Shift to Security Services

IDC predicts a shift to security services as local companies prepare for an increase in the number of threats ahead of the World Cup.

With the 2010 Fifa World Cup looming, companies in SA are preparing for the worst, as the local news is full of warnings from security solution providers such as Symantec and Websense to expect an increase in malicious attacks from various insider and external threats.

Protecting your IT systems from both insider and external threats is no longer just the concern of large enterprises. With the rise in adoption of mobile solutions connecting to your organisational network, the expected increase in threats as a result of the 2010 Fifa World Cup, and the need to adhere to industry and government regulations, IT security should be a priority for every CIO in the country.

That said, given the current economic situation and its negative impact on IT budgets, knowing that you need to do something and being able to do something are two totally different things for a CIO. As such, listed below are three key emerging trends that IDC believes local companies need to consider when looking to procure security solutions.

These are not only cost-effective alternatives, but will also enable your organisation to ultimately become more responsive and pro-active in protecting against current and potential threats.

• Move towards preventive security. Historically, most security solutions have assured companies of reactive coverage as threats are discovered. Security software and solutions are modified to provide the necessary threat protection across enterprises. However, with the rise of targeted, sophisticated attacks, enterprises are aggressively seeking proactive security solutions that can anticipate potential threats and protect users and data from attacks. As security solutions develop, they are increasingly looking to prevent attacks from infiltrating enterprises, not just to protect them after an attack is launched.

• Security-as-a-service is on the rise. Due to lack of IT and security expertise, organisations are increasingly turning towards alternative IT strategies. Security-as-a-service allows organisations which are starved of IT and security expertise to contract their cyber security needs to a security software provider who then takes the role of turnkey SP who will effectively manage customers' security infrastructure. Another trend seen in the security-as-a-service model is referred to as a hybrid model, where the majority of the functionalities are run via the cloud, while some reside in clients' networks where they need to supplement their resources due to strains in Web bandwidth.

• Managed security services. These involve more cost-effective methods to address lack of financial and operational resources and free up IT personnel's time to do more strategic IT projects. Security software providers are offering complete suites of services to IT departments that are looking to supplement their security skills. IDC believes that security software vendors will move into the security services space, most likely through acquisitions, as they have been keeping an eye on the lucrative services market.

Lastly, IDC warns that as a result of restricted budgets, pressuring vendors on renewals is expected, but forcing them to reduce prices so extensively that they threaten their own sustainability is a real danger. It is important to remember that vendors are an important part of the security ecosystem. If vendors fail, no public resource will take over threat detection and remediation.

IDC Insights