Manage Learn to apply best practices and optimize your operations.

How secure is your managed service provider?

This tip tells you about managed service providers in general terms.

How secure is your managed service provider?
By Linda Christie

Managed service providers (MSPs) offer expertise, trained personnel and cost-effective solutions that allow IT departments to focus their resources on core business initiatives. However, many companies are simply afraid to outsource the management of their information assets.

"Utilizing the services of an MSP does not mean you have to compromise security," said Allen Vance, director of Offer Development in the Managed Security Services business unit of Internet Security Systems (ISS), a leading provider of security management solutions for the Internet. "To minimize security risks as well as ease the concerns of shareholders, you can request a security audit be conducted by a trusted security auditor, just like you would request a financial audit from a reputable accounting firm."

In addition to interviews and walk-though inspections, security auditors employ a number of automated tools that can detect network security problems as well as recommend fixes. A vulnerability scan, for example, checks firewall configurations, password strength and operating system configuration, as well as looks for unknown or unauthorized devices attached to the network, remote control applications and signs of intruder infiltration, including sniffer and back-door programs. A report rates each vulnerability low, medium, or high risk and suggests fixes.

"The audit should include both external and internal assessments," Vance said. "The external assessment looks at the network perimeter -- firewall, router, Web servers, etc. -- from the hacker's eye view via the Internet. The vulnerability scan is performed internally, behind the firewall. In addition, you may want to request a penetration test - with the MSP's permission. During a penetration test, security experts literally try to hack into the network and take information to prove they got there."

After the service provider implements needed remedies, Vance recommends another scan be performed. "The MSP may not allow you to see the detailed security report because it may contain proprietary security information. However, you can request a security risk analysis report from the independent auditor. Depending on the level of security needed, some companies require vulnerability assessments on a monthly basis."

About the author
Linda Christie is a contributing editor based out of Tulsa, Okla.

Related book

Information Security Management Handbook, Fourth Edition, Volume Two
Author : Harold F. Tipton
Publisher : CRC Press
ISBN/CODE : 0849308003
Cover Type : Hard Cover
Pages : 640
Published : Oct. 2000
The runaway growth of computer viruses and worms and the ongoing nuisance posed by malicious hackers and employees who exploit the security vulnerabilities of open network protocols make the tightness of an organization's security system an issue of prime importance. And information systems technology is advancing at a frenetic pace. Against this background, the challenges facing information security professionals are increasing rapidly. Information Security Management Handbook, Fourth Edition, Volume Two is an essential reference for anyone involved in the security of information systems.

This was last published in May 2001

Dig Deeper on Secure SaaS: Cloud application security

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.