• silicon.com
• Technology
• Security

By Will Sturgeon, 28 April 2005 14:00

NEWS Attendees at this week's InfoSecurity Europe event with some budget in their pockets are facing a decision over whether they keep their security in-house or outsource it. The move towards managed security services is gathering momentum and "nobody is sitting on the fence" according to one player.

Judging by the stands on the show floor and the rhetoric coming from vendors and analysts, the industry is pulling in two very different directions.

Matt Peachey, European director of Ironport, told silicon.com: "People are either open to outsourcing or they aren't."

He believes nobody is in two minds because of the seriousness of the issue and, like other appliance vendors, he is betting heavily on companies continuing to do security in-house. Other vendors are putting a foot on either side of the fence. Clearswift unveiled its new appliance at the InfoSecurity show but has a managed services announcement pencilled in for later in the year, according to Ian Bowles, senior vice president of operations.

"Outsouring something like the security of email, which for many companies is the primary communication method, is a big decision. A lot of companies are going to be reluctant to do that," he said.

But others believe there is a utility element to clean email. Like clean water, some companies want to just turn on a tap and have it come through. They don't really care who cleans the water or how, as long as they are doing it well, according to John Holland, senior vice president of Europe at Cybertrust.

"I think organisations are going to realise there are components of their security which they have to let out," said Holland.

Issues such as filtering spam and viruses are the kind of fire-fighting companies don't want to be concerning themselves with, claim the managed services evangelists. Even managing the products which battle those menaces is an unnecessary hassle, they claim.

Cybertrust's Holland told silicon.com: "As these products move through their lifecycle they naturally move towards the managed services outcome."

Those who are banging the drum for managed services accept that encouraging some companies to hand over control of their security is a big challenge and one which they will never overcome in some quarters.

"There is certainly still a fear factor over outsourcing but more companies are going to need to do it," said Holland. "What they should never do is outsource the policy and the controls."

David Lacey, director of information security at Royal Mail Group, said companies must "remain in the loop" at all times when considering any outsourcing decision. He advised companies not to sign the deal and then forget about the elements of the business they have outsourced.

Certainly a move to managed services removes many of the headaches and a lot of the built-in obsolescence within a company's infrastructure.

Mark Thomas, head of security at Logicalis, said: "Do companies really want to be buying something like a new firewall which will be obsolete in two years' time?

"Managed security looks set to be a boom area."