Enterprises are increasing their spending on professional and managed security services. According to ESG Research, 58% of security professionals say that their organization’s use of managed and/or professional services for information security has “increased substantially” or “increased somewhat” over the past two years.
Just what types of services are they consuming? The list is long and diverse, but according to ESG Research, the top five categories are as follows:
- 33%: Security architecture and infrastructure design (i.e. professional/consulting services)
- 30%: Threat intelligence services
- 30%: Network monitoring services
- 30%: Security /risk management /regulatory compliance assessment
- 29%: Web threat management
Beyond this, they are also purchasing services for e-mail security, vulnerability scanning, penetration testing, and staff augmentation amongst other things.
Large organizations typically consume IT services for a number of reasons. At the one extreme, they outsource mundane tasks rather than take these on themselves. At the other end of the spectrum, they seek out specialized skills for more esoteric, high-value activities. Somewhere in the middle, they purchase services to supplement what they are doing in house. The ESG Research indicates that enterprises are most interested in supplementing internal efforts and paying for outside security expertise.
Given the combination of a security skills shortage and the increasingly sophisticated threat landscape, it is highly likely that the security services segment will see healthy growth over the next few years.
For more information, see the ESG Research Brief, The Growing Use of Professional and Managed Security Service Providers.