Outsourcing security services has traditionally been a contentious issue because companies hesitate to entrust outsiders with the keys to their IT systems and data. But legislation and the increased threat of Web-based intrusion are placing information security services in high demand.
To meet this demand, EDS is forming an alliance with F5 Networks Inc. to develop and market information security and Web content-management services. The first of these, which will be introduced next week, is Global Web Assurance managed information security services, which consist of EDS hosting F5 Internet traffic and content-management technology used to route Internet traffic from one hosting location to another and to protect customers' Web sites and firewalls from security breaches and usage spikes.
Global Web Assurance marks the first time EDS is offering managed information security services on a monthly subscription basis to clients not hosted at EDS data centers. Pricing includes a one-time $5,000 implementation charge per site, followed by a $2,500 monthly fee.
EDS client Chevron Corp. is watching the evolution of security services with interest. The $35 billion San Francisco petroleum provider outsources the hosting of all its mainframes to EDS, which provides the network and physical security for those systems. "Chevron manages information security policy and training for all of its data, but the idea of handing over responsibility of areas such as firewall and network intrusion detection is appealing," says David Clementz, president of Chevron's IT and E-business development divisions. This appeal stems largely from Chevron's willingness to outsource any IT functions that are not central to its core petroleum distribution business, particulary to a service provider like EDS, which over the past three years has earned Clementz's confidence by consistently meeting service-level agreements.
EDS isn't the only service provider making information security services more accessible. Computer Sciences Corp. last week completed the consolidation of its information security services under the umbrella of a new Global Information Security Services unit. Such a consolidated offering helps ensure that security will be consistent throughout an entire IT system, as opposed to decentralized units within the same company that do not abide by universal security policies and practices, says Jim Craft, information systems security officer for the U.S. Agency of International Development, a $7 billion government agency and CSC customer. "Security is like building a boat. You're trying to keep water out, which means the boat has to be watertight all the way around," Craft says.
International Data Corp. senior analyst Allan Carey says regulatory measures like the European Commission's Safe Harbor Directive on Data Privacy and the Health Insurance Portability and Accountability Act, combined with the threat of online attack through viruses and hacking, are driving the market for information security services to $17.2 billion by 2004, up from about $6.75 billion in 2000.