Want CNET to notify you of price drops and the latest stories?

Security on demand heads for mainstream

Tom Noonan, top exec at hosted security provider ISS, says more companies are considering letting outsiders handle their defenses.

Dawn Kawamoto Former Staff writer, CNET News
Dawn Kawamoto covered enterprise security and financial news relating to technology for CNET News.
Dawn Kawamoto
4 min read
Businesses are warming up to the idea of letting outsiders handle security for their networks, bringing the idea more into the mainstream, according to industry veteran Thomas Noonan.

Noonan, general manager of IBM Internet Security Systems, which provides such on-demand protective services, said in an interview Monday that the efficiency of response to new malicious software is a driver for adoption.

"If I'm connected to customers (every minute of the day), I can preemptively protect them from threats--threats they didn't even know about five seconds ago," he said.

Tom Noonan Tom Noonan

Security on demand has matured in the past year, moving from a concept to a workable reality, Noonan told CNET News.com. He said he intends to address the topic in detail at his keynote speech Wednesday at the RSA Conference 2007 in San Francisco.

"Last year, we discussed many of the concepts of on-demand security and why we believed it would be a tremendous benefit to customers, who struggle with the cost and complexity of managing their security," he said. "This year, we'll talk about the realities of that and how on-demand models can be enabled from a security platform perspective."

In the wider software industry, providers are moving toward offering their products on demand--either their entire lineup or just part of their portfolio. In an on-demand model, the software is hosted on systems outside the customer's site, and the customer "rents" access to the programs as needed. Salesforce.com was created from the ground up with an on-demand model, while industry titans such as business software maker SAP are beginning to test the waters.

Noonan noted that the security industry's shift to on-demand is driven by slightly different customer needs than that of the overall software industry.

Companies offering on-demand software hope to appeal to customers by pitching lower costs and ease of use with enterprise software applications. But security on demand also provides businesses with an efficient response to emerging threats, Noonan said.

He also noted that it allows customers to switch their weekend and late-night monitoring of threats to the outside security vendor, then switch the responsibility back to in-house systems during normal work hours.

ISS is not the only company to offer on-demand security services. Its competitors include McAfee, via its Foundstone division, and Symantec.

Ongoing shakeout
Other security trends Noonan expects to accelerate include the rapid consolidation of the security industry. Last, for example, IBM acquired Noonan's ISS for $1.3 billion and storage giant EMC snapped up RSA Security for $2.1 billion.

"Our studies show that the average customer has about 32 independent security vendors that they use. I don't think that's sustainable," Noonan said.

He added that those figures do not include the growing number of IT vendors incorporating security features into their flagship products, such as Cisco Systems with its networking gear, and Microsoft with its Vista operating system.

IBM is another example of an IT vendor looking to grow its security offerings. IBM's acquisition of ISS, which closed in October, has lead to an "epic" 90 days for the former standalone security company, Noonan said.

ISS, which retains its offices in Atlanta and operates a business unit within IBM Global Services' infrastructure management services organization, has more than doubled its research and development staff since the acquisition, he said. It has also doubled its sales team.

The new ISS is focused on areas where it can leverage its security offerings with other areas of IBM, such as the Tivoli and Lotus product teams, Noonan said. For example, ISS is working on tweaking its core Proventia product line to work on IBM's blade server architecture. The division also wants to integrate its security lineup with IBM's Lotus Notes e-mail software.

The merger has also helped bump up ISS' customer base, Noonan said. "It's just been amazing to me how IBM has been able to open up new customer doors and new partners for us to talk to," he said.

The division's quarterly retention rate and customer satisfaction level have both increased in the fourth quarter, he added.

"Our fourth-quarter maintenance and support contracts have had the strongest renewal rates that they've had in the past year, and probably two years," Noonan said.

In addition, ISS has been able to retain all of its executives since the merger occurred and has lost very few employees.

"Our attrition rate has gone down since the merger and, in part, I think people want to see how this will all work out," said Noonan. "We're creating new jobs, and new projects are being funded."