Legal Insecurities Stymie Web Site Outsourcing Deal

Major security concerns take a back seat as ASP and corporate lawyers argue over minute details

By Vince Tuesday

September 3, 2001 12:00 PM ET

Recommended

Computerworld - My organization is changing rapidly these days. We're selling our key technology in several global markets, and we're looking for ways to improve the way we work. One avenue is through outsourcing.
After an internal debate about outsourcing our security monitoring work, we concluded that the time wasn't yet right. However, we are ready to outsource other technologies. These aren't core to our business, and they're expensive and difficult to do properly. One such technology is our outward-facing Web site.

THISWEEK'SLINKS

Want to know which legal security issues might affect your organization? From HIPAA to the Gramm-Leach-Bliley Act, you’ll find the details in the Bethesda, Md.-based SANS Institute’s Information Security Reading Room.

Look here for a useful collection of links about important legal security issues.

SECURITY BOOKSHELF:

Know Your Enemy, by Lance Spitzner, (Addison-Wesley, 2001) is an offshoot of the Honeynet Project and sets out to explain some of the knowledge the project leaders have gained from running a honeynet.

Like a honeypot, a honeynet tries to trick an attacker into wasting time and revealing his hand by attacking a fake system. But a honeynet does this on a much larger scale: It appears to be a whole company online, complete with Web, e-mail and domain-name servers.

Spitzner runs an excellent Web site, but the book is disappointing. The writing is stilted and highly repetitive. What’s worse, the book takes a fascinating and enthralling project and trivializes it to a simplistic technical write-up and then pads it out with pages and pages of filler.

The project leaders obviously learned from many failures, but we never get to hear about them. Instead, we get the lessons learned in dry, technical prose. This book fails to capture their pioneering spirit and the risks they took to gather valuable knowledge. That’s a pity, because both the technical knowledge and the personal experience of running the Honeynet Project are fascinating.

It sounds like a very simple task, outsourcing a straightforward service. But the use of an outside vendor raises a range of security concerns that need to be addressed in service-level agreements (SLA) and legal contracts. Before we can deal with those problems, however, we have to select a supplier, which leads to more legal issues.
Before I specialized in security, my professional background was dark and mysterious. I used to be heavily involved in network provision to the academic community, and as part of this, I was once very senior in the world of domain-name services. This experience encouraged my naturally strong cynicism, as I could have domain-squatted on some

Recommend Digg Twitter ShareThis

Email Print Send Feedback Reprints

Jump to comments

Legislation/Regulation

Additional Resources

Xerox

Win a color printer!

By using solid ink technology only from Xerox, you could save up to 65% by printing color for the cost of black and white. Enter for a chance to WIN a PhaserTM 8860 network color printer!

Microsoft

Upgrade to Internet Explorer 8 today.

Save time and mitigate security risk. Deploy it now.

Sybase

NEXT-GENERATION MOBILITY PLATFORMS

In this white paper, IDC analyzes the role of next-generation mobile enterprise platforms as organizations seek a more strategic deployment of mobile solutions.

Learn the important issues you must consider before starting your next mobility initiative. Get your mobility white paper from IDC now, compliments of Sybase.