It was hard to ignore the din coming out of last week’s Symantec Vision conference in Las Vegas, where the vendor reasserted its claim to the top of the security world and emphasized hosted services as its next billion-dollar business. And no sooner did the faithful depart Sin City did Big Yellow get its first big endorsement for its next era of security services: FishNet Security adopting Symantec as its hosted partner.

"We provide our customers with the best-of-breed security solutions that go above and beyond meeting their security needs — this includes offering industry-leading technology and service bundles that offer our customers the leading edge technology they can use to secure today’s complex enterprise. Symantec Managed Security Services will enable us to offer our customers the highest level of protection for their mission-critical information assets," said FishNet CEO Gary Fish in a statement.

FishNet’s endorsement of Symantec’s Managed Security Services isn’t trivial; the “information security solutions provider is the largest security integrator in North America and a pioneer in security information management as a service. Some may argue that it’s precisely what was needed for the hosted and managed services offerings that have muddled in mediocrity since Symantec entered the market through the acquisition of RipTech in 2003.

Back in the early 2000s, the fledgling managed security service providers (MSSPs) couldn’t give away their programs to businesses or resellers. Companies like Guardium, NetSec, TruSecure, Counterpane and others melted through acquisitions into the fabric of large telecom carriers and security vendors. In the last several years, Symantec has pushed into services through the acquisition of Brightmail, MessageLabs and RipTech (Big Yellow loves showing off its Virginia Security Operations Center it picked up in the RipTech deal). But Symantec hasn’t necessarily capitalized on these investments; in part because the almost apathetic appetite for security services.

At its Partner Engage conference last November, Symantec executives spoke about the emerging opportunities in cloud-based security services and managed services. MessageLabs, which is still being integrated into the Symantec family, provides a platform for email security services to compete against McAfee, Cisco and Google (Postini). At last week’s Vision conference, CEO Enrique Salem reasserted Symantec’s claim as the king of the security world and said security services would contribute as much as 15 percent of the company’s revenue within five years.

In the FishNet partnership announcement, Symantec Americas channel leader Randy Cochran’s statement reflects the growing opportunity to both security vendors and their solution providers in managed and hosted security services. He said: "To be truly protected against today’s increasingly complex and organized cyber attacks, organizations need more than traditional security controls."

But there’s something more at play here. Symantec went into its conference week on the news that it was turning over its professional consultative security services entirely to partners. Rather than competing with its solution providers for lucrative professional services revenue, Symantec decided to remove the offering from its sales teams and shift resources toward augmenting and assisting partners with performing tasks such as security assessments, auditing and systems designs and implementation. When I spoke with Cochran about this, he conceded that professional services is a mirror revenue source for Symantec and that only a handful – number in the hundreds out of its partner community of 40,000 globally – would be able to take advantage of the professional services opportunity.

The math is simple on this equation. Professional services are human resource intensive, expensive to maintain and don’t scale well. Hosted and managed services, on the other hand, are far more economical. The margins are higher, the ratio of staff to customers is much higher (250 to 1, in some cases) and it scales comparatively easily. In terms of adoption, thousands of Symantec partners will be able to resell – more like represent – Symantec’s managed security services since Symantec will bear the bulk of the infrastructure and staffing burden.

Scale and economics aren’t the only factors at play. Symantec like most other security vendors recognize that the dizzying and growing array of threats can be no longer contained by on-premise or client-side applications such as antivirus. Cisco recently bought ScanSafe to enter the email security services game. Google continues to leverage Postini as its security arm. Trend Micro has long made cloud-based security services a cornerstone of its growth strategy. Blue Coat is performing advanced Web filtering through its cloud offerings. McAfee is expected to announce a cloud channel program next month. Panda Security rolled out more Web-based security features last week as it continues to reinvent itself as “the cloud only security vendor.” And the list goes on. With more than 3 million unique malware samples expected in 2010 (more than the previous two years combined), the continual updating of signature files and scanning hard disks for suspect code is simply becoming a losing proposition. Hybrid security cloud offerings that perform security scans and augment client-side apps will soon become the norm.

No one is saying that the cloud will replace security network- and client-based security applications and appliances. Even as Symantec lays plans for endpoint and data loss prevention services, it’s not entirely convinced. Last November, Salem said Symantec’s cloud and managed services revenue would top $1 billion by 2015, but that it would be more than 15 percent to 20 percent of overall revenue.

What role will solution providers large (like FishNet) and small play in this future world of cloud-based security? Many security solution providers are tied up with vendors and carriers to resell their services. Others are developing capabilities and partnerships to deliver their own homebrew services (FishNet, for example, partners with Q1 Labs to build its own security information management as a service offering). Product sales will not evaporate, but solution providers should begin questioning how big their slice of the revenue pie will be. As services creep into the portfolio, average sale prices for solution providers will likely fall. Some vendors will argue that solution providers’ cost will fall accordingly, but that may be small consolation for VARs who are constantly told that they should grow rather than contract.

LAWRENCE M. WALSH is a vice president and market expert specializing in security and channels at Ziff Davis Enterprise. His blog, Secure Channel, follows security technologies, vendors and trends in the channel. You can reach him at; and follow him on Facebook (!/lmwalsh) and Twitter (