Report Card: Incite #9 - Services

OK, here are the final four Report Cards of 2006. Tomorrow I'll have a bonus for you all in the form of grading a less publicized set of predications I made for 2006 as well. If you relish seeing me squirm under the weight of my abysmal ability to predict things, you'll love tomorrow's post.

Incite #9: Services

Managed Security Services provide increasing value in terms of both operational capabilities and content filtering. Users realize that removing threats in the cloud provides better bang for the buck for mature technologies (firewalls, IPS, anti-spam, gateway AV, web filtering). The biggest challenge in 2006 will be integrating operational and reporting capabilities across internal and MSS spheres of control.

Grade: B

Original Days of Incite post: here
Incite Redux post: here

Managed Security Services (MSS) continues to be the enigma of the security business. The stand-alone folks (Perimeter Internetworking, SecureWorks, and a zillion garage band providers) continue to show good linear growth and are growing both organically and via acquisition. But are either big enough or growing fast enough to go public, or get taken out at a high multiple? What about CyberTrust, which is the largest stand-alone services shop by an order of magnitude but remains pretty quiet?

Can MSS stand-alone for any length of time? Does it matter?

The other part of the enigma is that it’s just not clear how big or how profitable many of these players are, given that most services operations are a small part of a big company. Symantec, VeriSign, AT&T, now BT (after the acquisition of Counterpane) and IBM (after buying ISS) all have MSS operations, but is this strategic for them or just something that they kind of should do, probably? See, quite an enigma.

When faced with an enigma, I usually default back to the customer requirement, which remains strong for MSS. Managing security hasn’t gotten easier and perimeter defenses tend to be pretty stable at this point, so having someone else do it makes a lot of sense. If I could get rid of bad content (email and web filtering) in the network, isn’t that a good thing? You bet and that’s not changing moving forward.

What about these “clean pipes” services from the bit haulers? That didn’t happen in any sense in 2006. Big Telecom continues to try to figure out what security means and given they are a little pre-occupied with things like Triple Play, adding value to the pipe has fallen to the bottom of the list. Will clean pipes happen? Yes at some point, but probably not in 2007 either.

The last part of the Incite was a bit ahead of itself, since the large enterprise has largely not embraced MSS and mid-sized companies tend to be cool with the MSS’ folks doing most of what needs to be done. So the need for integration of MSS and internal security operations are largely non-existent.

But given the customer need and the inevitable entrance of bigger players – MSS will continue to be a legitimate operational option for customers to farm out some of the drudgery associated with ongoing security functions.