The internet, you no doubt have heard, is a dangerous place full of hackers, crackers, spammers, phishers, Trojans, viruses and who knows what else, all aiming to infect your PC, steal your data, run up your credit card bill and post those embarrassing pictures of you all over the web.
Which is true. It's also old news - the internet has always had security issues in one form or another, and there have always been various security techniques to mitigate the threats. It's also always been an arms race of sorts - attacks get more sophisticated, spawning advanced countermeasures, and so on.
The same dynamic has been altering the face of managed security services as well. Enterprises have always faced the dilemma of whether to handle network security in-house or outsource it to a service provider. But managed security has been a traditionally tough sell for carriers and ISPs for a variety of reasons, from skittishness over giving a third party control of the corporate firewall to the 'insurance' problem of being able to justify the expense - if you contract AT&T Business to manage your firewall and you suffer no attacks that year, is it because AT&T's service worked or because no one tried to attack the network‾
But this is changing quickly. Thanks to a host of market drivers, from the growing nature, volume and variety of threats and concerns over protection of data and even legal liabilities now being imposed by governments in certain markets, enterprises are under increasing pressure to get their security policies in order - and if they can't do it, to find someone who can, says Adrian Dominic Ho, research manager for IDC's Asia-Pacific managed services and enterprises networks.
'Enterprises can no longer ignore security spending given the increasingly sophisticated and rapidly evolving security threats,' Ho says. 'Today, managed security services are no longer simply about firewalls and anti- viruses. Enterprises are looking for crisis management, disaster recovery and business continuity services to ensure 24/7 uptime of their business in the event of a significant business disruption.'
A February study from IDC found that managed security services in Asia Pacific is already a $500 million business that will hit $604 million by the end of this year and the $1 billion mark by 2012. At a CAGR of 17.4% over five years, that's faster growth than the entire ICT outsourcing and managed services market.
'In the past, spending on managed security was like buying an insurance policy, something that is good to have,' Ho says. 'This mindset has changed as enterprises realized that the threats out there are real but, more importantly, the chronic shortage of skilled security professional has made the need to adopt managed security services even more compelling.'
That's good news for service providers (and vendors that sell managed security equipment and services) - but it also requires them to up their game for the same reasons. And just as the net threats and the networks themselves become more complex beasts, so are customer expectations.
Threat assessment
To fully understand how the MSS market has evolved, it's useful to start with the threats themselves, which are naturally raising the bar for enterprises and telcos alike, says Jim Freeze of Crossbeam, a network security solutions firm.