All or nothing? What about outsourcing things that make sense...
Keizer ignores an important point: will companies really be willing to give a third-party this kind of access and control over their networks? What effect could that have on regulatory compliance?

I also question what he thinks will be outsourced. Managed firewalls seem like a weak candidate to me-- they're commodity, easier to manage every day, and when they are managed internally you don't have to comply with someone else's arbitrary maintenance schedules.

The "trend toward pushing out the network perimeter to include partners and remote workers" seems like a weak argument too. Deploying client-side security agents to a few thousand users and outsourcing support seems like a recipe for disaster to me. The problem here isn't that big companies can't handle the problem, it's that there isn't a good solution, yet.

It's pretty obvious why anti-spam have succeeded here: a) most commercial, self-managed solutions are quite poor; b) the good commercial solutions are extremely expensive and are just repackaged open source products; and c) the best solutions are typically open source, and big companies remiss when spending money to develop solutions like this in-house.

I don't think out-sourced anti-spam will last foreever. There are significant trust issues with routing company mail through third-parties, even if it's just external mail.

But, IDS processing, log collection, and event correlation are great candidates for outsourcing. It's easy to miss something important, especially when you don't have a NOC or a well-trained, 24x7 staff.

Why wait ten years to outsource the stuff that makes sense?