Drei Wege Sicherheitsfragen zu lösen
What You Can Do If Your Security Vendor Fails
"It wasn´t pleasant," Durso recalls about the experience ofhaving to break the news to the CEO, the CFO and thecontroller. Interviewed by CIO the day Pilot filed forChapter 7, Durso was still frayed. "But we´re doing the rightthings. We had a full contingency in place in two days," shesays.
The contingency went something like this: First, get theexecutive staff´s permission to move forward on choosingalternative security providers. Second, create a worst-caseplan. For VisionTek, this meant Brown put his pager on andnever took it off.
Worst case, if AT&T cut the network connections to Pilot,Brown would be paged. He´d box up his servers and drive themfrom Gurnee to downtown Chicago, where an alternativeprovider had offered space and dial-up connections untilVisionTek could find a full-time provider.
Next, VisionTek brought in two ex-Pilot engineers as contractconsultants because they knew Durso´s security better thanshe did. In fact, the day after Pilot went down, VisionTekwasn´t sure of its security status because it had, over time,become Pilot´s responsibility to manage.
Together, the Pilot engineers and Durso figured out wherethey stood and got the network to a point where "we were atleast able to limp along," she says. With security patchedtogether, Durso, Brown and the consultants turned theirattention to evaluating other security vendors. Ironically,she wants a partner similar to Pilot in scope andmethodology. Durso liked Pilot´s level of expertise. Sheliked its 24/7 monitoring. Finding another Pilot with stablefinancials is unlikely. But Durso knows larger companiesoften have less expertise.