As network attacks become more frequent and complex, large corporations and
government agencies are turning to outside contractors for security.
If the trend holds, enterprises will outsource 90 percent of security
operations by 2010, driving the market for managed security services to
$3.7 billion, according to a new study from the Yankee Group.
The total dollar figure rivals such major corporate budget line items as
human resources, finance and accounting and supply chain management.
Increased threats from viruses and hackers have forced companies to bring
security from the network perimeter to links between network components, hosts
and servers, and databases and end-user databases, Yankee analysts Matthew
Kovar wrote in the report.
In addition, new regulations, most notably the Health Insurance Portability and
Accountability Act (HIPAA) and Sarbanes-Oxley, have forced CEOs and CFOs to think of
security from a business standpoint, instead of just an IT department
Such legislation has been a boon to security companies that market
regulatory compliance software and vulnerability assessment appliances,
many of whom have tailored their marketing to take advantage of the
government’s mandates, Kovar said.
In general, security firms are growing. For example, privately held nCircle
is seeing business surge
in recent months and is planning an expansion.
Likewise, eEye recently rolled
out a new version of its product to protect companies from known
threats and “zero day” attacks, hacks that exploit an unknown
Big players are noticing, too. Earlier this month, antivirus giant McAfee paid $86 million
for Foundstone, thus gaining entry into the
vulnerability assessment and IT management market.
And in the last year, network equipment stalwarts have shelled out large
sums for security software to integrate into gear that handle corporate
packets. For example, Cisco
bought Okena, and Juniper
scooped up NetScreen.