Security
is one area that midsize businesses (MSBs) cite as
a priority for investment in 2004, and Gartner research
indicates that more than 60 percent of North American
MSBs don’t have a dedicated resource to manage
security. Thus, MSBs are prime candidates for the
use of external service providers (ESPs) for security
professional services as well as operational services,
such as monitoring or managing security infrastructure.
The
results from a recent Gartner user needs survey provides
insight into the types of security services MSBs plan
to buy and identifies the factors they consider when
choosing an ESP for security services. Network penetration
testing was the most popular service identified by
MSBs, with network security assessment cited as the
next priority.
| |
| Activities
for ESPs in the Next 12 Months (Percentage
of Respondents) |
| |
100
to 999 Employees
(N=61) |
|
| Network
Security Assessment |
31 |
| Security
Architecture Development/Review |
25 |
| Network
Penetration Testing |
43 |
| Security
Product Implementation/Integration
|
20 |
| Security
Policy Development/Review |
15 |
| Internet
Server Hardening |
18 |
| Wireless
Security Product Implementation/Integration
|
11 |
| Physical
(Site) Security Assessment |
11 |
| Wireless
Security Assessment/Policy Development
|
13
|
| Security
Incident Response |
10 |
| Internet/Intranet
Application Software Code Review/Testing
|
8 |
| Identity
Management/Global Directory Projects
|
3
|
| Other
|
2 |
| None |
31 |
Note:
Multiple responses allowed.
Source: Gartner Dataquest (October
2003) |
|
|
Table
2 below shows responses to the survey question regarding
the most important factors in choosing a security-consulting
vendor. Expertise and reputation – in security
and in IT services – and track record rank highest.
| |
| Importance
of Factors in Choosing a Security
Consulting Provider |
| |
100
to 999 Employees
(N=48) |
|
| Expertise
and Reputation in IT Security |
6.02 |
| Expertise
and Reputation in IT Services (Consulting,
Implementation, Management) |
5.81 |
| Demonstrated
Track Record (as Conveyed by Customer
Testimonials or Reference Accounts)
|
5.51 |
| Price |
5.15 |
| Vendor's
Security Certifications and Security
Organization Affiliation |
5.35 |
| Your
Established Relationship With This
Vendor |
5.23 |
| Ability
to Offer Turnkey IT Security Solution
|
4.64 |
| Ability
to Offer/Support Specific Brands of
Security Hardware/Software |
4.55 |
| Familiarity
With Your Company's Industry (Vertical
Expertise) |
4.26
|
| Geographic
Coverage Capability |
3.91
|
Note:
Rated on a scale of 1 to 7 in which
1 = not at all important and 7 = extremely
important.
Source: Gartner Dataquest (October
2003) |
|
|
Security
vendors approaching the midmarket or IT services vendors
adding security to their MSB offerings should consider
the following Gartner recommendations:
| • |
When
targeting midsize businesses, vendors should invest
in security visibility, reputation and reference
accounts. |
| • |
Security
product vendors and security consultants should
pursue opportunities to sell or channel managed
security services to midsize businesses, for which
strong security reputation and expertise are important.
|
| • |
Security
vendors should partner with trusted advisors that
can provide low-cost assessments to identify potential
vulnerabilities. |
| • |
To
address the overall midmarket, it is necessary
to offer, organically or via partners, turnkey
solutions and integration skills. |
You
can learn more about MSB’s preferences for security
services from nearly 500 IT decision-makers firsthand
at Midsize
Enterprise Summit. For details on presentation
opportunities, click
here or call toll-free 877-619-7956, x493.
Reference
Research
Brief
SMBs Show Preferences for Security Services
Publication Date: November 5, 2003
Author: Kelly Kavanagh, Gartner, Inc.
|
