Just about everywhere you turned at the RSA Security this week somebody was talking about delivering security as a service.
For example, AT&T plans to expand its managed security service to include offerings that manage encryption and allow developers to iteratively check their development code of security holes. Network Box, meanwhile, is offering a unified threat management service that is based on set of security appliances it builds. The way the service is works is that you can't buy the appliance without the service. ScanSafe, meanwhile, talked up its partnership with Google to defend users against malware attacks of all kinds.
Of course, SonicWall, McAfee Google, Microsoft and Symantec and a host of others have been promoting this concept for a number of years. But before the economy started going south, security as a service was never really the most popular option. But now IT organizations are not only having trouble recruiting security talent, a lot of them are discovering they can't afford to keep that talent in house.
The end result is a marked increase of interest in security as a service. As Stan Quintana, vice president of security services for AT&T, puts it moving to a security service can result in a 30 to 50 percent saving because the customer no longer has to buy all the security hardware and the cost of buying the service is lot less than the cost of hiring your own security team.
The challenge for customers is going to be sorting through all the different services. A lot of vendors are offering a service around their particular product. But in reality most organizations need a lot of different security services so ordering one service from one vendor and another service from somebody else is going to be impractical compared to buying one comprehensive security service.
So the question in the battle over security services that is currently brewing, the question is can the vendors win the day by turning their products into services or are they going to have to yield to a new generation of managed security services provided by integrators such as AT&T that can cost effectively bundle multiple security services.
Odds are good that at the end of the day the integrators are going to win this battle for the loyalty of the customer. And as this trend continues to evolve, it's going to require security vendors of all stripes to rethink the way they bring their products to market.