In message <001001c0ff6e$1261d220$[EMAIL PROTECTED]>,
"Bill Royds" writes:
>Which would you rather have watching your network security?
> Your local IT jack of all trades who spends most of her day recovering
>deleted Word files?
> or
> pay a professional IT security guy to watch your network connection
>(and 100 others to catch patterns) 24x7.
Bill,
I am terribly sorry, but I just don't see how it would be economical for
an MSP to have professional IT security guys watch numerous screens where
new alerts pop up all the time, unless those professional IT security
guys come 20 cents a dozen.
Work on me with this one: A professional IT security guy demands a salary
between $60k-$100k+ a year. If you want 24x7 coverage with at least 3
guys per shift, you need some 13+ people. The minimum expenditure just
for their wages is at least $780k a year. How much can you charge
customers a year? Definitely less that $60k if you want to keep your
customer base that can't afford local IT security professionals.
So you need 30 customers just to cover salaries for your SOC personnel,
and we didn't even touch the huge up-front expenses, nor operational
expenses ...
It is a whole lot easier for them to employ regular Joes and Janes with a
bit of knowledge about computer systems, give them a short 2 day training
and sit them in their SOC. Such SOCs can also serve as a way to woo
potential customers. Illusions that something big and important is going on
on a huge screen in a SOC is fairly easy to make, especially to not
IT-savvy visitors/potential customers.
But then again, I could be wrong. Echo-gnomics isn't my strong side. :)
>For anything under a government department or Fortune 500, that is your
>choice.
Funny you should mention. Reading papers lately, it seems like more and
more Fortune 500 and majority of governments are outsourcing IT business.
>A good Managed Security Provider will work with a client to develop a
>security policy, establish the security needs and procedures, and
>provide the personnel support to achieve this. For some companies, it
>might mean a regular staff person during working hours who handles
>policy and local support, with a MSP providing management outside of
>office hours, installation and hardening and installation of patches
>and monitoring of alerts.
What most people find really hard is how to define what a good MSP is and
how can you be sure that they really are good.
[EMAIL PROTECTED] has put it nicely in his e-mail Message-id:
<[EMAIL PROTECTED]>
> A firm should be able to work out a service contract that fits the
>firms needs. Most firms are not in the IT business, so the security
>expertise is certainly not in-house..
True, however, their ability to choose wisely is limited -- they have to
rely on third party to recommend an MSP for them. The risk is obvious.
Cheers,
Saso
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
