"Outsourcing is growing in general, and some companies are finding that if they can offload some routine tasks like firewall management and handling of intrusion detection alerts, they can spend more time reacting to emerging business needs," said Pescatore.
"Some security groups are being forced to do it by management, and these are the ones that will likely always hate the idea, but those who are doing it by choice are giving the model mostly positive grades," the analyst said.
SMBs take to security outsourcing
Beyond the enterprise, Pescatore predicts that security outsourcing is quickly becoming attractive to SMBs that are struggling to deal with work such as compliance automation, which typically demands heavy investment and expansion of IT staffing.
Large systems integrators, such as Computer Sciences, IBM, Unisys, and Wipro, will most likely win security deals as portions of larger outsourcing projects, but pure-play security companies such as Symantec and carriers such as AT&T should also be able to grow their lists of customers, according to the analyst.
Speaking at the IDC Security Forum in New York on Wednesday, Edward Amoroso, chief security officer for AT&T's services division, predicted that enterprises will begin adopting more "virtual" security capabilities from their carriers and ISPs in the coming years.
The executive specifically said that carriers are better positioned than anyone else to do battle with problems such as botnets, spam, and DoS attacks.
"Our feeling is that when you look at what needs to be done for perimeter security, we're in the best place to provide that," Amoroso said. "We can't address something like the insider threat, but instead of putting security technologies in place at the pipe, we and other carriers can virtualize those services into the pipe itself."
Among technology providers, some say the prospect of selling products to outsourcing companies is as attractive as marketing tools to customers themselves, and perhaps even more so.
Officials with data leakage prevention specialist Tablus, one of Wipro's 39 official security partners, said that the outsourcing channel represents a significant opportunity for growing its own businesses in the coming years.
"There are obvious benefits for customers to lean on experts who spend their lives focused on security. With the complexity of threats, networks, growth via mergers, and the pull on internal resources, there are a lot of macro forces driving interest in security outsourcing," said Anne Bonaparte, Tablus' chief executive. "As a relatively small player, working with outsourcers is very central to our growth; some customers may still not get it, but those who are more enlightened understand the benefits, and we think others will follow."
In the face of such heady enthusiasm, some enterprises who are already dipping their toes into security outsourcing warn that while there are obvious advantages of lowered expense and staffing demands, customers must be careful how they approach the process.
Also speaking at the IDC conference on Wednesday was Lynda Fleury, chief information security officer for Unum, a massive financial services provider based in Chattanooga, Tenn.
Fleury said that her company has had mixed results with its security outsourcing efforts thus far, and she cautioned that the process of handling partners must be exacting and that customers must actively monitor the service providers they choose to work with.