Menu
Why Security Matters Now

Why Security Matters Now

Social networking and cloud computing threats abound, our annual Global Information Security Survey finds, making information security important once again to business leaders.

Trend #3

Insourcing Security Management

A few years ago, technology analysts were predicting unlimited growth for managed security service providers (MSSPs). Many companies then viewed security as a foreign concept, but laws such as Sarbanes-Oxley, the Health Insurance Portability and Accountability Act and the Gramm-Leach-Bliley Act (affecting financial services) were forcing them to address intrusion defense, patch management, encryption and log management.

Data Dangers

Attacks on data have increased faster than any other security exploit. The top target: databases.

How Attackers Get Your Data

Databases: 57 per cent

File-sharing applications: 46 per cent

Laptops: 39 per cent

Removable Media: 23 per cent

Backup Tapes: 16 per cent

Multiple Responses Allowed

Convinced they couldn't do it on their own, companies chose outsourcers to do it for them. Gartner estimated the MSSP market in North America alone would reach $US900 million in 2004 and that it would grow another 18 percent by 2008.

Then came the economic tsunami, which appears to have cast a shadow over outsourcing plans even though security budgets are holding steady. Although 31 per cent of respondents this year are relying on outsiders to help them manage day-to-day security functions, only 18 per cent said they plan to make security outsourcing a priority in the next 12 months.

When it comes to specific functions, the shift has already begun. Last year, 30 percent of respondents said they were outsourcing management of application firewalls, compared to 16 percent today. Respondents cited similar reductions in outsourcing of network and end-user firewalls. Companies have also cut back on outsourcing encryption management and patch management.

At the same time, more companies are spending money on these and other security functions. Sixty-nine percent said they're budgeting for application firewalls, up slightly compared to the past two years. Meanwhile, more than half of respondents said they are investing in encryption for laptops and other computing devices.

The results surprise Lobel of PricewaterhouseCoopers. "When you think about it logically, some IT organizations have the resources and maturity to manage their operating systems and patches, but many don't," he observes. "Hopefully, the numbers simply mean IT shops have grown more mature in their security understanding."

Security Budgets Hold Stead

More companies are increasing spending than cutting it.

Direction of Spending

Increase: 38 per cent

Stay the Same: 25 per cent

Decrease: 12 per cent

Don't Know: 24 per cent

Numbers may not add up to 100 per cent due to rounding

Gius of Atmos Energy offered another possible explanation: Companies see a lot of chaos in the security market with an avalanche of mergers and acquisitions. One independent security vendor after another has merged with or been acquired by other companies. Examples include BT's acquisition of Counterpane and IBM's acquisition of Internet Security Systems. IT leaders are simply getting out of the way until the industry settles down.

Gius says Atmos Energy is handling most of its security in-house right now. "We pursued a number of open-source and lower-cost solutions to manage it ourselves," he says. "We invested in two people to help ensure we had the skills to manage that environment." But he'd like to outsource more if it makes sense financially. He notes that security is increasingly integrated into the platforms provided by the likes of Microsoft, Cisco and Oracle, as well as telecom providers like Comcast and Verizon. It makes sense to him to have those providers manage the security of their systems.

Beard, with SAIC, says that no matter what drives security spending decisions, companies should understand their specific security strategies and where managed security providers can offer unique value. Smart business executives understand that they must maintain control of the big picture at all times, even if a third party is managing many of the levers. Keeping an eye on security service providers and the risks they are encountering is essential. "CIOs and security officers may outsource certain functions to various degrees, but they should never outsource their responsibility," Beard advises.


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags PricewaterhouseCoopersGlobal Information Security Survey

Brand Post

Show Comments