GCN Tech Blog

By GCN Staff

Blog archive

Ready for managed security services?

VeriSign's network operations center in suburban Virginia is unremarkable from the outside. It sits on a pleasant lake, across the water from an Olive Garden restaurant. Inside it's what you'd expect from a major NOC (it was cool to see a

But NOCs like these are ready to become central to government's efforts to secure their networks. George Schu, VeriSign's public sector head and a former Navy officer, told us agencies have "had an epiphany" in the last couple years when it comes to embracing managed security services.

Not long ago, handing over network security to a third party would have been a dicey proposition (other types of managed services have been better accepted). But Schu said budget constraints and policy mandates (not the least of which is FISMA) have opened agencies' minds.

Government isn't exactly a laggard in this area. Ken Silva, VeriSign's chief security officer (and a former National Security Agency analyst), cited Merrill Lynch as one large, cautious financial institution that wouldn't have considered managed security services a short time ago. Now VeriSign handles the firm's network security.

Pretty soon, we'll see more evidence of this awakening. Word is that VeriSign is working on a managed security engagement with a major agency. Stay tuned.

As Silva explained, network security still isn't a core competency of many government agencies'or other enterprises for that matter. So do wretched FISMA grades accurately reflect the state of network security in government? Silva and Schu agreed government networks are still "terribly insecure."

The NOC we were sitting in the other day has a sister facility up the road. The two combine to form a fully redundant site. VeriSign has more NOCs around the world, including one in Providence, which can support government customers who want their managed security services housed further away from the capital for continuity of operations planning

How do agencies begin to approach the decision to outsource their network security? They can start with a US-CERT-sponsored publication (121-page PDF) on best practices in choosing managed services. It's a few years old, but very detailed.

Posted by Brad Grimes

Posted by Brad Grimes, Joab Jackson on Apr 26, 2006 at 9:39 AM


Featured

  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.