February 01, 2003 — CSO — At Eastern Bank, Vice President of E-Business Solutions Aidan Garcia is responsible for information security. When the a 46-branch financial institution first ventured online in 1997, says Garcia, the company purchased firewalls and vulnerability assessment tools from Internet Security Systems, culminating in August 2002 with Internet Security Systems providing it with a managed security service too. "We've spent so many years with them now, we trust them totally—which is important," says Garcia.
Even so, he adds, when writing the contract, it was only prudent to think about cutting the knot. "We can step out of the relationship anytime we want to
But in an industry that's experiencing as much turbulence as the managed security sector (which has seen bankruptcies and is widely expected to further consolidate), thinking through what the bank would do if its service provider went out of business seemed only sensible. "We used to handle it ourselves, so we have a comfort factor that we can do it if we have to," he says. "If they shut down, there would be a hole, and we'd need to fill it pretty quickly. But it wouldn't leave us completely bare to the world."
In figuring out what to do, says Garcia, the intention was to make sure that the critical pieces of the puzzle belonged to the bank, rather than a third party. "The way the relationship is structured, we own the licenses, and we'd carry on using the products," he explains. "We're not beholden to Internet Security Systems or anybody else for either the software or the hardware."
Other stories by Malcolm Wheatley
Data Center Directions Virtual Conference
Attend this free, 100% online event exploring tools and techniques for making your data center deliver for today and tomorrow.
The Surest Path to Effective and Efficient Compliance
In this webcast, we explore why and how — with best practices, practical tips and solutions that work — to ease your compliance challenge.
Prudential Financial Protects its Brand with Symantec Data Loss Prevention Solutions
FORTUNE 100 insurance leaders rely on Symantec.Information Security: Data Drains and How to Prevent Loss
Do you know where your confidential data is?Data Loss Prevention: Keeping Sensitive Data Out of the Wrong Hands
Learn what the thought-leaders at PricewaterhouseCoopers have to say.7 Requirements of Data Loss Prevention
Incorporate best practices from many companies using DLP solutions.Ponemon Study: How Much Does a Data Breach "Cost"?
35 U.S. organizations that lost confidential information and had a regulatory requirement to publicly notify affected individuals are studied in this report.
- How Are Open Source Development Communities Embracing Security Best Practices?
- Ponemon Study: How Much Does a Data Breach "Cost"?
- Managing SSL Security in Multi-Server Environments
- Check Point Endpoint Security - Unifying Essential Components
- Information Security: Data Drains and How to Prevent Loss
- 7 Requirements of Data Loss Prevention
Get instant notifications when whitepapers, webcasts and case studies are added
to our library. Sign up for a Resource Alert now!
CSO Corporate Partners
Data Loss Prevention
-
November 13, 2008The Roosevelt HotelRegister now »
New York, NY 10017
(ISC)2 members can earn up to 6 CPE Credits
Reference priority code ONLINE and attend this program as our guest — that's a $295 savings!
