Enterprise security spending is usually focused on firewalls, intrusion detection systems, hiring security professionals
or providing in-house education, for example. A new study, however, predicts a shift in spending toward security services that will balloon that market to more than $20 billion by 2007.
Framingham, Mass.-based International Data Corp. is predicting the worldwide market for security services to be $23.5 billion by 2007, which represents a 20.9% annual growth rate. IDC includes a wide range of things under "information security services" in its analysis, including: professional services; consulting; integration and implementation services; managed services (such as managed security service providers); response services and education and training.
Allan Carey, program manager for Information Security Services at IDC said security spending is still a priority for enterprises and security was one of the few IT markets where spending did not nosedive during 2001 and 2002. In the next few years, he predicts enterprises will need help from service providers in evaluating business risks and securing valuable assets.
By getting an independent view of their security, companies can then design a security program that suits them well. "For example, they may want to get a baseline of their security posture," Carey said.
The survey also predicts enterprises will spend on services that focus on improving a return on their security investments or enhance manageability.
The IDC study highlighted wireless and application security as two areas companies should think about in terms of outsourcing. Many companies have jumped on the wireless bandwagon but sometimes the security for wireless networks is lacking. Carey suggests enterprises may seek outside help in assessing wireless or application risks, architecture design and implementation.
Securing applications is two-fold. First, there is the concentration on security when applications are written, not as an afterthought during the quality assurance testing. Also, it means making the security implementations of applications are considered before they are deployed in an environment. "Companies could be opening themselves up to new areas of vulnerabilities," Carey said.
Other areas where enterprises may outsource is in business continuity, disaster recovery and incident preparedness.
Currently, the United States is the main consumer of such services, Carey said. But the mammoth growth will come from companies in other countries as they try to get their security houses in order, he said.
FOR MORE INFORMATION: