One the one IT security professionals from a budgetary perspective have never had it so good. Every IT budget forecast for the coming year projects a major increase in IT security spending. One of the latest projections put together by venture capitalists estimates that cumulative spending on IT security will top $1 trillion by 2021. Inside a lot of IT organizations, however, that news needs to be tempered by the fact that IT security spending as a percentage of the overall IT budget is relatively small. That means a double-digit increase in IT security spending, for example, might not have that much of a material impact in terms of improving IT security.
But as IT security becomes a higher priority many IT security professionals are also going to have to come to terms with how their roles are changing inside their organizations. Today there’s a predisposition to deploy IT security technologies in a way that is managed by the local IT security professional. But as is the case with much of IT these days the management plane for IT security technologies is moving into the cloud. IT security technologies still need to be deployed locally. But the ongoing management of those platforms is increasingly delivered via the cloud.
Naturally, this shift also results in a change of attitude regarding who might be managing the IT security infrastructure. In many cases, it will continue to be a local IT security staff that will in effect act as a broker of IT security services delivered via the cl oud. In many instances, however, the brokering of those services is going to be provided by a managed security service provider (MSSP). In fact, three macro trends suggest MSSPs will be playing a much bigger role in the delivery of security as a service in the months ahead.
The first is the shortage of IT security expertise. Many organizations simply can't find the talent they need to fill open positions. MSSPs are generally in a better position to pay what IT security talent there is a higher salary. Unless there is a massive influx of IT security talent MSSPs will just outbid internal IT organizations for the best talent.
The second factor is IT security automation. Thanks to the rise of machine learning algorithms and Big Data analytics the quality of the IT security that can be provided is improving rapidly. But mastering these technologies requires a level of investment that most IT organizations at least initially are not going to be able to make. Because of that issue, most of these advanced technologies will be consumed as a service delivered by a service provider that can aggregate the expenses associated with implementing them across multiple organizations.
Finally, there's the general trend towards treating IT as an operating expense. Rather than investing capital in acquiring IT products many organizations now prefer to treat IT as an operating expense that is immediately tax deductible. That approach frees up capital for uses on non-IT projects that tend to be core to the business. As that trend continues more organizations will prefer to pay for IT security services in the same way they pay for infrastructure-as-a-service (IaaS).
MSSPs today account for less 25 percent of the total IT security market. But as IT as a whole becomes more of a service the percentage of IT security delivered as a service by a third-party should expand considerably in the months ahead. The challenge facing IT security professionals working inside IT organizations now is to recast their role as the individual that manages the delivery of those services versus building, deploying and managing every of them on their own.
Mike Vizard has covered IT for more than 25 years, and has edited or contributed to a number of tech publications including InfoWorld, eWeek, CRN, Baseline, ComputerWorld, TMCNet, and Digital Review. He currently blogs for IT Business Edge and contributes to CIOinsight, The Channel Insider, Programmableweb and Slashdot.Mike also blogs about emerging cloud technology for Intronis MSP Solutions by Barracuda.
Mike Vizard se spécialise dans l'informatique depuis plus de 25 ans et à ce titre, a publié et contribué à de nombreuses publications techniques, dont InfoWorld, eWeek, CRN, Baseline, ComputerWorld, TMCNet et Digital Review. Il rédige actuellement des articles de blog pour IT Business Edge, et contribue à la rédaction d'articles pour CIOinsight, The Channel Insider, Programmableweb et Slashdot. Mike Vizard rédige aussi des articles traitant des nouvelles technologies Cloud pour SmarterMSP.