[ISN] Report says Virtually All Big Companies Will Outsource Security By 2010

InfoSec News isn at c4i.org
Tue Aug 24 02:38:27 EDT 2004


By Gregg Keizer
TechWeb News 
Aug. 23, 2004 

The need to stay ahead of the hacker curve will drive nearly 90% of
big U.S. companies to outsource their security to managed service
providers by the end of the decade, a report released Monday

According to the Yankee Group, businesses will hand over
security--initially for perimeter defenses but eventually for
inside-the-firewall protection--to managed security service providers
to the tune of $3.7 billion by 2008, a jump from 2004's estimated $2.4

"Enterprises are outsourcing more technology in general," said Matthew
Kovar, a VP at Yankee Group's security solutions group. "But we'll see
a lot more in the security space. Enterprises know what they have to
do, but more of them will see that [security] isn't a core
competency," he added, and will hand the reins to a managed security
service provider.

Security outsourcing will prove attractive, said Kovar, for reasons
other than the cost savings typically cited by companies that farm out
business processes. Among the drivers toward managed services are the
accelerated attacks of today's threats--giving enterprises virtually
no time to put up defenses on their own before an attack infiltrates a
network--legislative requirements such as HIPAA and Sarbanes-Oxley,
and the trend toward pushing out the network perimeter to include
partners and remote workers.

"The well-defined perimeter just doesn't exist anymore," Kovar said.

These and other factors are outpacing the average company's ability to
keep up with the latest counter-measures and techniques to thwart
attacks, Kovar said in his report. At the same time, security is
moving from the network perimeter to protecting critical network
links, key servers, databases, and end-user desktops, in part because
of worms that other exploits that managed to sneak through the
perimeter on laptops or through remote sessions.

While managed services biggest number of customers are currently those
subscribing to anti-spam services, managed firewalls aren't far
behind, said Kovar. And as the trend continues, other security
defenses now solved by hardware, such as intrusion detection and
intrusion prevention, will also be shipped out for others to handle.

"One of the easiest managed services to see success is E-mail
anti-spam services," Kovar said. "People saw the pain and saw that
they needed to outsource the solution."

Companies such as Brightmail and MessageLabs have capitalized on the
anti-spam managed approach, grabbing part of the $140 million business
that Kovar said "cropped up almost overnight."

The outsourcing of security will follow other IT outsourcing trends by
going offshore, said Kovar, who expects that "security will be the
next to go to Ireland, India, and beyond." Services such as
application code review, he said, simply can't be done cost
effectively in North America.

The vendors that Yankee Group sees in the top tier include TruSecure
and Symantec, with Unisys, Netsec, Solutionary, Internet Security
Systems, and RedSiren close on their heels. Notable by its absence,
said Kovar, is McAfee. "That would concern me if I was an enterprise
investing in their technologies," he said.

In the end, the winners will be the vendors with the best security
gurus, or as Kovar put it, "the best knowledge gatherers. The real
intellectual property for security is in advanced algorithms,
intelligence, and the ability to rapidly deploy new security
countermeasures in real time to a large installed base of enterprise
customers and their global networks."

More information about the ISN mailing list