Will corporates outsource security?

The growing range of security threats may force more firms to use outside expertise

For IT security over the next few years, firms will increasingly turn to third-party services, and will also want better protection for mobile devices, according to predictions by internet security firm F-Secure. Speaking this month at the firm’s headquarters in Helsinki, chief executive Risto Siilasmaa said there will be big changes over the next five years, as IT departments will find it increasingly difficult to manage security in-house.

Siilasmaa said growing dangers and the increasing amount of technology to be managed – including multiple connected devices, networked applications and voice over IP – would present a huge challenge for IT departments.

“The corporate environment is getting more and more complex, with different types of threats, so it is becoming more difficult for IT [departments] to analyse these threats, understand vulnerability levels and configure firewalls and PCs,” he said. “In this rapidly expanding space we think security will become less and less an in-house process.”

F-Secure is focusing on selling security systems to service providers such as ISPs and mobile operators, which then incorporate the products in their own offerings. “We have gradually been adding features [to our products] to cater to the needs of service providers,” Siilasmaa said. “Our licence sales have been stagnating but long-term growth is possible through selling security as a service.”

Jimmy Ruokolainen, F-Secure’s business development manager, said that moves to outsource IT and content security are part of a broader trend for IT outsourcing. “The business challenges are changing in IT security,” he added. “[IT departments] don’t have the manpower and can’t keep the required skill-set up to date. Therefore, increasingly, service providers play a key role.”

Ruokolainen said F-Secure’s service partners are well placed to offer protection as they understand their customers’ needs.

Mark Blowers of analyst Butler Group argued that security provided by such service providers could reduce costs, and make management easier – as a single vendor could handle a wide range of issues and provide a single bill. “The time has long gone when IT managers built their own solutions. For mobile [security] especially, not many firms have that much experience.”

Antti Vihavainen of F-Secure’s mobile business unit said greater cooperation is needed between mobile operating system manufacturers and mobile device vendors, to improve the security of kit.

F-Secure said that threats to mobile security have taken longer to materialise than anticipated – it released its first mobile product in 2000. But dangers have grown substantially since June last year, and over 50 mobile viruses have now been reported, in over 30 countries.

“Symbian [a mobile operating system consortium] has already taken measures to avoid infection, but operating systems and mobile vendors need to work together on a security-focused hot-fix process for the platforms,” said Vihavainen.