Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Wednesday, April 07, 2010

Outsourced security extends to wealth of services, study finds

Interest is growing in non-traditionally outsourced security technologies, including log management and patch and configuration management.  The market for security services providers grew by about 8% in 2009, despite the economic turmoil that stagnated some security budgets.  And the growth is not necessarily all about cutting costs, said Khalid Kark, vice president and principal analyst at Cambridge, Mass.-based Forrester Research Inc.  More important to most enterprises is 24x7 protection and increased security competency that many service providers can offer.

“Companies are finding that the frequency and sophistication of threats is out of control for them to handle internally and they’re looking for service providers with competency to be able to handle that for them,” Kark said.

In the recent Forrester report: “Market Overview: Managed Security Services,” Kark lays out ways the broad industry is shaping out and what companies should look for in a service provider.  To do that, companies need to evaluate a number of different kinds of MSSPs, from telecommunications providers that bundle security with their services, to value-added resellers and system integrators that provide a mixture of services.

Robert T. Ferrilli, president and CEO of the Ferrilli Information Group, turned over nearly all his systems to managed service providers when the company’s Exchange server went down unexpectedly while he was on a business trip.  The firm, which provides business applications for universities and colleges, has a team of 20 developers spread out across the United States.

Many firms have a suite of services and are happy to sell everything they offer, but enterprises with a solid set of priorities of what they want to gain from a MSSP will be able to better evaluate what partner is right for them, Kark said.  Instead of just gaining Web filtering or email protection, enterprises are seeking guidance from their MSSPs on security related issues, forcing some firms to invest in creating consulting services divisions.  According to Kark, content security in the form of email and Web content filtering still has the most market penetration, but other technologies are quickly gaining ground.

Companies are outsourcing log management and event correlation and analysis services as well as distributed denial-of-service (DDoS) protection services.  The growth of cloud computing, with more company data spread out beyond the company walls, has forced some firms to seek out specialized security providers.,289142,sid14_gci1508261,00.html?track=sy160&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+techtarget%2FSearchsecurity%2FSecurityWire+%28SearchSecurity+%3A+Security+Wire+Daily+News%29

Posted on 04/07