Will IT Security Move Towards a Service Delivery Model?

By Ken Presti, Senior Consultant, Channel Impact

Every day, the IT trade press springs forth with coverage of the latest and most diabolical attempts to steal data and bring down networks; often for profit, sometimes for fun, and, occasionally, to make a political statement.

In each case, the white hats take on the black hats in an effort to find new ways to block the incursion, kill the malware, or do whatever else needs to be done to protect the network and the data riding over it.

Each time the crisis is resolved, the good guys can sit back and relax until – Oh wait! Here’s a new threat to deal with.

In short, the security hits just keep on coming, and we can bet that they always will.

This scenario is pretty much a “given” in today’s world of technology, and as devices become smarter and smarter, the list of targets available to the bad guys becomes longer and more diverse. As the corresponding attacks become increasingly complex and specialized, keeping up with the threats will continue to get more difficult, and require more time, energy, and knowledge from IT security people. For many companies, proper defense with require nothing less than a situation room that is staffed on a 24×7 basis. But, obviously, that kind of attention is only affordable to a chosen few enterprises where the need for extensive defense is clearly imperative, and cost justifiable.

But what about the rest of us? How can we keep our electronic assets safe without sinking the P&L?

My personal viewpoint is that Security-as-a-Service will become increasingly prevalent as time goes on. While some companies will elect to address this issue in house, I believe the vast majority will move towards an outsourced service model that leverages third party specialists whose job it is to respond to the ongoing wave of threats. We are seeing some of this already, but expect this part of the industry to grow by leaps and bounds, eventually emerging as the dominant paradigm for security delivery because security on an ad hoc basis will fail to meet the standard.

A number of channel partners are looking very closely at this opportunity, and are in the process of acquiring the skilled personnel necessary to deliver on this value proposition. And it’s a very solid value proposition. The opportunity to offload the ongoing responsibility for keeping up-to-speed and responsive to the various threats will likely be well received by the customers, especially where specialized channel partners or similar groups can point to high batting averages for ongoing success. In addition to relieving customers of the headache, the ability to deliver security as a service is also very likely to improve cost control while at the same time keeping IT assets as safe as the service provider is skilled.

So if I were an executive leading a partner organization, or a young person coming into this industry, I’d probably build my reputation in the security space. Everything else may rise and fall. Trends like voice-data convergence will come and go. Technologies will commoditize. Security will always evolve, but it will never really become a commodity. At least not until the black hats all at once decide to hang up their spurs, and join the good guys.

I won’t hold my breath waiting for that to happen.