Channel Insider content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

It’s truly an ill wind that doesn’t blow
somebody some good.

That seems to be the
case with managed security services. As the overall economic environment
continues to deteriorate, IT organizations appear to be becoming more amenable
to buying managed security services as opposed to trying to find and hire their
own dedicated security professionals.

International Data
Corp. estimates that the managed security services market grew about
19.6 percent
to reach a total size of about $1.3 billion in
2007. More interestingly, IDC
expects the category to grow $2.8 billion by 2012, which represents a compound
annual growth rate of 17.2 percent.

As great as that may
sound to the average solution provider, there are a couple of things that
solution providers might want to consider before they precede whole hog into
developing a managed security service.

The first item is the
managed services market is split among traditional solution providers,
telecommunications carriers and vendors selling dedicated software-as-a-service
offerings. As the complexity of security increases and the cost of hiring
security expertise rises, there is no doubt that IT customers will look to
services to help mitigate their risks. The question that solutions providers
need to ask themselves is can they effectively compete with telecommunications
carriers and the vendors themselves to get that business. Already, we’re seeing
the beginnings of a trend where security services are being delivered as an
element of an overall cloud computing strategy
where all the
security equipment resides on the premise of the solution provider rather than
the customer, as opposed to a traditional managed service model where the
equipment resides on the customer’s premise and is remotely managed by the
solution provider.

Given that trend, the
average solution provider may need to decide if it wants to invest in building
out that infrastructure or if the better part of valor is to simply resell
someone else’s security services under their own name.

For example, Secure
Designs, a provider of managed security services, is betting that this will be
the case with a large percentage of the channel. The company recently launched
its own channel program under which
solution providers can resell Secure Design services under their own brand names.
Secure Design’s major vendor partner for these services is SonicWall, which has
previously established a channel model under which it shares recurring revenue
with solution providers that resell managed services using SonicWall security
products.

Whether it’s worth
building your own managed service or reselling someone else’s all depends on
the level of in-house security expertise you have on hand today and how much of
that expertise they can retain tomorrow.

Clearly, demand for
managed security services is not going to fall any time soon. But the methods
by which managed services are delivered are evolving rapidly. And that may
prove to be the biggest factor of all when it comes to laying out a business
plan around managed security services.