Which Information Security Services are Most Popular?

Enterprises are increasing their spending on professional and managed security services. According to ESG Research, 58% of security professionals say that their organization’s use of managed and/or professional services for information security has “increased substantially” or “increased somewhat” over the past 2 years.Just what types of services are they consuming? The list is long and diverse, but according to ESG Research, the top 5 categories are as follows:• 33%: Security architecture and infrastructure design (i.e. professional/consulting services)• 30%: Threat intelligence services• 30%: Network monitoring services• 30%: Security /risk management /regulatory compliance assessment• 29%: Web threat managementBeyond this, they are also purchasing services for email security, vulnerability scanning, penetration testing, and staff augmentation amongst other things.Large organizations typically consume IT services a number of reasons. At the one extreme, they outsource mundane tasks rather than take these on themselves. At the other end of the spectrum, they seek out specialized skills for more esoteric high-value activities. Somewhere in the middle, they purchase services to supplement what they are doing in house. The ESG Research indicates that enterprises are most interested in supplementing internal efforts and paying for outside security expertise. Given the combination of a security skills shortage and the increasingly sophisticated threat landscape, it is highly likely that the security services segment will see healthy growth over the next few years.