SME Toolkit

Letting go of your security worries

Matt Hines CNET News.com

Published: 26 May 2005 13:35 BST

It all adds up to a significant opportunity for companies such as Qualys and its rival, AlertSite, which also sells hosted vulnerability management. IDC analyst Charles Kolodgy said there are a number of reasons why customers, in particular small and medium-size businesses, will increasingly look to hosted security applications.

"There's a great business case with vulnerability management specifically," Kolodgy said. "The ability to install new threat updates easily and to cut time and costs by letting someone else manage all of that is a key. And you have a number of companies looking to improve those sorts of capabilities, in light of growing compliance or privacy concerns."

Qualys, which was founded in 1999 and is privately held, grew from $8m in revenue in 2003 to roughly $16m in 2004, according to Kolodgy's estimates. The Californian company has said it will double that sales total by the end of 2005. By marketing itself as a low-cost, rapidly installed alternative for companies looking to improve their ability to manage vulnerabilities right away, the analyst said, Qualys might easily achieve that figure.

Traditionally, most companies have used packaged software from security specialists such as Symantec and McAfee to tackle such tasks, or have developed their own systems.

Stepping outside
The switch to Qualys' online security hosting has worked out for Hoff, who is an unpaid advisor to the company. The CIO said the scanning tools produce a low number of false-positive results for vulnerabilities and said that its applications have integrated easily with WesCorp's other systems.

Overall, Hoff said that any reservations he may have harboured regarding hosted security have eased the longer he has been a customer — an experience that industry experts said is becoming more common among other companies.

Almost half the business executives that technology researcher Sara Radicati has interviewed said they might consider such online applications. That marks significant progress in overcoming preconceived notions about the products, said Radicati, who heads her research firm, the Radicati Group.

"We get a mixed set of responses around hosted security. It seems arbitrary, but there are still a lot of negative perceptions out there," the analyst said. "Half of the companies we ask say they would never consider doing it, and some are enthusiastic and couldn't care less that a solution is hosted. But it seems like more companies would be willing to think about it all the time."