Tuesday, February 3, 2009

Managed Security Services Growing Among SMBs


A new report from Forrester Research on the state of IT security at small to midsize businesses (SMB) in North America and Europe predicts ongoing growth in the managed security space.

In a result similar to that of enterprise respondents, SMB executives reported that the two top drivers for using managed security services is the demand for a specialized skill set that security requires (cited by 31% of the respondents) and the need to reduce costs (cited by 24%).

Other reasons cited for adopting managed security services include:
  • The need to reduce complexity (19%)
  • The need for 24/7 security coverage (19%)
  • The rest of the IT environment is outsourced (5%)
Managed Services Tops for Filtering and Monitoring
The report also revealed that the top two services SMBs ask from their managed security provider are e-mail or Web content filtering (36%) and network firewall monitoring (33%). Forrester believes that the biggest uptick in the next year, however, will come from increased use of vulnerability management and assessment. Some 20% of SMBs plan to deploy these services in the next twelve months.

The Forrester report clearly shows that SMBs have a strong interest in all facets of managed security services. Some 23% are already using it for identity and access management, and another 35% are interested in it, but either have no plans or no budget for adding it to their slate of services.

Similar proportions of SMB executives recognize these issues: host event log monitoring or management (31% are interested but have no plans or budget); IDS/IPS monitoring or management (30%); endpoint security (34%); and regulatory compliance monitoring and assessment (31%).

When To Add Managed Services
The Forrester survey didn't tackle one of the most interesting questions from a managed services standpoint (in fairness, the focus was on security, not managed services). That is, what will it take for SMBs to start adopting the services in which they express interest, but have not yet budgeted for?

Our recommendation is to be proactive and deliberate about adding services. Don't wait for the need to arise; develop a plan to takes into account your security needs and build capabilities into both your budget and deployment plans on an incremental basis. That way, you'll enjoy the highest level of protection with a minimum amount of disruption.

No comments:

Post a Comment