In 2001, Incyte Corp. found itself in a quandary: The company -- known at the time as Incyte Genomics -- centered on selling subscriptions of its genomic database encyclopedia to the biotech and pharmaceutical industries. As information about the human genome increasingly became part of the public domain, Incyte realized it soon could be left without its flagship product, says Roger Hoilman, vice president of IT at the Wilmington, Del.-based company. That meant Incyte had to find a way to reinvent itself. Incyte has since refocused its efforts on drug discovery, and transitioned into a pharmaceutical company.

This story is part of a special Security Trend Watch issue, in PDF format. Download now.

Restructuring IT was a big part of that effort. The company went from having 900 total employees and an IT staff of 275 people, to having 200 total employees and 10 IT professionals, Hoilman says. "There's no way my staff can run everything 24/7/365, because we don't have the time, and we don't work in shifts. My strategy for keeping my head count down is to have a few people on staff who can wear many hats, and to co-manage or outsource anything I consider busy work," he says. Among those tasks constituting busy work, he adds, was the continual monitoring of firewalls and intrusion-detection and -prevention (IDS/IPS) systems.

Cost and Complexity

Now Incyte works with managed security-services provider (MSSP) SecureWorks (formerly LURHQ) to manage its firewalls and IDS/IPS appliances -- for less than it would cost the company to do the work on its own. Hoilman would need three people to monitor the company's firewall around the clock, he says he figures. At about $90,000 a year plus benefits for a single certified security engineer, he would have to spend more than a quarter-million dollars for firewall and IDS/IPS protection -- and that figure doesn't include the cost of hardware and software. "SecureWorks costs me a little more than half the salary of a security engineer," he says.

12 managed-security-services providers you should know. View slideshow.

Offloading busy-work and saving money also lured Boiling Springs Savings Bank in Rutherford, N.J., to the outsourcing model. The bank, a $1.2-billion thrift with 16 locations in New Jersey, turned to Perimeter eSecurity in 2003 for managed IDS/IPS services and has since added several other services including e-mail and Web hosting.