Lack Of Trust Key Barrier To Security Outsourcing
The need for cohesive security is compounded by factors such as complex and fragmented technology, a critical shortage of qualified IT staff, security risks associated with the growing ubiquity of private and public IP networks,
as well as competitive and economic pressures to rationalise budgets and reduce expenses.
As the realisation dawns that outsourcing security could reduce costs by eliminating network security staffing problems, reduce technological costs to implement the security measures and create benefits by releasing IT resources to focus on core business activities, prospects in the European MSS market will brighten.
A new study by Frost & Sullivan, the international marketing consulting company, forecasts that European companies will purchase $250 million in security services by 2008, up from just $73 million in 2001.
Frost & Sullivan observes a lingering reluctance amongst IT professionals charged with securing the enterprise to entrust a third party with running their network security.
The argument for outsourcing security functions is compelling, but it is still being hindered by the question of trust. To reach their true potential, MSSPs must overcome the inherent bias of many IT managers which is still holding back security outsourcing despite its cost advantages over in-house, around-the-clock surveillance.
“Customer-vendor trust remains a significant hurdle in selling MSS. Firstly, many organisations are reticent to consider outsourcing security. Usually, MSSPs have no pre-existing relationship with potential customers and little or no track record in the market. Coupled with the culture clash between corporate entities and many hacker-staffed security services firms, trust is proving to be a substantial barrier,” explains Andrew Tanner-Smith, Programme Manager at Frost & Sullivan.
“The heavy investments made by some of the vendors, combined with slower than expected market growth, has rendered some vendors financially unstable. In this sort of environment, confidence takes on an added dimension as end-user uncertainty over the MSSPs’ longevity in the marketplace grows” Mr Tanner-Smith continues.
The study indicates that the MSS market will remain a difficult one for many of the current vendors to make consistent profits from. The costs providing the services mean that operating at a less than optimum level (i.e. too few customers to gain merits of scale) will hit vendors financially to a point where the losses will become unsustainable.
“We believe that it will be difficult for many of the vendors we highlight in this research to achieve profitability without radically changing their business model. In addition, there will be few new entrants into the market due to the prohibitive costs of setting up a SOC, hiring, training and incentivising the necessary skills” Tanner-Smith notes.
At the same time, however, there are a number of vendors that will achieve and maintain profitability and these will flourish alongside the telcos, carriers and systems integrators that also offer security services.
Frost & Sullivan’s study argues that although the software vendors have advantages over pure-play MSSPs in terms of product and industry knowledge, large installed bases to sell into and faster access to skills, they have had much less impact on the market than they are often given credit for.
The more successful pure-plays, although carrying significant start-up costs and the challenges of providing a new market, are beginning to make headway despite the slowed progress of the market. There is a high degree of co-opetition with pure-play MSSPs and software vendors being both suppliers and challengers to telcos and SIs and, of course, to each other.
“Furthermore, the market segmentation is blurring. Software vendors, especially when addressing the needs of their MSSP clients, do not like to be called software vendors. They claim that they have become solutions vendors. Both software vendors and pure-play MSSPs maintain that telcos and SIs are not equipped to offer security services, and therefore cannot compete on the same terms” the analyst concludes.
Delicious
Digg
Reddit
Magnoliacom
Newsvine
Furl
Google
Yahoo
Technorati