Outsourced security yet to take off

The hype which surrounds managed security services is still a lot of noise about relatively little according to one interpretation of figures from analyst house Quocirca. But industry experts on either side of the fence agree it will take off - for better or worse.

Quocirca's research has revealed that many companies still won't consider relinquishing control of the IT security - despite predictions from within the industry that the managed services model represents the future of security.

The survey which was commissioned by Computer Associates revealed that 82 per cent of respondents said they still want to improve internal management and control of their IT systems rather than hand the task on to a specialist third party.

Despite seemingly compelling reasons to outsource, such as a cutting of costs, Simon Perry, VP security strategy at CA isn't convinced.

"I don't think cost savings are enough to make people want to outsource - not where security is concerned," he said, expressing concerns about the wisdom of handing over something as business-critical as security.

Perry believes many companies who are outsourcing already may be doing so to plug a temporary short fall in their own skill-sets and resources - reacting to the increased importance of security and the nature and diversity of the threats.

"People tend to outsource when new challenges present themselves or new technologies come around and they don't have the resources to manage it themselves."

He believes many such companies may yet bring security in-house again at a later date once they are able to manage it more strategically.

"Companies thinking of outsourcing because they have been proposed a better, more cost effective service should ask themselves 'how can these guys offer a better service than my own tech team when they are profit-driven and my tech team isn't?'"

The outsourcing specialists would argue there are economies of scale involved and few will be too worried about these findings which relate to a still-nascent market.

The survey revealed that 65 per cent of companies are maintaining hands-on control companies of spam and antivirus.

However, Mark Sunner, CTO of MessageLabs, looks upon those figures with optimism - suggesting the implied 35 per cent figure is actually representative of the market nearing a "tipping point".

He is confident the take-up of managed security services by companies who fall within that minority group will eventually create a "me too effect" where companies make the switch simply because others already have.

Despite raising concerns about the wisdom of doing so and its long-term viability, CA's Perry agreed with Sunner that the market for managed security services will continue to grow for the foreseeable future.

Where respondents to the Quocirca survey did see immediate value in third parties is with consultancy and review of security strategies and practices. Almost 80 per cent of respondents regularly use specialists in this area. Compliance assessment one such area where third parties are playing an increasingly important consultative role.