MSSP Liability: A Pipe Dream?

If a security incident occurs, is your managed security service provider liable for the damages?

If a security incident occurs, is your MSSP liable for the damages? Not likely.

So you decide to get rid of your boxes and blinking lights and have your telecom provider handle security in the cloudand something bad gets through anyway. Can you hit up your managed security service provider for damages?

Hardly. There is no one in the industry that will take on a liability SLA, says Stan Quintana, vice president of AT&T Security Services. What the industry is doing, however, is putting in place SLAs to compensate or give back some of the fees.

John Pescatore, a VP at Gartner, compares this arrangement with the contract home buyers sign when they have a house inspection done. When you go to buy a house, you have to get a termite inspection, he explains. You read through all the contract and it says, at the bottom, even if we say there are no termites, if your house falls down the next day [because of termites], well give you back the $49 that you paid for the inspection.

As far as collecting any more money for damages than the service fees you paid to an MSSP, Pescatore says, youd need better lawyers than theirs.

Sarah D. Scalet.

From: Pipe Cleaners


Copyright © 2007 IDG Communications, Inc.

Make your voice heard. Share your experience in CSO's Security Priorities Study.