- Microsoft Windows chief decries standards grandstanding
- The 5 best, and 5 worst, features of Google Chrome OS
- Federal government using PS3 to crack pedophile passwords
- 10G Ethernet cheat sheet
- Top 10 free Windows tools for IT pros, at a glance
In 2001, Incyte Corp. found itself in a quandary: The company -- known at the time as Incyte Genomics -- centered on selling subscriptions of its genomic database encyclopedia to the biotech and pharmaceutical industries. As information about the human genome increasingly became part of the public domain, Incyte realized it soon could be left without its flagship product, says Roger Hoilman, vice president of IT at the Wilmington, Del.-based company. That meant Incyte had to find a way to reinvent itself. Incyte has since refocused its efforts on drug discovery, and transitioned into a pharmaceutical company.
This story is part of a special Security Trend Watch issue, in PDF format. Download now.
Restructuring IT was a big part of that effort. The company went from having 900 total employees and an IT staff of 275 people, to having 200 total employees and 10 IT professionals, Hoilman says. "There's no way my staff can run everything 24/7/365, because we don't have the time, and we don't work in shifts. My strategy for keeping my head count down is to have a few people on staff who can wear many hats, and to co-manage or outsource anything I consider busy work," he says. Among those tasks constituting busy work, he adds, was the continual monitoring of firewalls and intrusion-detection and -prevention (IDS/IPS) systems.
Now Incyte works with managed security-services provider (MSSP) SecureWorks (formerly LURHQ) to manage its firewalls and IDS/IPS appliances -- for less than it would cost the company to do the work on its own. Hoilman would need three people to monitor the company's firewall around the clock, he says he figures. At about $90,000 a year plus benefits for a single certified security engineer, he would have to spend more than a quarter-million dollars for firewall and IDS/IPS protection -- and that figure doesn't include the cost of hardware and software. "SecureWorks costs me a little more than half the salary of a security engineer," he says.
12 managed-security-services providers you should know. View slideshow.
Offloading busy-work and saving money also lured Boiling Springs Savings Bank in Rutherford, N.J., to the outsourcing model. The bank, a $1.2-billion thrift with 16 locations in New Jersey, turned to Perimeter eSecurity in 2003 for managed IDS/IPS services and has since added several other services including e-mail and Web hosting.
"Security is always a catch-up game," says Ken Emerson, senior vice president and director of strategic planning at Boiling Springs. "Training for security personnel must constantly be kept current; and for an organization my size, that's a very expensive proposition. An MSSP can leverage the investment in personnel and education across many users," he says.
Indeed, the complexity and expense of providing network security has led many enterprises, especially small-to-midsize companies, to seek out MSSP partners. In a recent survey of the Network World Technology Opinion Panel about security trends, 62% of 483 respondents indicated they were using a managed security service. On average, these readers said they were meeting 30% of their organizations' security needs with a managed service. Two-thirds of respondents said they expected their use of managed security services to increase over the next two or three years.
Rss FeedRss Feed
The Leader in Network Knowledge
Comment