Network Computingwww.networkcomputing.com

	Issue TOC Print full article Print this page Download as PDF E-Mail this URL Flame the author     In this article Introduction Fiberlink Communications Corp. Managed Service for Fiberlink Global Remote Other Products Reviewed Managed VPN Services Real World Requirement Doing Business Safely Online Only: Our Original VPN ASP Request for Proposal Full Responses to RFIs Report Card

Gartner estimates that by 2005, 60 percent of enterprises will outsource the monitoring of at least one perimeter-security technology. When outsourcing security-related functions, some additional factors come into play. In general, farming out IT scut work may not reduce costs, but it will make them more predictable and stable and can free in-house talent to focus on core business needs. But even the most mundane security tasks, if neglected, can cost you big. Here are questions to ask a prospective service provider, according to Gartner:

• Does the ASP perform (or have an experienced consulting company perform) external penetration tests on at least a quarterly basis and internal network security audits at least annually?

• Can the ASP provide a documented policy for hardening the operating system under Web and other servers?

• How does the ASP review the security of scripts and integration code that are added to the commercial applications it provides?

• Does the ASP offer application- or transaction-based intrusion-detection services?

• Does the ASP perform background checks on personnel who will have administrative access to servers and applications?

• Can the ASP show a documented process for evaluating OS and application vendor security alerts and installing security patches and service packs?

• Can the ASP show documented helpdesk procedures for authenticating callers and resetting access controls?