MSSP Liability: A Pipe Dream?

If a security incident occurs, is your managed security service provider liable for the damages?

. What's this?

By

July 12, 2007CSO — If a security incident occurs, is your MSSP liable for the damages? Not likely.

So you decide to get rid of your boxes and blinking lights and have your telecom provider handle security in the cloudand something bad gets through anyway. Can you hit up your managed security service provider for damages?

Hardly. There is no one in the industry that will take on a liability SLA, says Stan Quintana, vice president of AT&T Security Services. What the industry is doing, however, is putting in place SLAs to compensate or give back some of the fees.

John Pescatore, a VP at Gartner, compares this arrangement with the contract home buyers sign when they have a house inspection done. When you go to buy a house, you have to get a termite inspection, he explains. You read through all the contract and it says, at the bottom, even if we say there are no termites, if your house falls down the next day [because of termites], well give you back the $49 that you paid for the inspection.

As far as collecting any more money for damages than the service fees you paid to an MSSP, Pescatore says, youd need better lawyers than theirs.

Sarah D. Scalet.

From: Pipe Cleaners

Read more about network security in CSOonline's Network Security section.

Other stories by Sarah D. Scalet

What is Tech Briefcase?
TechBriefcase is a new, free service where IT Professionals can Search, Store and Share IT white papers and content like this. Learn more
Bookmark content
Speed up your research efforts with content across the web.
Search and Store
Find the white papers you need. Create folders for any topic.
View Anywhere
Open your briefcase on your iPhone, tablet or desktop. Share with colleagues.
Don't have an account yet?
RESOURCE CENTER