Maybe that is too harsh a title to describe most "managed services" provided by vendors to clients....maybe not?!

The question needs to be asked though. When is the last time a client seriously looked at what they were getting for their large investment and asked some questions of the vendor and most importantly of themselves.

Most perimeter security managed services we run into are a serious waste of money. Why does this happen and why is it the case?

Okay, let me put it out there and this isn't rocket science: most companies don't have the time nor the expertise to effectively manage that layer of security and protection, so outsourcing becomes the next option. Sales guys come in and sell a magical solution that will solve the client's requirements, remove accountability (though that makes no sense but that's how it is perceived) and everyone feels a bit more secure so to speak about it all. Job well done!

Okay, so what's the problem then?

1. How intelligently have the firewalls, IDS/IPS systems been setup? Are the filters continually refined to maximise and ensure efficiency and ability to detect real attacks?
2. What is being provided to the client? In most cases we see, it's a bunch of automated reports from the systems - pages and pages of nothing but "proof" from the outsourcer that their systems and work has been protecting the client. (What a load of BS!). What level of detailed analysis is done on the information coming in? Generally not much!
3. Would the organisation be any less secure without the managed service? ie; you pay for the devices anyway, you can schedule your own default/tailored reports and you can continue to ignore the report without the additional cost of having dedicated middle-men.

Okay, some would now be saying, oh what a cynic you are and oh, how wrong you are! And, in some cases I am. I did not say all instances of managed services are a waste - I just said most! :-)

Organisations need to question what it is they are getting and paying for.

The following presentation should be must listening to for all IT Managers, CIOs and CSOs:

http://beastorbuddha.com/2008/02/11/busting-your-idsips-declan-ingrams-k...

No votes yet