As organisations around the world come to grips with the economy it is not surprising to see the resurgence of managed services and other outsourced IT alternatives.
Forrester Research recently published a report that highlighted how, fuelled by global economic recession, the market for managed services is set to explode in the next 24 to 36 months.
The research found that 67 percent of firms used managed services to reduce costs, in many cases switching large capital expenditures over to monthly operational expenditures such as lease arrangements. More than half chose managed services to simplify management and nearly half felt that they could get better reliability of service than if they used in-house staff.
What is most interesting is that even now when most IT and networking spending is being slashed, the growth in security technology remains very strong. In a research note UBS Securities released late last year it forecast a drop in overall IT spending by as much as 15 percent from 2008 but expected double-digit gains through 2009 for the security market.
The reasoning points back to the current economic environment and the layoffs and downsizing impacting organisations across all industries. During downturns, the importance of security grows as organisations need to protect against valuable digital assets, like trade secrets or customer lists, walking off with soon-to-be ex-employees. A similar need exists to protect against hackers - both inside and outside the organisation - from taking down operations.
Between the growing preference for managed services and the strong demand for security technologies, managed service providers are delivering innovative products. Many traditional service providers that provide network services have already started transitioning to security and moving up the network stack to deliver more value to their customers.
Traditional network providers have been able to better differentiate their offerings from competitors by adding ‘clean pipes' services for web protection to existing connectivity packages. Although many offer various types of network-layer security protections such as firewall and intrusion prevention and detection services, increasingly these service providers are moving closer to content and application-specific security, for example inspecting web contents for abuse, malicious code threats, data leaks or compliance violations. In particular, applying greater security measures to web traffic is growing in importance especially as more business-critical traffic and applications are using the HTTP protocol.
A great example has been the shift from viruses and malicious code previously being distributed as the payload of an email attachment to code injected into a legitimate, reputable website.
With the increasing adoption of SaaS delivery models for enterprise applications and the larger shift to cloud computing, the reliability of web access is becoming truly business-critical and securing the traffic against the myriad of threats an imperative. Service providers that already provide connectivity to organisations - whether local links for small business or branch sites or global WAN services for large multi-nationals - are in a key position to deliver additional value through managed web security.
Largely driven by customer requirements, the deployment model for these managed security services can vary widely. Cloud security models leveraging shared, multi-tenant infrastructure hosted by a service provider is one approach that is attractive due to their very low cost derived from their inherent economies of scale. These cloud models also make the provisioning of new users very easy.
However, significant challenges exist around delegating the right level of policy control to individual end users and protecting against co-mingling of customer-specific reports and other traffic data. A more common approach is where the service provider will host dedicated equipment on a customer-specific basis, which provides greater security and ‘peace of mind' for the client, as well as greater granularity of policy definition.
The third approach - and the option with the greatest customer value - is the on-premise deployment of the security solution on the enterprise network. In this scenario, the service provider would install the equipment then provide remote management and administration of the system, much like how managed routers are deployed today. The customer gets the greatest control in this situation, even though the equipment may be owned by the service provider and the customer paying a monthly fee for the equipment and related services.
Service providers can also offer additional managed service add-ons with the on-premise deployment of web security. For large, distributed organisations looking to reduce WAN backhaul traffic, a dedicated on-premise device used for security at the data centre could also be used for in-region "direct-to-net" breakouts with common policy set and managed at a global level.
Furthermore, these same devices can be leveraged for WAN optimisation to accelerate critical applications traffic, like email and file services, between the data centre and branch sites. Clearly there are a number of ways customers can choose to take advantage of web security to better protect their business. And in the present economic downturn, implementing the right inbound and outbound web security is more important than ever.
Managed services represent one approach that can be used to alleviate the cost and management burden. With the right technology platform, these managed services also offer additional benefits.
Issue: 277 | March, 2010