Drei Wege Sicherheitsfragen zu lösen
What You Can Do If Your Security Vendor Fails
Even so, Hennessy is convinced of the rightness of hisdecision. "We know doing it in-house is more expensive, butwe´ve just decided it´s better than outsourcing," hesays. While talent is thin, Hennessy says a few strongcandidates have come his way due to the economy.
The Hartford Financial Services Group, which was not a Pilotcustomer, has taken many of the same steps asHennessy. Hartford Assistant Vice President of IT JackStoddard outsources little security, only ceding tasks suchas auditing and penetration assessments to outsidevendors. He retains 30 full-time security staff members,tries to recruit the best he can find, pays premiums for themand trains his staff continually. He is adamant about thelimitations of the outsourcing model.
"I don´t see us ever outsourcing," Stoddard says. His CIO,David Annis, believes acquiring and grooming securityexpertise in-house is critical, even if it costs more. Hecalls outsourcing "throwing in the towel." But he understandswhy so many companies do it anyway. Security is so complexand demands such constant reassessments, he says, that doingit in-house requires a "fair amount of redundant duediligence."
Postscript
ON MAY 9, EXACTLY TWO WEEKS after Pilot disbanded, it wasliquidated. There was a Hail Mary as several managed securityvendors tried to take over the business, but thatcollapsed. Emergency operations and support were halted. AT&Tfinally cut the circuits, and Brown at VisionTek received apage. VisionTek was still waiting for the local carrier tosupply a data line, so Brown boxed up his equipment and droveit to its temporary home in a downtown Chicago facility.