2004: The breakthrough year for managed security?

* Managed security primed for advances this year

By Scott Crawford, Network World, 01/14/04

“Managed security” is a term used to describe a wave of initiatives that seek to tame the information security jungle on two fronts: the human expertise necessary to handle the challenges, and the systems that integrate intelligence in their security architectures. Developments this past year indicate that 2004 may shape up to be the “Elvis year” for managed security on both fronts.

VeriSign’s recent acquisition of Guardent is one example. Prior to their joining, Guardent was one of the most respected independent managed security service providers, while VeriSign was one of the more recognized names in the MSSP market. When backed by the acknowledged leadership of Guardent, VeriSign’s name recognition, relative financial stability and offerings beyond managed security indicate that the whole may be greater than the sum of the parts. That’s not just good news for VeriSign and Guardent - it’s also good news for MSSPs, since they are viable unless and until integrated managed security architectures mature enough to compete.

It’s that maturity we hope to see emerge this year. We still have a way to go before we see architectures that can truly span the entire range of security functionality, coupled with intelligence in discovering and prioritizing the infrastructure itself as well as a proper correlation of vulnerabilities and threats - but intriguing developments abound.

Security information management platforms are perhaps the most promising development on this front, combining data from a wide range of security elements in a single “nerve center.” The dynamic, responsive provisioning technology absorbed by IBM in its acquisition of ThinkDynamics last year illustrates the sort of automation that may eventually characterize security architectures and security event resolution. Innovators such as Skybox Security are making interesting inroads in applied intelligence, while the market leaders in management, such as IBM and Computer Associates, are leading integration developments.

There are unanswered questions about these directions, of course. Aside from the possibility of centralized control leading to centralized vulnerability, I also wonder who will be watching the watchers? For outsource providers, auditing will need to be real and meaningful.

For managed security architectures, authentication will play a crucial role, since automated functionality may become even more highly trusted than personnel. Automated security measures that can be just as readily used to launch an exploit would be disastrous. For this reason, we will be watching developing trends in system integrity assurance measures, such as those for which Tripwire has long been known, as well as identity management - an area that already has considerable momentum thanks in part to its demonstrable ROI in the here-and-now - and how it enables automated managed security.

There remains the question of price. Whether any organization beyond the Fortune 1000 will be able to take advantage of the initiatives in the near term is an open question. Thus, while 2004 may be a milepost for innovation, it may only be the beginning of a more pervasive trend. We expect, however, that this year will give significant direction to managed security initiatives that will shape that trend. We’ll be looking at - and for - the innovations that are most promising.