News Stay informed about the latest enterprise technology news and product updates.

Managed security services to climb as IT costs rise

The market for managed security services is expected to grow significantly, led by messaging security software, Web gateways and security intelligence products.

As IT departments continue to struggle to meet the growing demand for their services with fewer people and shrinking budgets, the idea of outsourcing more of their security functions is becoming more and more attractive. And analysts and industry observers say that trend is likely to continue for the next several years as managed security services offerings mature and enterprises grow more comfortable with the concept.

Three to five years from now, there will be a lot more focus on external services.
John Pescatore,
analystGartner Inc.

Security vendors have been offering various managed services for nearly 10 years, including vulnerability scanning, network security monitoring, managed IDS and managed firewall services. Those offerings have done well in certain segments of the market, but many enterprises still are hesitant to give a third party that much control of their security operations. But today's economic realities are putting off-premises services, including software-as-a-service products, on the short list for security managers.

Several companies, including HP, IBM and Webroot Software Inc., have begun to offer some of their security products as SaaS options. Webroot, of Boulder, Colo., this week introduced its new Web Security SaaS product, a comprehensive Internet security offering that includes content control, URL filtering, threat protection and other features. The service routes all of a customer's Web traffic through Webroot's servers and scours the requests for malicious content. HP, meanwhile, recently dipped its toe into the SaaS world as well with an on-demand version of its Assessment Management Platform. IBM has had an on-demand version of its AppScan Enterprise Edition product available for some time.

Managed security services:
7 Security Questions to Ask Your SaaS Provider: Outsourcing an application means your organization relinquishes control; don't, however, loosen your grip on security.

HP aims at IBM with application vulnerability scanning as service: HP offers application scanning as a service to meet IBM's Watchfire AppScan OnDemand software. Interest is being driven by the growing use of Web applications.

Webroot adds email security with SaaS acquisition: Webroot adds email archiving, encryption and Web filtering with the acquisition of UK-based Email Systems.

SaaS offering a first for Symantec: Symantec has launched a beta of the Protection Network, a software-as-a-service platform for small-to-medium-sized businesses. Resellers will be able to offer customized versions.

Analysts say that the trend is indicative of a general willingness on the part of enterprise IT staffs to look for more economical solutions, as well as a recognition on the part of the vendors that customers may be ready to accept some outside help. That trend will only accelerate in coming years, they say.

"Three to five years from now, there will be a lot more focus on external services," John Pescatore, an analyst at Gartner Inc., based in Stamford, Conn., said at the company's IT Security Summit in Washington this week. "Product choices by customers will be driven by what kind of services are offered."

Pescatore estimates that in 10 years, the market for outsourced security services will jump significantly. By 2018, 70% of all messaging security products will be offered as a service, he said, and 65% of secure Web gateways and 85% of security intelligence products will be services. Part of the reason behind this is the fact that many enterprises have reached a saturation point with the number of appliances and security gateways they have in their environments, and they're looking for ways to cut hardware costs and data center costs. It's the same set of circumstances driving the interest in virtualization at the moment.

"CIOs are telling us, I don't care what Gartner says, the only way I ever reduce IT costs is by reducing box count," Pescatore said.

That would seem to portend a continuation of the trend toward vendors offering customers the option of buying products as services instead of as appliances or shrink-wrapped software. That option can be especially enticing for small and medium-sized organizations that don't have the personnel and budget to dedicate to security functions.

"What we're going to see more of is the concept of the security switch and security in the cloud, along with software-as-a-service," Pescatore said.

Dig Deeper on Security industry market trends, predictions and forecasts

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.