(Linda Tucci, Senior News Writer, SearchCIO-Midmarket) IT security typically has been deemed one of those services best provided in-house. But the stigma attached to outsourcing security and Security as a Service - namely that an outsider does not know your company well enough to protect it - may be falling away, as businesses look for more ways to cut costs.

Certainly, some heavy-hitter providers believe attitudes are changing. This month, McAfee Inc. announced its new SaaS Security Business Unit. Headed by former Hewlett-Packard Co. SaaS executive Marc Olesen, the unit will oversee all McAfee products delivered over the Internet, including security scanning services, Web and email security services and remote managed host-based security software and hardware.

Meanwhile, last April, IBM launched some hosted and managed services that it says help midsized businesses better manage risk and improve the security of their IT systems, all while offering cost savings over traditional products. "Indeed, much of IBM's security strategy during the next 24 months will focus on moving security technologies into the cloud and expanding its managed services offerings," said Jason Hilling, an enterprise services business line executive with IBM Internet Security Systems. That includes providing some hosted implementations of technologies that once were located only at the customer premises.

"Because the economy is struggling, I think there will be enough excitement in the marketplace over the cost benefits of Security as a Service that we are going to see a much higher degree of willingness to look at it as a real viable option," Hilling said.

Hilling contended that a midmarket company with between 500 and 700 employees can realize costs savings from 35% to upwards of 60% by doing security as a managed service. Savings diminish as the deployment gets larger and more complicated, and the costs of managed services escalate.

Yet outsourcing security is not just about cost. "The world is becoming very hostile," said Sadik Al-Abdulla, solutions manager of security at CDW Corp.

"We have seen a substantial uptick in security incidents over the last two quarters, and even the automated attacks are going after data," said Al-Abdulla, who oversees CDW's advanced security practice, which has a strong midmarket bent (typically for companies with 1,000 to 2,500 users). "Maybe I am biased because I am in the security business, but I honestly believe that a single person can't keep up. I think a team of people who only do security can. So the question for the CIO becomes, do I hire a team or a company? There are reasons to answer that question both ways."