Legal Insecurities Stymie Web Site Outsourcing Deal

Major security concerns take a back seat as ASP and corporate lawyers argue over minute details

By Vince Tuesday

September 3, 2001 12:00 PM ET

Recommended

Computerworld - My organization is changing rapidly these days. We're selling our key technology in several global markets, and we're looking for ways to improve the way we work. One avenue is through outsourcing.
After an internal debate about outsourcing our security monitoring work, we concluded that the time wasn't yet right. However, we are ready to outsource other technologies. These aren't core to our business, and they're expensive and difficult to do properly. One such technology is our outward-facing Web site.

THISWEEK'SLINKS

Want to know which legal security issues might affect your organization? From HIPAA to the Gramm-Leach-Bliley Act, you’ll find the details in the Bethesda, Md.-based SANS Institute’s Information Security Reading Room.

Look here for a useful collection of links about important legal security issues.

SECURITY BOOKSHELF:

Know Your Enemy, by Lance Spitzner, (Addison-Wesley, 2001) is an offshoot of the Honeynet Project and sets out to explain some of the knowledge the project leaders have gained from running a honeynet.

Like a honeypot, a honeynet tries to trick an attacker into wasting time and revealing his hand by attacking a fake system. But a honeynet does this on a much larger scale: It appears to be a whole company online, complete with Web, e-mail and domain-name servers.

Spitzner runs an excellent Web site, but the book is disappointing. The writing is stilted and highly repetitive. What’s worse, the book takes a fascinating and enthralling project and trivializes it to a simplistic technical write-up and then pads it out with pages and pages of filler.

The project leaders obviously learned from many failures, but we never get to hear about them. Instead, we get the lessons learned in dry, technical prose. This book fails to capture their pioneering spirit and the risks they took to gather valuable knowledge. That’s a pity, because both the technical knowledge and the personal experience of running the Honeynet Project are fascinating.

It sounds like a very simple task, outsourcing a straightforward service. But the use of an outside vendor raises a range of security concerns that need to be addressed in service-level agreements (SLA) and legal contracts. Before we can deal with those problems, however, we have to select a supplier, which leads to more legal issues.
Before I specialized in security, my professional background was dark and mysterious. I used to be heavily involved in network provision to the academic community, and as part of this, I was once very senior in the world of domain-name services. This experience encouraged my naturally strong cynicism, as I could have domain-squatted on some

Recommend Digg Twitter ShareThis

Email Print Send Feedback Reprints

Jump to comments

Legislation/Regulation

Additional Resources

WHITE PAPER

Do You Know the 7 Steps to Successful Data Migration?

Approximately 60 percent of data migration projects overrun time or budget, while some fail completely. Download this white paper, "Enhancing Your Chance for Successful Data Migration," to learn the critical steps you need to take to execute a data migration project with minimum cost and risk to your business.

WHITE PAPER

Total Cost of Ownership of Server Computing Vs. PCs

Read the Gartner research note to learn why the TCO of a server-based computing deployment used to deliver all applications to users is around 50% lower than that of an unmanaged desktop deployment.

WHITE PAPER

IDC White Paper: Linux in a Global Recession

Economic downturns have a tendency to accelerate emerging technologies, boost the adoption of effective solutions, and punish solutions that are not cost competitive or that are out of synch with industry trends. This IDC White Paper presents the results of an IDC survey of 330 companies in Western Europe, Asia/Pacific and the Americas that measures the receptiveness to Linux and takes into consideration changing views driven by the disruptive economic environment that businesses face today.