Lincoln Property in Dallas, says Lincoln brought on a service so it wouldn't have to hire more people to monitor its system and security logs. Before signing on with security services provider Alert Logic, the real estate management company didn't have much more than a syslog server and staffers reading through tons of log...
To continue reading for free, register below or login
To read more you must become a member of SearchSecurity.com
s. "That is a nightmare, and the odds of finding what you're looking for are slim to none. It was an overwhelming task," Smith says.
And logs read after-the-fact are of little use against ever- and quickly changing security threats.
"The things that change most in our world are security threats. Why invest in an expensive [in-house] system when we can use experts? They read the logs, they provide immediate alerts. And there is no capital expense, but a small monthly fee," Smith says.
Lincoln pays about $1,000 a month for the service; Alert Logic starts at $500 per month for up to 100 nodes.
Compliance pressures also are driving companies to bolster security via a subscription service. Chris Smith, vice president of marketing for Alert Logic, cites the Payment Card Industry Data Security Stan-dard (PCI DSS) as a key motivator. Pushed by the major credit card companies, these standards dictate what users must do to comply and assess penalties for noncompliance, ranging from $500,000 per instance to a ban on processing credit cards.
"Unlike some government regulations which can be very general, PCI is very prescriptive," says Smith. "You must have antivirus, you must have a firewall and intrusion detection, you must have periodic scans."
|
 |
|
