Securing access, networks, documents, PCs, from internal and external malcontents, hackers and ignorant or stupid users, challenges even the calmest IT exec and while everyone wants to know the whole system is safe, few want the day-to-day responsibility. Enter managed security services: hand over the problem to a third-party to manage the technology and take care of the problem. But no, wait, says the board, it's too critical to give to strangers!
And it appears that this belief may hold sway, depending on whether you ask an analyst or a provider. Hydrasight analyst Michael Warrilow says uptake of managed security services (MSS) is slow not only in Australia, but globally as well.
Additionally, he says the definition of a managed security service can vary considerably and this adds to the confusion.
"Examples of successful MSS, in the purist sense, are managed e-mail services such as MessageLabs and managed gateway security for federal government departments (such as DSD-certified gateway services like Macquarie Telecom, CSC and CyberTrust).
"If the definition is expanded, examples of MSS might include IT outsourcers and ISPs."
However, talk to James Scollay, MessagLabs Asia/Pacific vice president, and he'll tell you the adoption rate in Australia is increasing rapidly. "In the last quarter alone there was a 47 percent increase in the number of local companies adopting MessageLabs' services over the previous quarter." And the trend of adoptees is changing, he says, from the legal and finance sector frontrunners - where nine out of the top 10 law firms used the provider's service - to SMBs.
"Today, adoption is broadbased across different sized companies and industries; small IT teams choose to selectively outsource security.
"In most cases MSS can give them enterprise-level solutions at a small business price," Scollay said.
For SMBs particularly, using MSS can take the pressure off a small IT staff. Warrilow says MSS allows separation of duties and gives operational security with economies of scale. "It frees up IT staff to focus on other issues and also provides an increased level of governance because IT administrators do not hold all the power."
With technology changing at a spine-chilling speed, knowledge and infrastructure upgrades solely for security purposes can be out of reach of many companies' budgets, not just SMBs, and this is where MSS vendors can provide extra benefits.
Scollay says this means that customers can access infrastructure and a knowledgebase that can not be generated internally.
"For example, MessageLabs focuses on messaging security in e-mail, IM and Web and offers SLAs that guarantee 100 percent virus protection, 95 percent spam and 100 percent service availability."
It also delivers a lower, total cost of ownership, as e-mail use increases, costs remain the same and reduces the need for internal staff, because e-mail is kept outside the organization, he said.
However, to get the most out of using MSS providers, companies need to do their homework and use service level agreements. Without a clear definition of roles, excellent reporting and proper contract and relationship management, customers can feel as though they are paying for a service they need to manage themselves, Warrilow says.
Scollay backs this up, saying that companies needs to look for maturity in service offerings, scalability, strong SLAs, referencability and proven outcomes.