Chapter 9. Outsourcing Security

Previous page
Table of content
Next page

If you connect to partners, or outsource IT infrastructure, security, supply chain and manufacturing, or support any access into your environment and intellectual property, you had better make sure that the people and processes you trust have equally strong security controls to your own. Assuming otherwise and failing to closely monitor and audit the security process of the other, you may find that attacks are coming from the partner you trust.

Matthew Archibald, Director Global Security Services, Palm Inc.

Today you're the VP of Operations for a major computer manufacturer. This past year has been busier than ever because your company's decision to move to an outsourced shipping model affected your entire department. You're thankful that the move is finally over and that everything went well. You are painfully aware that selecting the right vendor and completing the move was a difficult task.

Now that you and your team have reached the corporate goals for your department, it's time for an offsite meeting for a few days. You've planned a nice ski vacation in Aspen for you and the people who report directly to you. Since you're leaving in the morning, you just want to send out a few e-mail messages and clean off your desk.

You finish clearing off your desk and get that last e-mail message out, and you're ready to leave for the day. As you glance up from your desk for a moment, you notice the CIO moving quickly down the hall. It looks like he's headed for your office. At second glance, you notice his brisk walk and that aggressive look on his face. Uh, oh. You've seen that look before. It means trouble.

Yes, he is coming into your office. He enters and closes the door. Instead of thanking you for a job well done, he begins to blast you about the shipping company you selected. Apparently, a hacker has broken into the shipping company's network. It's the end-of-the-year sales rush and you can't ship a thing!

As you watch, the CIO's face get bright red and his body shakes all over. You wonder how long before he steps on you and crushes you like a bug. How were you supposed to know that your new partner's systems weren't secure? You trusted them to ship your products and assumed that they would handle the security on their side.

What you don't know (and may never find out) is that the hacker came from your network and shut down all of that vendor's systems. Their security was fine. It was your network that put them at risk. Of course, since you're dead in the water, you aren't questioning internal procedures. Instead, you're just pointing the finger (and the blame) at the vendor.

Makes you glad you're not a vendor now, doesn't it? All too often, third-party vendors take the heat for their customers' mistakes. Just consider…


Previous page
Table of content
Next page
IT Security. Risking the Corporation
IT Security: Risking the Corporation
ISBN: 013101112X
EAN: 2147483647
Year: 2003
Pages: 73
Authors: Linda McCarthy
BUY ON AMAZON
ADO.NET 3.5 Cookbook (Cookbooks (OReilly))
Introducing Microsoft Office InfoPath 2003 (Bpg-Other)
Professional Java Native Interfaces with SWT/JFace (Programmer to Programmer)
Mapping Hacks: Tips & Tools for Electronic Cartography
Cisco ASA: All-in-One Firewall, IPS, and VPN Adaptive Security Appliance
Java Concurrency in Practice
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy