Simplifying the complexity

The evolution of corporate security from straightforward firewall to multi-faceted access protection device has taken years, and is continuing as startups think of new protection methods and new threats emerge.

Security vendors’ goal, then, has become not only to protect against threats, but to package their offerings in a way that makes it easier for companies to digest the myriad offerings--and demonstrate their compliance to governance requirements.

One simple way of doing this is to package the various email and network security technologies into a single, easy to manage security appliance. Such appliances--Asia-Pacific sales of which grew 39 percent US$549 million last year--do away with the painful complexity of configuring and interlinking standalone software solutions, combining firewall and IDS with antivirus and other functionality to provide a single unified front that’s easier for companies to install and update.

These solutions reflect the growing trend towards unified threat management (UTM), basically a new term for the combination of SCM and conventional security solutions. As well as the UTM appliances protecting the gateway, the industry is also converging around UTM messaging solutions (antivirus, antispam and content filtering) and endpoint solutions (antivirus, antispyware, personal firewall, and host intrusion prevention.

The rising popularity of UTM solutions is hardly surprising, given a recent IDC survey that found managing the complexity of security solutions was the third highest IT priority amongst respondent organisations--and security overall remains the highest priority.

These trends have also lent weight to a growing trend towards outsourcing of key security functions via the software-as-a-service (SaaS) model--most notably in the SCM space, where it is relatively easy for organisations to leverage third-party expertise without disrupting internal systems.

The NSW Department of Health, for one, recently committed to SCM vendor MessageLabs’ antispam and antivirus services after a trial saw often crippling loads of spam reduced to just 0.02 percent of the 600,000 emails it receives every month.

Expect SaaS security solutions to become even more common as vendors shore up their products and capabilities over time. SaaS resolve the traditional problem of security software currency since updates are installed at the vendor’s end without any involvement from end users. They also free staff from the time-consuming task of managing spam and other nasties manually, eliminating the most common threats before they even reach the corporate network.