|
Security
continues to be one of the top three IT initiatives
for midsize businesses (MSBs). This continues to be
in direct conflict with the number of resources that
MSBs have to manage their security needs. More than
60 percent of MSBs don't have a dedicated resource
to manage security – an opportunity for security vendors
providing services to the midmarket.
Further,
more MSBs are expanding their use of the Internet
for business transactions, making them more vulnerable
to security attacks. In fact, these businesses also
need to be reminded that security is about more than
just protecting against external vulnerabilities.
Helping midsize businesses implement standard guidelines
and written security policies to secure their systems
and data is yet another opportunity for savvy security
providers to get their foot in the door.
What
do users want and need for security services in the
midsize enterprise?
|
>
|
Security
expertise and service delivery track record
are key for MSB service buyers.
The
message for services companies looking to offer
security services is clear – establish
security credentials to gain the attention of
potential customers. Vendors should explore
partnering opportunities, as well as acquiring
security expertise via acquisition. Of note
is that security certifications or security
organization affiliations do not rank high among
the factors that affect the buying decision;
these are now part of the cost of entry to providing
services, rather than a decision driver.
|
|
>
|
Enterprises
are focused on securing the network perimeter
against external threats.
"Keeping
the bad guys out" security continues to
dominate management concerns and plans, and
MSBs that have invested in firewall and intrusion
detection systems are concerned about the resources
needed to monitor and manage them. Vendors should
focus on the essential elements of designing,
implementing and managing perimeter security
devices and services.
|
|
>
|
Security
vulnerabilities in hardware and software are
considered the top threat to business security.
Security
services vendors can help enterprises address
this threat by providing timely information
on MSB systems that provide an up-to-date status
of patches and vulnerabilities. When devices
are under management by a service vendor, the
timely and thorough manner in which patches
and fixes are tested and applied can improve
a customer's security posture.
|
|
>
|
Users
of managed security services consider vendor
performance on their service level agreement
(especially availability and response time)
and improvement in security posture as the most
important criteria for service renewal.
Security
services vendors must focus on service delivery
and demonstrating that outsourcing security
will result in improved security. Gartner recommends
developing reporting capabilities that indicate
the customer's actual performance compared to
the service level agreement, and the customer's
security posture and activity.
|
Want
to know more? Meet with Senior IT Executives from
midsize businesses to discuss their security strategies,
wants and needs at Midsize Enterprise Summit.
Click here for details.
References
Executive Summary
U.S. Security Services 2002: Service Delivery Key
to Customer Retention
Publication Date: October 16, 2002
Author: Kelly Kavanagh
User
Wants and Needs
Midsize Business: Infrastructure Investment Plans
and Priorities, North America 2002
Publication Date: October 7, 2002
Authors: J. Browning, M. Margevicius, J. Pescatore,
J. Pultz, T. Bittman
|
