Analyst: Security spending shifts to outsourcing by '07

IDC predicts big growth in spending on security services by 2007. IDC said companies are looking for help in establishing a security baseline for their companies, assessing risks and help with management and implementation.

Enterprise security spending is usually focused on firewalls, intrusion detection systems, hiring security professionals or providing in-house education, for example. A new study, however, predicts a shift in spending toward security services that will balloon that market to more than $20 billion by 2007.

Framingham, Mass.-based International Data Corp. is predicting the worldwide market for security services to be $23.5 billion by 2007, which represents a 20.9% annual growth rate. IDC includes a wide range of things under "information security services" in its analysis, including: professional services; consulting; integration and implementation services; managed services (such as managed security service providers); response services and education and training.

Allan Carey, program manager for Information Security Services at IDC said security spending is still a priority for enterprises and security was one of the few IT markets where spending did not nosedive during 2001 and 2002. In the next few years, he predicts enterprises will need help from service providers in evaluating business risks and securing valuable assets.

By getting an independent view of their security, companies can then design a security program that suits them well. "For example, they may want to get a baseline of their security posture," Carey said.

The survey also predicts enterprises will spend on services that focus on improving a return on their security investments or enhance manageability.

The IDC study highlighted wireless and application security as two areas companies should think about in terms of outsourcing. Many companies have jumped on the wireless bandwagon but sometimes the security for wireless networks is lacking. Carey suggests enterprises may seek outside help in assessing wireless or application risks, architecture design and implementation.

Securing applications is two-fold. First, there is the concentration on security when applications are written, not as an afterthought during the quality assurance testing. Also, it means making the security implementations of applications are considered before they are deployed in an environment. "Companies could be opening themselves up to new areas of vulnerabilities," Carey said.

Other areas where enterprises may outsource is in business continuity, disaster recovery and incident preparedness.

Currently, the United States is the main consumer of such services, Carey said. But the mammoth growth will come from companies in other countries as they try to get their security houses in order, he said.

FOR MORE INFORMATION:

CIO Trendwatch: Outsourcing, grids, new Windows heat up the headlines

Featured Topic on outsourcing

Meta: Half of all companies still reluctant to outsource

Dig deeper on Domestic outsourcing

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCompliance

SearchHealthIT

SearchCloudComputing

SearchMobileComputing

SearchDataCenter

Close