The Evolving Role of Managed Security Services

Last Thursday I was speaking on the future of security at an excellent seminar organised by Maxima, a fast-growing UK vendor of systems integration and managed IT services. Last year they acquired 3net, a security and network specialist, to extend their portfolio into the security market. I was impressed with their pitch. When I asked them what they did, they replied “We save money for our customers”. That’s just what we all need. And it got me thinking about the changing role of managed security services.

I first encountered the need for managed security services in the nineties, when complex security solutions, such as IDS, began to emerge, and platform security was our Achilles Heel. We were finding it harder to maintain the skills needed to secure a complex IT environment. Managed services seemed a step in the right direction, but there were few vendors, and we didn’t have the tools to communicate our unwritten security policies and risk profiles to an external supplier. But the concept became increasingly compelling.

At the turn of the Century, John Thompson, CEO of Symantec, asked me what I wanted from his company. “Services” I replied. “Why sell us products when we really need services?” He subsequently introduced managed services, though it took time for the skills and prices of the early pioneers to match the requirements of customers. But since those early days most users have bought into a growing portfolio of managed security services, either to extend the capability of an in-house function, or to ensure there is independent testing of the security delivered by an IT service provider.

Today we face a new security challenge. Working out how to get the best out of the growing number of single point solutions coming onto the market. At the last count there were several thousand to chose from, and they’re growing. No user can keep track of this marketplace. And the more products you consider, the less thorough your evaluation will be. That’s why we need the services of external experts with the time, experience and incentive to evaluate new products. I expect this market to grow considerably. Because as Maxima point out, you can save money if you get the solutions right.

Of course, you also burn a lot of money on security consultants and still get it wrong. So always seek recommendations before employing external suppliers.