With information security becoming a challenge that is too big for most organizations to handle, there’s now more interest in relying on third-party experts to manage it. In fact, a new study from ABI Research forecasts that demand for managed security services will grow from $15.4 billion this year to $32.9 billion in 2020. Much of that demand is likely to be driven by the line of business executives who are coming to the realization that no matter how skilled their internal IT organization is, the task of securing information these days is beyond the means of a single IT department.
Advancements in IT security
While there will never be perfect security, the level of intelligence and automation that can be applied to IT security is getting better. It’s now possible to correlate where attacks are coming from and determine what the most probable target is. At the same time, organizations are getting better at identifying vulnerabilities, and the efforts to remediate those vulnerabilities are slowly but surely getting more automated.
The challenge that every organization faces when implementing those advanced IT technologies is the level of scale required for them to be effective. It doesn’t come cheap to invest in things like security intelligence services based on Big Data analytics to identify new threat vectors, and new software-defined security infrastructure that helps automate many of the complex security processes that an organization needs to master.
Demand for IT security experts
Just as significant, people with IT security expertise are in short supply. Even if an IT organization can find someone with the required amount of IT security expertise, holding on to that person is a major challenge given the salary levels they can command.
Another challenge is that the security rules most organizations put in place years ago are almost always poorly documented. It’s not unusual to find an IT organization where the administrators are afraid to update the rules implemented on a firewall because nobody knows why they were implemented in the first place.
The opportunity for managed security service providers
Put all this together, and the reasons why demand for managed security services is on the rise become obvious. The issue facing managed security providers, though, is the price point organizations are willing to pay to be secure and the cost of managing the inevitable security incident.
Organizations that don’t have the best security technologies and policies in place are going to be more expensive to manage than those that do. Managed security service providers (MSSPs) need to have enough control over the IT security environment to make sure the cost of responding to every security incident doesn’t result in them ultimately going broke.
Of course, all it takes is for one unsuspecting user to download a file or attachment without realizing they are being conned into infecting their system with malware. Then all the best security efforts can go for naught. In fact, the malware they downloaded might even lie dormant for months before being activated.
Being an MSSP is clearly not for the faint of heart. To one degree or another, the MSSP as an entire organization basically needs to be addicted to adrenalin to deal with both the volume of attacks being launched and their increasing sophistication. Of course, the real danger, as any adrenalin junkie will confess, is that you eventually do hit a wall.