GCN Tech Blog

By GCN Staff

Blog archive

Ready for managed security services?

VeriSign's network operations center in suburban Virginia is unremarkable from the outside. It sits on a pleasant lake, across the water from an Olive Garden restaurant. Inside it's what you'd expect from a major NOC (it was cool to see a

But NOCs like these are ready to become central to government's efforts to secure their networks. George Schu, VeriSign's public sector head and a former Navy officer, told us agencies have "had an epiphany" in the last couple years when it comes to embracing managed security services.

Not long ago, handing over network security to a third party would have been a dicey proposition (other types of managed services have been better accepted). But Schu said budget constraints and policy mandates (not the least of which is FISMA) have opened agencies' minds.

Government isn't exactly a laggard in this area. Ken Silva, VeriSign's chief security officer (and a former National Security Agency analyst), cited Merrill Lynch as one large, cautious financial institution that wouldn't have considered managed security services a short time ago. Now VeriSign handles the firm's network security.

Pretty soon, we'll see more evidence of this awakening. Word is that VeriSign is working on a managed security engagement with a major agency. Stay tuned.

As Silva explained, network security still isn't a core competency of many government agencies'or other enterprises for that matter. So do wretched FISMA grades accurately reflect the state of network security in government? Silva and Schu agreed government networks are still "terribly insecure."

The NOC we were sitting in the other day has a sister facility up the road. The two combine to form a fully redundant site. VeriSign has more NOCs around the world, including one in Providence, which can support government customers who want their managed security services housed further away from the capital for continuity of operations planning

How do agencies begin to approach the decision to outsource their network security? They can start with a US-CERT-sponsored publication (121-page PDF) on best practices in choosing managed services. It's a few years old, but very detailed.

Posted by Brad Grimes

Posted by Brad Grimes, Joab Jackson on Apr 26, 2006 at 9:39 AM


Featured

  • Defense
    Soldiers from the Old Guard test the second iteration of the Integrated Visual Augmentation System (IVAS) capability set during an exercise at Fort Belvoir, VA in Fall 2019. Photo by Courtney Bacon

    IVAS and the future of defense acquisition

    The Army’s Integrated Visual Augmentation System has been in the works for years, but the potentially multibillion deal could mark a paradigm shift in how the Defense Department buys and leverages technology.

  • Cybersecurity
    Deputy Secretary of Homeland Security Alejandro Mayorkas  (U.S. Coast Guard photo by Petty Officer 3rd Class Lora Ratliff)

    Mayorkas announces cyber 'sprints' on ransomware, ICS, workforce

    The Homeland Security secretary announced a series of focused efforts to address issues around ransomware, critical infrastructure and the agency's workforce that will all be launched in the coming weeks.

Stay Connected