Managed security service providers face $40M liability exposures

[InfoSec News <alerts () infosecnews org>]

http://www.networkworld.com/news/2013/101413-managed-security-service-providers-face-274805.html

By Ellen Messmer
Network World
October 14, 2013

Managed security service providers get paid by enterprise customers to 
stop malware or other kinds of cyberattacks, but if they fail, they face 
what’s often a multi-million-dollar liability.

Forty million in potential liabilities are normal in SLAs, says Matthew 
Gyde, global general manager, security at Dimension Data, now part of NTT 
Group, based in Singapore, who addressed the topic at a panel discussion 
at the recent McAfee Focus Conference in Las Vegas. If there's a virus 
outbreak on the customer’s network, for example, there is a limited 
timeframe to respond to meet the legal requirements of that SLA. "We have 
timeframes we have to respond to, perhaps 30 seconds," said Gyde.

There's a need at a minimum to define what's under attack and find the 
source. The two other managed security service providers on the panel, 
Digital Hands based in Florida and Lumenate based in Texas, indicated that 
$40 million in liability is typical in their SLAs, too. All three managed 
service providers (MSPs) support McAfee security products in addition to 
those from other vendors. They say enterprise customers typically hire a 
managed service provider in lieu of hiring perhaps 20 or so security 
staff.

Mark Geary, chief services officer at Digital Hands, said a situation 
might require shutting down an infected PC on a network segment, for 
example, in a matter of seconds. Failing to do specific actions in certain 
timeframes triggers the potential for liability.

[...]

--
Find the best InfoSec talent without breaking your
recruiting budget! Post a Job, $99 for 31 days.
Hot InfoSec Jobs - http://www.hotinfosecjobs.com/