Should you outsource your antivirus/antispam systems?

The option of outsourcing your AS/AV systems is getting stronger as the complexity and severity of spam problems grow. Here are some of the benefits.

Most businesses—especially at the enterprise level—run their own antivirus and antispam (AV/AS) systems. Another option—outsourcing AV/AS efforts—is being looked at very closely. While there is disagreement between vendors and analysts on whether use of this approach has increased during the past few months, both groups agree that its attributes make it well positioned as the severity and complexity of the problems grow.

The decision to outsource
For the most part, this is a traditional buy vs. build decision: Does the company want to invest in equipment and personnel (and their training) and retain full control of one of the most important infrastructure elements it has? Or is saving money so vital that the company is willing to rely on an entity that could have a different agenda—or even go out of business?

One thing is a bit different, though. In most buy vs. build scenarios, the end product—if configured, installed, and administered correctly—provides about the same level of benefits to the end user. AV/AS outsourcers, however, each claim that their services—though based on the same underlying technology—are positioned so differently that they are fundamentally more effective.

Vendors say that the outsourcing trend is growing both in the number of companies under contract and the average size of those companies. “We continue to see very good engagement with companies of all sizes, Fortune 500 companies as well as small and midsize businesses,“ said Bill Fallon, vice president of marketing for MailWatch.

Scott Petry, vice president of products and engineering for Postini, agreed. He said that the allure of outsourcing actually increases as complexity—represented in the number of locations that e-mail servers are located in, and other factors—increases. “I think indications are that the outsourcing model is overcoming the in-house, do-it-yourself preconceptions at even the largest companies,“ he said.

There are several areas in which proponents claim that outsourced solutions are better than solutions installed and administered by internal IT staffs.

More intensive updating
Vendors say that a fundamental difference between outsourced and in-house techniques is the reactive quality of the latter compared to the proactive approach of the former. In-house antivirus techniques rely on updates from the vendors. This is a bad idea, outsourcers say, for three interrelated reasons. First, there is a significant time lapse between when a virus or spam variant is identified and when the definition is prepared and distributed. Customers' systems are vulnerable during this lag. Second, the practical reality is that there are too many viruses for updates to be prepared and distributed. Frequently, new viruses—which are often variants of older ones—go unaddressed for days. Third is human nature: Available updates and patches often go uninstalled.

Outsource companies operate in a different dynamic. The approach is to change the MX record of the e-mail address and have it delivered from the public Internet to their servers. Since all of the traffic goes through this central point, updated virus definitions and spam catching mechanisms can be implemented instantaneously and as often as necessary. And, since their business is stopping viruses and canning spam, it is unlikely that they will be subject to the inertia common in IT departments.

The ability to update more frequently should be seen, proponents say, within the larger framework of the fact that outsourcers specialize in AV and AS. The point is that crackers, spammers, and assorted other bad apples are very clever. Even if businesses were willing and financially able to pour money on the problem and willing to update as soon as the patch or fix was available, existing generic IT staff is at a disadvantage simply because they aren't experts.

This is a world of increasing complexity. MessageLabs CTO Mark Sunner said that the configuration of the recently resurgent SoBig virus shows a convergence of spam and viruses. “It is basically the cold reality that it is a virus that installs a Trojan component whose sole aim is to compromise a machine to make it a spam relay,“ he said. The idea is that an IT staff would be hard pressed to react to such a novel scenario before significant damage was done.

Overall traffic reduction
Many in-house antispam and antivirus software packages work at the desktop. Segregating the spam from the legitimate mail before it reaches the network—at the outsourcer's servers—can save tremendous network capacity in cases where the alternative is desktop-based.

IT support
The reality is that IT departments are stretched to the breaking point because of staff reductions and the increasing complexity of the tasks they are being called on to perform. AV/AS is the perfect element to outsource, service providers say.

Synergistic benefits
The fact that the outsource model introduces another server into the mix creates some interesting side benefits for customers. For instance, the outsourcing company can act as a load balancer between the client company's e-mail servers, as a redundant server in case of a problem, or even as a stand-in during scheduled maintenance.

Finally, outsourcers claim that they have a superior solution because they are in a position to run AV and AS software from more vendors simultaneously.

Neither Masha Khmartseva, a senior analyst with The Radicati Group, nor Michael Osterman, principal of Osterman Research, had serious qualms with the vendors' rationales.

“There are some really good propositions here,“ Khmartseva said. “It really lowers the cost. You don't have to pay a lot of money up front and you don't have to manage in house.“ She added that such an arrangement can make it easier to scale to larger groups of users.

Another factor is that it may make sense for IT to get out of the e-mail business altogether. Perhaps a decade ago not all companies had e-mail systems, Osterman said. Those companies that had e-mail enjoyed a competitive advantage and were disposed to treat it as a core IT element. Today, e-mail is a commodity service. “For a lot of organizations it pays to outsource e-mail messaging components so that they don't have to put IT staff into it,“ he said.

However, though they agree that outsourcing of AV/AS is well positioned, the analysts clearly don't feel that it is exploding. Khmartseva said that it seems to be growing, but only at the same rate as the overall AV/AS market, which, of course, is growing quickly. The analysts also don't see uptake among enterprises. Big companies are more inclined to not trust an outsider with such a mission-critical task.

Editor's Picks

Free Newsletters, In your Inbox