ABSTRACT
This chapter argues for outsourcing computer and network security to specialists—managed security service providers (MSSPs) as they are now typically called. For small and medium-sized businesses especially, MSSPs provide more efficient and effective defense than the businesses can. The rise of MSSPs changes the data breach landscape. MSSPs are now a hacker target. Further, the relationship between an MSSP and its client is contractual. The contract allocates the risk of loss and liability in the case of a data breach, and it also defines what the MSSP may do with the information to which it has access. With MSSPs in the picture, the study of defenses against data breaches becomes a study of MSSP defenses and a study of contractual allocations of risk and liability.
