Firewall Wizards mailing list archives
Re: Outsourcing Firewalls/Internet Security count
From: "Joseph S. D. Yao" <jsdy () cospo osis gov>
Date: Mon, 8 Dec 1997 11:25:57 -0500 (EST)
That is true Joe...but could you explain the root difference between acting as a consultant to a government agency, performing essentially the same monitoring tasks, designing safe systems etc...AND doing the same as an independant or employee of an outsource company...perhaps running a monitoring center etc.. There is none. Oh yes the govvie setup provides the equipment and building, perhaps some physical security, and a perception that they are under control, but unless the intended stuff is classified, and they are not using the REAL Internet as the backbone, what is the difference?.... You will run into good people, and bad in both cases.
Undeniably true. The difference, of course, is that when you and I are doing it in-house for the govvies, they can look over our shoulders and ask what we are doing (and some of them understand it), they know who they are dealing with on an individual level, and there is personal accountability. With a company doing it, they don't know the individuals involved, just the company. They can't look over the shoulders of the people doing the work. [This can be an advantage for the people doing the work!] There isn't personal accountability to the end customer, only to the out-source company. The question is really, does the company or govt. agency that needs a firewall also need that level of oversight? One point of view is that the out-sourced company is just a utility, and the contract with the utility should provide enough incentive to provide proper protection (or discourage slackness). I think I can see this point of view for the average company that just wants Internet connectivity without too much interference, doesn't have much to "hide", and can't afford to put a lot of internal effort into it. The opposite PoV, of course, points out that firewalling is still a young field [contrary to what Marcus is feeling], and that the company or agency wanting the firewall knows than the average street-educated techie, and that there are more serious privacy issues involved. In THAT case, of course - if there really are more "local" clues and there really IS something to be kept private - then there is a good argument for a local firewall rather than an out-sourced one. It seems that there may be room for both - just as there is room for a general switched telephone system [and even multiple vendors!], and for privately held and used communications systems. -- Joe Yao jsdy () cospo osis gov - Joseph S. D. Yao COSPO Computer Support EMT-A/B ----------------------------------------------------------------------- PLEASE ... send or Cc: all "COSPO Computer Support" mail to sys-adm () cospo osis gov ----------------------------------------------------------------------- This message is not an official statement of COSPO policies.
Current thread:
- Re: Outsourcing Firewalls/Internet Security count, (continued)
- Re: Outsourcing Firewalls/Internet Security count Paul D. Robertson (Dec 04)
- Re: Outsourcing Firewalls/Internet Security count Ted Doty (Dec 05)
- Re: Outsourcing Firewalls/Internet Security count Paul D. Robertson (Dec 05)
- Re: Outsourcing Firewalls/Internet Security count Joseph S. D. Yao (Dec 05)
- Re: Outsourcing Firewalls/Internet Security count Bennett Todd (Dec 08)
- Re: Outsourcing Firewalls/Internet Security count Joseph S. D. Yao (Dec 08)
- Re: Outsourcing Firewalls/Internet Security count Paul D. Robertson (Dec 04)
- Re: Outsourcing Firewalls/Internet Security count Joseph S. D. Yao (Dec 08)
- Re: Outsourcing Firewalls/Internet Security count Alec Muffett - SunLabs (Dec 08)
- Re: Outsourcing Firewalls/Internet Security count Bennett Todd (Dec 09)