Protecting your IT network and applications against cyber-threats continues to grow more complicated and challenging. Long gone are the days when IT’s worries focused primarily on antivirus, spam, and perimeter defense. Current security concerns center on critical issues that can affect a company’s profits, its brand reputation, and its ongoing viability as a business. Regulatory compliance; identity theft prevention; protection of sensitive customer information; the ability to access vital company records through mobile devices such as phones and handheld organizers—these are just a few of the obstacles that companies must overcome today in planning and building robust, reliable security infrastructure.

As a result, spending on IT security continues to reach record levels. That spending is being allocated across the board to infrastructure hardware, software, middleware, and Web services. But, more and more often, portions of the IT security budget are being spent on outsourcing and managed services providers who are assuming a greater share of the responsibility to keep the company’s cyber assets secure. A recent study of more than 150 IT and security professionals from midsized and large North American enterprises sheds light on a few important trends:

• Overall spending on IT, and especially IT security, is poised for a stronger-than-expected rebound this year compared with 2009.
• Companies intend to upgrade their security defenses in a wide variety of ways, starting with their underlying infrastructure and cascading throughout the organization’s core business activities.
• Compliance appears to be the closest thing to a “killer app” for IT security investment.
• Companies generally look positively upon outsourcing as a viable strategy for at least some IT security functions.
• Non-IT executives, long considered to be behind the curve when it comes to the idea of outsourcing security, seem to have caught up with their IT counterparts in being open to working with an MSSP.

This research brief delves into reasons behind these trends, supported by commentary by third-party authorities who track IT security in general and outsourced security services specifically. Additionally, it provides insight into reasons why companies feel optimistic about using MSSPs, and compares those positive signs with their biggest concerns about outsourcing some aspects of security management.