Security as a managed service?

By Leon Engelbrecht, ITWeb senior writer

Johannesburg, 13 Jun 2008

Eugene Kaspersky believes security as a managed service will shortly emerge as a business model in the security market.

The security guru says this would particularly appeal to small business and home users. "Small companies need to be protected too, but lack the expertise and the money or the staff. Sometimes they don't have a systems administrator at all," he says.

Home users equally have a need for malware and spam filters as well as traffic protection and like small business users, mostly rely on costly software packages and vendor updates to weather threats.

The Russian security expert sees this changing and believes Internet service providers (ISPs) will shortly step into that breach and offer clients on-demand security, much like the enterprise IT department.

"ISPs will sell security to customers; they will be like enterprise IT for home users. It's a new model and seems very promising," he says.

Kaspersky Lab is not the only security vendor entering the managed service field.

"Lots of people go to an accountant or a tax preparation service, because they don't have the time or the expertise to do their taxes themselves," says Lillian Wai, senior product marketing manager for McAfee Managed Services.

"Managed security services simply apply this same reasoning to computer security - allowing SMEs to turn the job over to professionals who have the tools and expertise necessary to do the job better and more economically" - online.

Wai says this is part of the broader trend towards software-as-a-service or on-demand solutions. Companies around the world are turning to service providers to deliver everything from network management to core customer relationship management applications. Security is one of many IT disciplines being outsourced.

"When you only have a limited number of technology professionals on staff, you don't want them downloading updates," says Wai.

The Yankee Group projects the managed security services market will grow from $1.5 billion in 2002, to a projected $3.7 billion market in 2008.

Security as a commodity

The emergence of security on-demand does not mean security has become a commodity, as was widely predicted at the turn of the century when analysts said the market would thin out to three "mega vendors".

"This has not happened," Kaspersky says. "If you have a safe environment, security is a commodity. But the threat is constantly increasing and in this environment you need more security. That's why you still have a proliferation of small players with new ideas - and the big players following them.

"The main threat now is the number of threats. In the past there were hundreds a year, then thousands. Now new malware number in the millions," he adds.

"In the past, analysts could develop countermeasures 'by hand' but now it is not possible. One must automate. I call it 'automated woodpecking'. The company that best develops automated systems will be the winner in this game."