Question: What is the current market like for security outsourcing? Is there still a lot of room for growth? What trends are developing?
Paransky: The MSS market continues to show significant promise. In-Stat puts the market at nearly $5 billion by 2006. Gartner predicted that about 60% of enterprises would outsource at least one perimeter technology by 2005. Yankee Group is even more bullish, believing enterprises will turn to managed security service providers (MSSPs) to provide most of their security solutions during the next five years and will outsource almost 90% of their solutions by 2010.
We expect there to be continued growth and penetration of managed security services in the large enterprise market, along with continued focus on enterprise organizations finding partners that can effectively integrate into their environments. As well, enterprise organizations will continue to focus on looking to partners that can help them with the rapidly changing threat landscape. Finally, there will be greater focus from enterprise organizations on requiring comprehensive global threat intelligence gathering and sharing.
Question: Are managed security services benefiting from co-sourcing or out-tasking? How?
Paransky: Absolutely. In Symantec Managed Security Services, we have found that an approach of partnering with our enterprise customers to extend their security organizations' capabilities makes more sense for our customers, rather than attempting to replace an entire security organization in the classical outsourcing sense of the term. One factor lies at the heart of the decision process: trust. Customers will be more likely to co-operate with a provider that functions essentially as an extension of their staff, or a trusted advisor that shares in the risk from the inside out versus turning over the security keys to somebody that manages from the outside looking in.
Question: What is new for Symantec in the managed security services market?
Paransky: Symantec continues to innovate in the managed security services market. Today we announced our global BS7799 recertification (which occurs every three years), as well as our third SAS70 Type II attestations. Maintaining both of these third-party audits shows our continued commitment to support the transparency of operations for customers (which supports the out-tasking approach of extending their organizations), as well as to support our customers' internal governance approaches. We recently also released our Vulnerability Data Correlation Integration service, which provides our customers with the benefit of having an improved understanding of the customer environment integrated into our analysis services -- regardless of the vendor they use to generate their vulnerability data.
This 3 Questions originally appeared in a weekly report from IT Business Edge.