Firewall Wizards mailing list archives
Re: Outsourcing Firewalls/Internet Security count
From: David HM Spector <spector () zeitgeist com>
Date: Thu, 04 Dec 1997 11:05:26 -0500
Unfortunately, this outsourcing of security *IS* a reality -- especially in the financial community. I developed/ran the Internet services group at a really large Wall St. money center bank (which shall remain nameless :). In late 1995 said bank was about to outsource most of its key technology operations; not being happy with that state of affairs, I left to pursue "other opportunities," as did most of my group. Over the last two years, they have indeed outsourced ALL of their firewall operations/installation/management. The quality of the people running the service now from what I understand, are, um, not folks I would trust to deliver a letter, let alone be responsible for the network and infrastructure security one of the top-5 banks in the US. The folks running the service work for an "alliance" of vendors to whom a myriad of services have been entrusted and have, no allegiance to the firm at which they sit; after all they're just consultants. Unfortunately, on Wall St. (and probably soon on main street) there is a real backlash against technologists (not technolgy). The cost of our kind of services keeps going up (to keep up with the implemenation to the technology and the complexity of the threat) and the ability of management to actually UNDERSTAND why what we do is crucial to their ability to actually conduct business is dropping. It's the MEGO factor. The quality of the deliverable (i.e., security) is being caught in the squeeze-play. The bottom line is that corporate management is buying the line from major hardware vendors and (especially) from charlatan "research firms" like (pick one) {Gartner|Forrester|Jupiter|...} that infrstructure security is just something that you can throw a box and a minimally trained body at, and not something that requires serious thought or investment. Therefore, management for the most part thinks that they can just buy a FW-1 box (not to single them out) and put a 20 year old in charge of it and they have built a safe infrastructure. The results of this kind of thinking will be, eventually, obvious when one of these firms have what I used to refer to in security talks I would give to senior management as "a billion dollar day." _David -- ------------------------------------------------------------------------------- David HM Spector spector () zeitgeist com Network Design & Infrastructure Security voice: +1 212.579.8573 Amateur Radio: W2DHM (ex-N2BCA) (ARRL life member) GridSquare: FN30AS -.-. --- -. -. . -.-. - .-- .. - .... .- -- .- - . ..- .-. .-. .- -.. .. --- "New and stirring things are belittled because if they are not belittled, the humiliating question arises, 'Why then are you not taking part in them?'" --H. G. Wells
Current thread:
- Outsourcing Firewalls/Internet Security count Safier, Adam (GEIS) (Dec 03)
- Re: Outsourcing Firewalls/Internet Security count Edward Cracknell (Dec 03)
- Re: Outsourcing Firewalls/Internet Security count Bennett Todd (Dec 03)
- Re: Outsourcing Firewalls/Internet Security count David HM Spector (Dec 04)
- Re: Outsourcing Firewalls/Internet Security count Bennett Todd (Dec 05)
- Re: Outsourcing Firewalls/Internet Security count Adam Shostack (Dec 08)
- Re: Outsourcing Firewalls/Internet Security count Bennett Todd (Dec 03)
- Re: Outsourcing Firewalls/Internet Security count Rick Low (Dec 04)
- Re: Outsourcing Firewalls/Internet Security count Paul D. Robertson (Dec 05)
- Re: Outsourcing Firewalls/Internet Security count Bennett Todd (Dec 05)
- Re: Outsourcing Firewalls/Internet Security count Larry J. Hughes Jr. (Dec 08)
- Re: Outsourcing Firewalls/Internet Security count Edward Cracknell (Dec 03)
- Outsourcing firewalls & InfoSec Ops - Part I/II Frank Willoughby (Dec 09)
- Re: Outsourcing firewalls & InfoSec Ops - Part I/II Paul D. Robertson (Dec 15)
- Re: Outsourcing firewalls & InfoSec Ops - Part I/II chuck yerkes (Dec 16)
- Re: Outsourcing firewalls & InfoSec Ops - Part I/II Paul D. Robertson (Dec 17)