Will a shift in the way security services are delivered create more opportunities for providers of managed hosting and data center services? Security researcher Bruce Schneier thinks so, citing fresh evidence from last week's RSA conference that security is becoming so complex that it is increasingly being outsourced. Schneier, writing at Wired, describes a growing disconnect between end users and vendors developing new security products and services:
Commerce requires a meeting of the minds between buyer and seller, and it's just not happening. The sellers can't explain what they're selling to the buyers, and the buyers don't buy because they don't understand what the sellers are selling. There's a mismatch between the two; they're so far apart that they're barely speaking the same language. ... For a while now I have predicted the death of the security industry. Not the death of information security as a vital requirement, of course, but the death of the end-user security industry that gathers at the RSA Conference. When something becomes infrastructure - power, water, cleaning service, tax preparation - customers care less about details and more about results. Technological innovations become something the infrastructure providers pay attention to, and they package it for their customers.
The bottom line, according to Schneier, is that many companies don't want to be in IT security business.
Managed security has been an important service offering for hosting providers for years, with popular offerings including managed firewalls and defense against DDoS attacks. Earlier this year we wrote about how Terremark (TMRK) has partnered with Kroll to expand its security offerings, which has helped the company gain new customers for its secure hosting and disaster recovery services.
An examples of that relationship was on display last week, when Terremark and Kroll worked with the University of Miami medical system after backup tapes containing patient information were stolen from a truck operated by its records storage provider. The University turned to Terremark and Kroll to determine whether thieves would be able to access the records. "For more than a week my team devised a number of methods to extract readable data from the tapes," said Christopher Day, senior vice president of the Secure Information Services group at Terremark. "Because of the highly proprietary compression and encoding used in writing the tapes, we were unable to extract any usable data." Based on this analysis, the University said it believes misuse of the information on the tapes is unlikely.