[ISN] Managed security service providers face $40M liability exposures

http://www.networkworld.com/news/2013/101413-managed-security-service-providers-face-274805.html By Ellen Messmer Network World October 14, 2013 Managed security service providers get paid by enterprise customers to stop malware or other kinds of cyberattacks, but if they fail, they face what’s often a multi-million-dollar liability. Forty million in potential liabilities are normal in SLAs, says Matthew Gyde, global general manager, security at Dimension Data, now part of NTT Group, based in Singapore, who addressed the topic at a panel discussion at the recent McAfee Focus Conference in Las Vegas. If there’s a virus outbreak on the customer’s network, for example, there is a limited timeframe to respond to meet the legal requirements of that SLA. “We have timeframes we have to respond to, perhaps 30 seconds,” said Gyde. There’s a need at a minimum to define what’s under attack and find the source. The two other managed security service providers on the panel, Digital Hands based in Florida and Lumenate based in Texas, indicated that $40 million in liability is typical in their SLAs, too. All three managed service providers (MSPs) support McAfee security products in addition to those from other vendors. They say enterprise customers typically hire a managed service provider in lieu of hiring perhaps 20 or so security staff. Mark Geary, chief services officer at Digital Hands, said a situation might require shutting down an infected PC on a network segment, for example, in a matter of seconds. Failing to do specific actions in certain timeframes triggers the potential for liability. […]