GCN Tech Blog

By GCN Staff

Blog archive

Ready for managed security services?

VeriSign's network operations center in suburban Virginia is unremarkable from the outside. It sits on a pleasant lake, across the water from an Olive Garden restaurant. Inside it's what you'd expect from a major NOC (it was cool to see a

But NOCs like these are ready to become central to government's efforts to secure their networks. George Schu, VeriSign's public sector head and a former Navy officer, told us agencies have "had an epiphany" in the last couple years when it comes to embracing managed security services.

Not long ago, handing over network security to a third party would have been a dicey proposition (other types of managed services have been better accepted). But Schu said budget constraints and policy mandates (not the least of which is FISMA) have opened agencies' minds.

Government isn't exactly a laggard in this area. Ken Silva, VeriSign's chief security officer (and a former National Security Agency analyst), cited Merrill Lynch as one large, cautious financial institution that wouldn't have considered managed security services a short time ago. Now VeriSign handles the firm's network security.

Pretty soon, we'll see more evidence of this awakening. Word is that VeriSign is working on a managed security engagement with a major agency. Stay tuned.

As Silva explained, network security still isn't a core competency of many government agencies'or other enterprises for that matter. So do wretched FISMA grades accurately reflect the state of network security in government? Silva and Schu agreed government networks are still "terribly insecure."

The NOC we were sitting in the other day has a sister facility up the road. The two combine to form a fully redundant site. VeriSign has more NOCs around the world, including one in Providence, which can support government customers who want their managed security services housed further away from the capital for continuity of operations planning

How do agencies begin to approach the decision to outsource their network security? They can start with a US-CERT-sponsored publication (121-page PDF) on best practices in choosing managed services. It's a few years old, but very detailed.

Posted by Brad Grimes

Posted by Brad Grimes, Joab Jackson on Apr 26, 2006 at 9:39 AM


inside gcn

  • managing bots (Tarikdiz/Shutterstock.com)

    Bot management 101: What one agency learned from its RPA pilot

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

resources

HTML - No Current Item Deck
  • Transforming Constituent Services with Business Process Management
  • Improving Performance in Hybrid Clouds
  • Data Center Consolidation & Energy Efficiency in Federal Facilities

More from 1105 Public Sector Media Group