2005 has already seen spammers and virus writers become more shrewd, more malicious, more sophisticated and more hungry for commercial gain. The potential damage that this will inflict on brand reputation, customer relationships, and capacity to run a business will continue to move IT security management further up the boardroom agenda - never has it been so important to get it right.

In the last two years, a sophisticated approach to tackling the increasing number of security threats has emerged – the integrated security appliance. Appliance vendors have built on the security foundations created by previous approaches to provide a security model that offers the end-user full visibility and control over their network, while removing the complexity.

Traditional approaches to security have been ad hoc and varied. Companies began to view security as a must-have in the early to mid-nineties when the Internet became widely used in business, and email was adopted as the de facto communication medium. At the same time, this opened the company network up to a rife of new security threats.

IT managers responded by purchasing a number of bolt-on security products, such as firewalls and anti-virus software, but for many, managing these proved -and still proves - to be too complex and time-consuming.


A lack of in-house skilled security specialists presented IT managers with a considerable problem and for many, the only way out was to outsource it to a third party. IT managers decided this was a good idea because it removed the burden of retaining resources in-house and handed responsibility over to the experts.

However, the trade-off for allowing a third party to manage a company’s IT infrastructure, is that an outsider has access to its data and can dictate how it is managed. The biggest issue people have with this, especially those at board level, is trust.

We are seeing a shift away from the managed services approach in an attempt to bring the control back in-house, through the deployment of new technologies, such as integrated security appliances. Under the managed services approach, a lack of visibility means that in-house IT departments only ever find out about big issues and successes. They never tend to receive day-to-day information. This means that the company cannot learn from its mistakes and tweak security policies to match new threats.

This year, financial services company JP Morgan Chase cancelled an IBM outsourcing deal worth five billion pounds in an effort to keep services in-house. Cable & Wireless did the same. No doubt 2005 will see the business case of outsourcing questioned further, you only have to look at recent news headlines for evidence of this.