eReports 28-April-2004 Success of MMSPs linked to cost and security threats by Chris Talbot With security the hot topic that it is, many vendors agree there is a growing opportunity for themselves and for their channel partners to sell managed security services to their customers, but exactly how big that opportunity is largely depends on what security threats are on the horizon and how much managed services are going to cost. Exactly where the opportunity lies in managed security services is still a bit fuzzy, but it's going to become clearer over time, said Steven Poelking, director of research, Canadian infrastructure and applications research at IDC Canada. He added that managed services today run the gamut from patch management to e-mail managed security services to higher-end services. "First and foremost, this is an emerging market, so there is a degree of experimentation by all of the vendors right now as to what is working and what doesn't work. So there is a belief, it seems, by vendors' OEMs that this is something to go out and try, and we're seeing the various OEMs put services into the market either directly from them or through their channel," Poelking said. He added that the success of MSSPs would likely depend on the cost of services and whether or not the number of security threats in the market worsens. Even though there is a growing interest in managed security services, Poelking said it's safe to say it's an area that is still in its early adopter phase. It's also not clear whether managed security services will only be of interest to large companies or whether they will also attract small and medium-sized businesses, he said. According to Alan Komet, channel manager at Computer Associates, managed security services started primarily around the firewall about two to three years ago when companies started asking managed services providers to manage their firewalls. It morphed into intrusion detection management, and today, managed security services include vulnerability management services, such as patch management. "Users don't have the bandwidth to find those vulnerabilities, download those patches and apply those patches. Therefore, they would rather outsource that, so we see a tremendous growth area what we term vulnerability management today," Komet said. From a security perspective, the hottest topics and the technologies customers most want right now include firewalls, intrusion detection and prevention systems and virtual private networks, said Stephen McWilliam, partner and alliance manager at Fusepoint. He added that those are technologies that customers are also willing to go with as a managed service. "Anybody can head off to Radio Shack and buy a firewall, but that really is a false sense of security," McWilliam said. The way he sees it, managed security services are starting to cross the chasm between the early adopter phase and the early mainstream phase. According to Poelking, cost comparisons are likely to factor into whether or not managed security services takes off. If it's cheaper and easier to go with a boxed solution a company can pop onto their network, then managed security services might not go very far. However, if it's the other way around, the market could take off big time. The value proposition is pretty clear, McWilliam said. A company can focus their own resources on managing their security or they can focus on the business that they are in. McWilliam also said there are cost savings involved with going with a MSSP. To have 24 by seven would require a staff of five full-time IT employees rotating through eight-hour shifts to monitor and manage security in a company's corporate environment. "The greatest move is a realization that you don't need to do this yourself and you probably shouldn't," McWilliam said. "That's why they're engaging MSSPs and managed services providers to do this for them."