Contingency Planning

The demand for managed security is rapidly on the rise. Managed-security services are the outsourced management of enterprise security devices, systems and processes. Providers offer a broad range of services, from Web filtering to firewalls to virtual private networks (VPNs), intrusion detection, antivirus solutions, access control and monitoring. Boston-based research and consulting company The Yankee Group, estimates this managed-security market, combining small and midsize businesses and enterprises, will grow to more than $1.8 billion by 2005, up from $630 million in 2001.

Companies are increasingly avoiding the capital expenses of in-house security expertise. And, as the skills needed to manage security and disaster recovery continue to be in short supply, gateways exist for professional security services.

"Companies are really watching their pennies," says John Bamberger, senior vice president at Analysts International, a Minneapolis-based technology and business solution provider. "If we can provide security cheaper, faster and better than our customers can, then there's the opportunity."

Moreover, the war on terrorism and the resulting uncertainties have pushed many companies to step up their expenditures in areas such as backup recovery, disaster planning, business continuity and security, which is currently the most popular technology deployed in customer solutions, according to VARBusiness' 2002 State of the Market (SOM) research.

While the economic slowdown has had a negative impact on the software sector, Gartner Dataquest predicts double-digit increases in security software spending both this year and next year.

"We predict that in 2002, the security-software market will see year-over-year growth up 18 percent as enterprises reflect their concern for security,stimulated by the events of Sept. 11,in their buying decisions," says Colleen Graham, industry analyst at Gartner Dataquest. "Enterprises are looking particularly at defensive security technologies." Among the critical infrastructure necessities, antivirus (90 percent), firewall (86 percent), VPN (51 percent), encryption (48 percent) and intrusion detection (35 percent) are the leading solutions, SOM data shows.

Companies that fail in their security efforts may find themselves facing at least one breach in the next few years that could disturb services and challenge or disrupt business continuity.

"The Code Red and Nimda attacks demonstrate the need for security layers to increase a network's ability to thwart previously unknown attacks," says Peter Crosby, director of product marketing for WatchGuard Technologies, a Seattle-based Internet-security solution provider.

The bottom line is businesses can no longer chance their disaster-recovery or security plans to low-level status in their IT strategic planning processes. While security, privacy and business continuity implementations should receive the end-user funding and resources they need in 2002, low-cost and highly efficient solutions may offer the optimal returns on investments.