Getting Their Arms Around Security


To outsource or not? Solution providers stay flexible, give customers a choice


With network security among the top priorities for many organizations, deciding whether management of the network should remain in-house or be outsourced is weighing on the minds of many MIS managers and CTOs.

For solution providers, the dilemma poses an opportunity to offer a flexible array of solutions to customers. While some are building network security management into their proposed solutions, others are taking it on as a managed service. Still others are giving clients their pick: Manage network security yourself, or we can do it for you.


Leapfrog's Kirsch says being proactive is key to managing netork security.

Patriot Technologies, a network security consultant and solution provider, integrates network security management into its solutions and lets the customer do the rest.

"We analyze a client's security posture to see if they have a security plan in place, and if they do, is it up to date?" said Bruce Tucker, president of Patriot, Frederick, Md. "Then we perform a technical assessment of their network."

While Patriot doesn't offer a managed network security option, Tucker concedes that the idea of outsourcing is gaining popularity. "It requires a considerable sales effort to convince an organization to do this," he said. "But eventually more people will [be doing it."

Leapfrog, an Atlanta-based managed service provider that focuses on SMBs, has already made the jump.

"If you [look at the midsize-business model, they either do not have a security solution in place or their IT department doesn't have the expertise to build a security model that will properly minimize risk," said Brian Kirsch, director of marketing at Leapfrog.

The solution provider builds a standardized, secure platform using a client's existing equipment and then configures the network so that it can be managed remotely 24x7.

Before initiating a managed network security service, Leapfrog makes sure all the client's network computers meet certain specifications, said Kirsch. And part of Leapfrog's policy is to perform maintenance proactively, not reactively, so staffers can catch potential network problems before they cause downtime. Being proactive is key to managing network security, he said.

"We assume the risk of building a network that's not going to go down," said Kirsch. "If we're working on a PC or server for eight hours, the profit margin for that account is blown."

Leapfrog also provides a fixed monthly price for its services. "This is extremely practical from a CFO [standpoint because it provides a fixed IT budget," Kirsch said.

Ultimately, presenting the idea of a remotely managed network security service to customers is a straightforward process, he said. "First we convince them they need network security and are at risk," he said. "Then we show them it's neither expensive nor troublesome to outsource the management of [that security."

Leapfrog also will offer the customer a free security audit to show them where their network vulnerabilities are and how they can eliminate them, whether or not they use Leapfrog's service to do it. "Our goal is to bring the knowledge of our team to a market that has not been able to understand that they're at risk," said Kirsch. "Our biggest obstacle is people getting over the psychology of what a managed service provider is."

In the meantime, some vendors are designing their offerings so they can be used either as part of an installed solution or as part of an outsourced managed service. Tripwire is one such example. The Portland, Ore.-based company manufactures a line of network and data integrity products that fit within the network security market.

"Some of our solution providers offer consulting and system integration services in which they integrate our product as part of a larger solution," said Dwayne Melancon, vice president of marketing, support and services at Tripwire. "And some use our product as part of their managed service offerings."

Either way, managing network security will remain a top priority for businesses, said solution providers. Given the increasing complexity of today's networks, offloading that task to competent technicians will become more appealing as time goes on.