Greg Young

Tap dancing is the mother of invention.  This morning at MES I delivered a new presentation “Network Security Best Practices for Midsize Enterprises”, for the first time.  Although I covered all the acronyms, I realized about halfway through that I was talking a lot about In The Cloud security and comparing it to MSSP services, but it needed a clear definition to really cut through the current hype.  

“MSSPs provide an off-premise service for customer premise equipment (CPE),  whereas ITC is off-premise services for off-premise equipment”.  

This afternoon I spoke this with my colleague Kelly Kavanagh who is Gartner’s lead on MSSPs and security services.  Kelly said “That’s accurate — I would also add a third definition.  ITC requires bandwidth as an adjunct service, whereas remote service absent an adjunct fits the security as a service definition”.  He explains that you can’t buy ITC firewall without buying the network, because that’s were the firewall is. You can however buy anti-spam without buying network or anything else from that same vendor.

So our expanded definition is: MSSPs provide an off-premise service for CPE.  ITC is off-premise services for non-CPE.  If the ITC doesn’t come with the network, it is security-as-a-service.

The other piece of advice during the talk was that anyone looking for some quick investment cash should start a company advertising agentless-In-the-Cloud-virtualized-green-PCI-open-source-security-as-a-service.  I think I need to stop working on the Hype Cycle…