Hackers have nothing to do but hack, except maybe watch MTV.
According to analysts, that's why IT security specialists are now in greater demand than ever, and why managed security service providers (MSSPs) may be becoming as popular as Britney Spears' navel.
MSSPs deploy on-site security hardware for firewalls and VPNs. They externally manage systems and offer continuous monitoring, intrusion detection and virus screening.
"If you don't have a regular job...sooner or later you'll be farther ahead than the people who work eight hours a day and have a life," said Dr. Martin Goslar, principal analyst and founder of E-PHD, a Phoenix, Ariz.-based security research and consulting firm.
Boston-based research and analysis firm the Yankee Group has projected the managed security service provider (MSSP) market will grow from $140 million in 1999 to $2.6 billion by 2005. Zeus Kerravala, director of Yankee's e-networks and broadband access team in Boston, said MSSPs ease the pain of finding qualified security professionals.
"There just aren't enough people with high level (security) skills," Kerravala said. "When I worked in an enterprise, nobody liked to fool with the firewall. Heaven forbid if you make an update and it stopped working right."
In addition to monitoring, MSSPs can also handle any upgrades or configuration changes that are needed, unlike security integrators that buy, configure and deploy security hardware but leave the customer to manage it independently.
Internet Security Systems, Riptech, Guardent and OneSecure are a few of the players offering these services, as opposed to companies like McAfee.com and Symantec, which provide anti-virus updates on a subscription basis.
Kerravala said MSSPs can provide easier, less expensive access to certified security professionals but using one means a company must relinquish at least some control over its own security.
Adding to that anxiety is the fact that MSSPs are competing with each other for IT talent, thinning the pool of qualified security experts even further.
"They're really at the point where they're pulling in some people who don't have the skills and training because they don't have the resources there," said Goslar.
If a fully outsourced security program seems risky, a growing number of customers, especially large enterprises, are choosing to outsource some tasks while keeping others in house.
Goslar said firewall and VPN management are usually first to be outsourced because MSSPs can prove themselves without the risk perceptions that come with handling a customer's entire security program.
Vulnerability testing may be outsourced early on as well "because it requires some in-depth expertise to figure out where their holes are," said Goslar.
Despite some uncertainties about the model, many experts believe MSSPs will only grow in popularity, eventually becoming a mainstay in network and systems management.
"There's no doubt that there's a general transition going on in the security industry from products to services, and most companies are beginning to make that transition," Goslar said.
FOR MORE INFORMATION:
The Best Web Links on security management services
Transcript from a searchxSP live online event, outsourcing to an MSSP
Learn more about your security options at two of our sisters sites:
Other articles by Eric B. Parizo
Dig Deeper on Vendor Management: Negotiations, Budgeting, Mergers and Acquisitions