Channels ▼
RSS

Virtually All Enterprises Will Outsource Security


The need to stay ahead of the hacker curve will drive nearly 90 percent of U.S. enterprises to outsource their security to managed service providers by the end of the decade, a report released Monday suggested.

According to the Yankee Group, businesses will hand over security -- initially for perimeter defenses but eventually for inside-the-firewall protection -- to managed security service providers (MSSPs) to the tune of $3.7 billion by 2008, a jump from 2004's estimated $2.4 billion.

"Enterprises are outsourcing more technology in general," said Matthew Kovar, a vice president with Yankee's security solutions group. "But we'll see a lot more in the security space. Enterprises know what they have to do, but more of them will see that [security] isn't a core competency," he added, and will hand the reins to an MSSP.

Security outsourcing will prove attractive, said Kovar, for reasons other than the cost-savings typically cited by firms farming out business processes. Among the drivers toward managed services are the accelerated attacks of today's threats -- giving enterprises virtually no time to put up defenses on their own before an attack infiltrates a network -- legislative requirements such as HIPAA and Sarbanes-Oxley, and the trend toward pushing out the network perimeter to include partners and remote workers.

"The well-defined perimeter just doesn't exist anymore," said Kovar.

These, and other factors, are outpacing the average enterprise's ability to keep up with the latest counter-measures and techniques to thwart attacks, said Kovar in his report. At the same time, security is moving from the network perimeter to protecting critical network links, key servers, databases, and end-user desktops, in part because of worms that other exploits that managed to sneak through the perimeter on laptops or through remote sessions.

While managed services biggest number of customers are currently those subscribing to anti-spam services, managed firewalls aren't far behind, said Kovar. And as the trend continues, other security defenses now solved by hardware -- such as intrusion detection and intrusion prevention -- will also be shipped out for others to handle.

"One of the easiest managed services to see success is e-mail anti-spam services," said Kovar. "People saw the pain and saw that they needed to outsource the solution."

Companies such as Brightmail and MessageLabs have capitalized on the anti-spam managed approach, grabbing part of the $140 million business that Kovar said "cropped up almost overnight."

The outsourcing of security will follow other IT outsourcing trends by going offshore, said Kovar, who expects that "security will be the next to go to Ireland, India, and beyond." Services such as application code review, he said, simply can't be done cost effectively in North America.

The vendors that Yankee Group sees in the top tier include TruSecure and Symantec, with Unisys, NETSEC, Solutionary, Internet Security Systems, and RedSiren close on their heels. Notable by its absence, said Kovar, is McAfee. "That would concern me if I was an enterprise investing in their technologies."

In the end, the winners will be the vendors with the best security gurus, or as Kovar put it, "the best knowledge gatherers. The real intellectual property for security is in advanced algorithms, intelligence, and the ability to rapidly deploy new security countermeasures in real time to a large installed base of enterprise customers and their global networks."


Related Reading


More Insights






Currently we allow the following HTML tags in comments:

Single tags

These tags can be used alone and don't need an ending tag.

<br> Defines a single line break

<hr> Defines a horizontal line

Matching tags

These require an ending tag - e.g. <i>italic text</i>

<a> Defines an anchor

<b> Defines bold text

<big> Defines big text

<blockquote> Defines a long quotation

<caption> Defines a table caption

<cite> Defines a citation

<code> Defines computer code text

<em> Defines emphasized text

<fieldset> Defines a border around elements in a form

<h1> This is heading 1

<h2> This is heading 2

<h3> This is heading 3

<h4> This is heading 4

<h5> This is heading 5

<h6> This is heading 6

<i> Defines italic text

<p> Defines a paragraph

<pre> Defines preformatted text

<q> Defines a short quotation

<samp> Defines sample computer code text

<small> Defines small text

<span> Defines a section in a document

<s> Defines strikethrough text

<strike> Defines strikethrough text

<strong> Defines strong text

<sub> Defines subscripted text

<sup> Defines superscripted text

<u> Defines underlined text

Dr. Dobb's encourages readers to engage in spirited, healthy debate, including taking us to task. However, Dr. Dobb's moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing or spam. Dr. Dobb's further reserves the right to disable the profile of any commenter participating in said activities.

 
Disqus Tips To upload an avatar photo, first complete your Disqus profile. | View the list of supported HTML tags you can use to style comments. | Please read our commenting policy.
 

Video