June Cover 


Cabling

Chatsworth Products

Communications Supply Corp

Corning Cable Systems

General Cable

HellermannTyton

HyperlineSystems

Graybar

Panduit

Power Management

ADC

Eaton/Powerware

Testing/Monitoring

Fiber Instrument Sales

GL Communications

Network Technologies

Switches/Ethernet

TC Communications

Transition Networks

Wireless LAN

Aerohive

Media Converters

TC Communications

Fiber Networks

TC Communications

MUX

TC Communications

Phone/Data MUX

TC Communications

Multiplexer

TC Communications

Features

May 2008

Viewpoint

Security as a service

One of the interesting takeaways from the bustling RSA Conference last month was the plethora of companies offering managed security services. I talked with at least seven companies at the San Francisco event that provide such services, which equates to about one-fourth of the vendors I met with. But are their customers ready to hand over their network security oversight?

I asked that question repeatedly at RSA and received the predictable responses. Security as a service unburdens IT departments and lowers costs, vendors said - almost as if they had rehearsed their lines together before arriving at the show. Both of those benefits are most likely true, generally speaking, but I am not convinced that IT departments are comfortable with handing over the reins of this job responsibility just yet.

Ken Anderberg

In our recently completed Subscriber Profile Survey, only 11 percent of respondents said they plan to purchase any managed services this year, with a smaller percentage than that presumably in the market for managed security services. (The survey did not ask specifically about managed security services.) In contrast, 39 percent of those polled plan to buy security hardware or software in 2008.

According to an annual survey by the Computer Security Institute, security outsourcing has not shown any increase in interest in the last three years. Only 2 percent of the 479 security professionals surveyed said their organizations outsourced at least 81 percent of their security functions - 61 percent said none of those functions were outsourced.

Security as a service has some attraction, given the fast pace of change in technologies and the shortage of experienced security staff many organizations are dealing with. Theoretically, a service provider will have the necessary trained staff and will keep its hardware and software up to date. But will that service provider feel the urgency to fix problems that the customer experiences when there is a security problem? Will that outsourcer really understand the customer's pain? And who gets blamed if something goes wrong?

For many of the vendors at RSA I talked with, the small and midsize enterprise market is the sweet spot for managed security services. That makes sense, as those organizations are more likely to have staffing and budget restraints that would lead them to use managed services. Those smaller enterprises, however, may also need more education to convince them that a security service is secure.

That is where the vendors will have to step up. They will need to venture out of their vertically oriented editorial and marketing comfort zone and get their messages to a more horizontal audience of enterprise IT professionals and operations management. Preaching to the "security professionals choir" is not enough.

Ken Anderberg
kanderberg@comnews.com