Nearly half of companies using managed security services will continue to reduce their dependence on in-house security and shell out more dough on hosted security products, according to Boulder, Colo.-based research firm Enterprise Management Associates Inc.
Nominate someone you work with for a ComputerWorld Canada IT Leadership Award
The majority of respondents came from the financial services, manufacturing, health care, educational and government sectors, with an emphasis on companies based in North America.
Scott Crawford, a research director covering security and risk management for EMA, said the trend toward more managed security adoption is being driven by a multitude of factors, including increasingly complex security attacks, restricted budgets, growing compliance requirements and a lack of skilled security staff.
“It may surprise some to know just how small the security management team is for some of the largest organizations,” he said. Often just a dozen people will be tasked with protecting huge corporate networks at global organizations, Crawford added.
Crawford said the historical reluctance of organizations to embrace managed services in general has changed, but in no other field has that change been felt so rapidly than in security.
The survey found that in organizations where managed security services were stable or increasing, respondents cited a better ability to demonstrate positive performance to management, more predictable security costs, and confidence in the service provider as the top reasons for their investment.
While organizations are increasingly gaining confidence in their service providers, Crawford noted that a quarter of respondents said they have “not defined specific performance requirements with security service providers.” The fact that the market is still a young one could be why 25 per cent of organizations have not developed the proper service level agreements, he said.
Crawford said that while security technology cannot be absolute, vendors are translating “five nines” to the security space by promising a high percentage of protection or capture of attacks, uptime/availability assurances, insurance coverage, and refunds of service fees paid.
As for which aspects of managed security services companies plan to focus on in the next 12 months, 56 per cent of respondents cited “higher-level tactical” services, which encompasses more highly skilled functions beyond tedious or repetitive tasks. Basically, Crawford said, “skilled functions that can be difficult to find in-house staff to handle.”
Rounding out the survey results, EMA found that e-mail and messaging security services still lead the way among security SaaS adoption, followed closely by anti-virus software and Web browsing security services.