As network attacks become more frequent and complex, large corporations and government agencies are turning to outside contractors for security.
If the trend holds, enterprises will outsource 90 percent of security operations by 2010, driving the market for managed security services to $3.7 billion, according to a new study from the Yankee Group.
The total dollar figure rivals such major corporate budget line items as human resources, finance and accounting and supply chain management.
Increased threats from viruses and hackers have forced companies to bring security from the network perimeter to links between network components, hosts and servers, and databases and end-user databases, Yankee analysts Matthew Kovar wrote in the report.
In addition, new regulations, most notably the Health Insurance Portability and Accountability Act (HIPAA) and Sarbanes-Oxley, have forced CEOs and CFOs to think of security from a business standpoint, instead of just an IT department concern.
Such legislation has been a boon to security companies that market regulatory compliance software and vulnerability assessment appliances, many of whom have tailored their marketing to take advantage of the government's mandates, Kovar said.
In general, security firms are growing. For example, privately held nCircle is seeing business surge in recent months and is planning an expansion.
Likewise, eEye recently rolled out a new version of its product to protect companies from known threats and "zero day" attacks, hacks that exploit an unknown vulnerability.
Big players are noticing, too. Earlier this month, antivirus giant McAfee paid $86 million for Foundstone, thus gaining entry into the vulnerability assessment and IT management market.
And in the last year, network equipment stalwarts have shelled out large
sums for security software to integrate into gear that handle corporate
packets. For example, Cisco
bought Okena, and Juniper
scooped up NetScreen.