By Dennis Barker
More businesses in Latin America will be outsourcing one of their most critical functions — IT security — in the next few years. Managed security services (MSS) are going to really take off in the region, as more companies decide that safeguarding digital assets might be best left to someone who specializes in safeguarding digital assets.
According to a new report from Frost & Sullivan (“Latin American Managed Security Services Markets”), the majority of MSS “participation” is in Brazil, not surprising considering the size of that country and its escalating number of IT users. But the “greatest participation increase” between now and 2015 will occur in the Andean region, F&S says, “driven by the high expected growth rates of the Colombian and Peruvian MSS markets.” The second-largest IT market in the region, Mexico, has a “relatively low participation” in MSS.
Sheer growth of IT is part of the reason for the increase in the use of managed security providers, but there has also been a regional rise in the number of security threats. In the past year, Brazil, for example, moved into the #3 spot in the worldwide tally of Internet security incidents (USA still #1, with China #2). “With the constant increase and sophistication of attacks, companies have to be constantly aware and updated with new threats and vulnerabilities,” says Marcelo Kawanami, Frost & Sullivan’s industry manager for the IT sector in Latin America. There’s also a shortage of enough experts to go around, the F&S report notes; not every business can find qualified security people.
While CIOs and other people might have all sorts of concerns about outsourcing security, Kawanami says the bigger concern should be for those companies that have not done so. They have to keep current with all the software updates, for example, and maintain an internal structure for that. Companies that enlist an MSS provider “have outsourced these concerns,” Kawanami says.
Security management is getting competitive in Latin America, F&S says, with four types of players: telecom providers such as Telefonica and Global Crossing; international IT giants like IBM, Unisys, and HP; network security vendors; and straight MSS companies like Arcon and Neosecure.
One thing they have in common is that they are local. No one is gung-ho about outsourcing security to someone too geographically removed. “Many local companies or local branches of international enterprises might prefer to outsource their security activities with a local provider or with a player with local infrastructure,” Kawanami says. This helps businesses retain some sense of control, which Kawanami notes is “still very strong in some Latin American companies and vertical markets.”
Security is not something to mess around with, and businesses that don’t have the expertise in-house need alternatives.
So, we’re not going to see a nearshore company take over security services for a US firm, but that doesn’t mean a nearshore company can’t be involved in the North American market. Take the case of Santiago-based Novared, established in 1995 and now operating in most of Latin America. Novared provides security management and monitoring, testing and auditing services, as well as network design and consulting. The company’s strategy for bringing its security expertise to the US involves teaming up with domestic firms, kind of a back-door approach.
“We’re looking to form partnerships with local US companies that would benefit from providing managed security services but don’t currently do so,” says Carlos Bustos, Novared’s global services director. “We will team up with a reseller who sells security devices, for example, where we provide the security management component. Or we will work with network management companies, who otherwise are missing an opportunity to provide real security services. We partner with them, we bring the security management experience, and increase the value of what they offer. We increase their share of wallet.”
Bustos says they’re seeing the market for MSS growing three times faster than the general IT market. Drivers include not only an increase in the number and complexity of threats but also the variety of devices that IT managers have to deal with. “If you add to this that boundaries of the local area network are diffused due to interrelationships with customers, partners, and mobile workers, you have a complex problem to manage. Thus companies look for the expertise provided by managed security services,” Bustos says. Also, increased compliance requirements have forced companies to upgrade their security quickly, and “they have required outside help to do so.”
Security is not something to mess around with, and businesses that don’t have the expertise in-house need alternatives. There’s no shame in calling for help. The consequences of not doing so can be not just financial but also embarrassing.
“The market has matured and the cost of being exposed to bad media because of a security breach is important,” Bustos says. “Thus companies look for the expertise and economies of scale provided by managed security service providers BEFORE they make it to the front page of a newspaper.”