Channel Insider content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

The threat of malware, the potential damage and the security management involved in defending against it have grown so important and complicated that they have exceeded the abilities of IT shops to control at most businesses under 1,000 employees.

Depending on a company’s location, even finding staff can be difficult and the cost can be prohibitive for a small staff to address every aspect of security from identity management and denial-of-service attacks to firewall services and managed desktop security. It has become equally hard to find qualified IT professionals to handle these tasks in-house, said Jon Oltsik, a senior analyst specializing in security issues for Enterprise Strategy Group.

“The ability of companies to hire and retain those kinds of people is [limited and the task is] difficult, and for small companies, you have to ask why they would do that,” he said. “It’s not economically feasible, and finding and training them isn’t easy, especially if you’re outside a major metropolitan area.”

Click here to read about Seagate’s launch of a data recovery service at Staples.

The situation has not been lost on vendors and telecommunications carriers, who have quickly moved to fill the void with managed security services offerings once plugged in-house and by regional resellers and systems integrators.

Firms like IBM and Hewlett-Packard are getting into the game, while more established providers like Symantec and Unisys have an opportunity to expand their businesses tremendously. Still others, like Cisco Systems, are beginning to go down that road, and more will follow. Telecom carriers such as Verizon will make a bigger play in the managed security services arena over the next few years, Oltsik said, especially around managed network security like firewall services, e-mail services and DoS prevention.

Oltsik said he believes that at this point, companies shouldn’t consider any security need off-limits to the services model.

“You can and will be able to outsource virtually all of your security needs, and companies should consider security services every step of the way,” he said. “There shouldn’t be a distinction such that some things will always be done in-house. Be open-minded about outsourcing everything.”

But know your company’s habits priorities before you jump in, Oltsik said. Start by outsourcing whatever you feel is the most vulnerable, work cooperatively with your service provider on the escalation process, and make sure the provider has the right skills and procedures and that there is good communication, he said.

“It’s definitely the right time for SMBs [small and midsize businesses] to consider managed security services, because of the complexity and because vendors are going to make a major push next year,” Oltsik said. “The most important thing is to be open-minded and look for ROI [return on investment] opportunities.”