Computerworld - This is the third article in our series on understanding service-level agreements. In previous articles, we’ve gotten an overview of the SLA document and detailed information on what the service summary or description should contain. In this article, we’ll focus on the security or design review generally included as part of the SLA.
Some service providers, as part of your security-services installation, include a free design review when you buy their managed security service. If your SLA doesn't include such a review, try negotiating with your service provider to get it.
Some service providers require the customer to initiate the review process. If it’s not initiated within a stated time frame, the customer loses the opportunity to have the service performed. Be sure to understand the process by which you will obtain your security review and in what time frame your initial request needs to be made.
Service Provider Benefits
The design review (or series of reviews) included as part of the SLA usually serves several purposes and benefits both the service provider and you, the client.
First, the design review gives your service provider an understanding of your infrastructure so it can properly design and implement the services you’ve purchased. The service provider needs to know the type of devices (routers, switches, firewalls and IDS, for example) and applications (Web servers, databases, proxies, and so on) that make up your infrastructure. For example, if you have purchased a managed firewall service, the service provider will want to know the applications behind the firewall so they can open the appropriate ports.
This review process also allows the service provider to create an up-to-date network diagram so when a problem occurs, it can start troubleshooting quickly. When a business application goes down and you open an emergency ticket with your service provider, it’s much faster for the service provider to review its own up-to-date diagram instead of waiting for you to provide one.
In addition, knowing your infrastructure allows the service provider to offer appropriate additional services to you, generating additional revenue. Given these reasons, most service providers are very much willing to work with you, giving you a bit of extra time or consulting in the form of this review.
Customer Benefits
The service provider isn’t the only party to your SLA that benefits from the review process. You as the customer can also take advantage.
The security reviews provide you with the opportunity to find out more about the provider’s other service offerings. You can also find out which aspects of your infrastructure your service provider considers to be risky. For example, you may have a single DMZ design that houses all your databases and application servers. This could be an insecure design for your infrastructure. Your service provider might point that out and give you advice on how you can improve it.
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
