4 Ways the Shift Toward Managed Services Is Reshaping Security

By Himanshu Verma

Cyberthreats continue to affect businesses of all sizes. Fewer than 1,000 data breaches resulted in 4.5 billion data records being compromised worldwide — just in the first half of 2018. The sheer volume and sophistication of information security threats has spurred the rise of the managed security services market, which is expected to grow to $40.97 billion by 2022. Service providers who have traditionally focused on the remote monitoring and management of IT security functions are now adding security services to their portfolios.

More and more, managed service providers are looking to offer differentiated services to protect their customers’ sensitive data, rather than reselling vendor products. Additionally, channel partners are eager to address the security skill set gap with suites of intuitive assessment, deployment, remote management and monitoring capabilities, along with prevention, detection and response services, and security awareness training — all packaged in their managed security portfolios.

The heightened demand for security delivered as a service by channel partners is reshaping the life cycle of the managed security services market and changing the face of the broader cybersecurity market as a whole. Here are several trends every solution provider should be aware of as the shift continues:

1. Automation and Correlation Across Security Services

As service providers invest in tools from multiple vendors, time and cost requirements are driving the need for automation as a primary requirement in the delivery of managed security. Security incident and event monitoring tools are a good example of this. Traditionally these tools have given MSPs detailed insight and visibility into their customers’ IT infrastructure. Translating that visibility into action was left up to service desk ticket handlers or incident responders, rather than the MSP. But more recently, these visibility tools are now offering integrated or built-in automated incident response capabilities as well as security orchestration services. These requirements are challenging the broader security market to enable channel partners with automated remediation and response capabilities closely aligned with threat prevention and detection services. Along with integral automation capabilities, security products leveraging modern correlation and computation techniques through machine learning, artificial intelligence and community threat intelligence are now a clear differentiation in this market as well.

2. Consolidation and Integration of Managed IT and Security

As MSPs leverage public or virtual hybrid cloud environments, as well as SaaS applications for their customers’ IT and network infrastructure management, the ease of delivery, agility and cost is driving converged management of security services as well. This is evident in scenarios where vendors specializing in network access, such as software-defined network (SDN) companies, are offering niche network security services, or in cases where pure-play network security vendors offer solutions to satisfy the need for SDN access, all integrated within a single packaged offering. The need for closer integration between IT and security service management is driving …

… professional service automation, and remote monitoring and management platforms to introduce packaged security services in addition to IT management services. Due to this overlap, there is also increased demand for tighter technology integrations among solutions enabling managed IT and managed security services, which in turn enable channel partners to provide a packaged and more efficient managed services portfolio that meets more of their customers’ needs.

3. Growth of New Security Services and Subscription Models

The adoption of managed security services within the channel is bringing new security solutions to the forefront. Assessment services related to dark web “investigations,” and cybersecurity scoring or rating services are now available in the market. Additionally, organizations looking to outsource security management and simply re-sell managed security services are driving trends such as SOC (security operations center)-as-a-Service. And, widespread uncertainty and confusion around security liability and risk is also driving business opportunity for cybersecurity insurance and risk assessment service providers.

As partners build their managed security services customer base, the business trends continue to transition heavily toward recurring revenue models. Managed services create an inherent shift from product delivery to services, creating challenges for traditional distribution models leveraging security product offerings that are based on fixed-term product sales and renewals. There’s now a growing push to evolve and support recurring billing and invoicing for security offerings. Partners offering managed security services will continue to drive the need for distribution marketplaces with easy, continuous and monthly recurring billing, and vendor solutions that are designed to support subscription models.

4. A Shift That’s Here to Stay

Overall, the demand for managed security services and the growth of this market has been fueled by the lack of dedicated security budgets and cybersecurity skill set at small, midsized and distributed enterprises. The need for channel profitability will also challenge the security market to better orchestrate, integrate and automate services across applications, networks, Wi-Fi, endpoints, identities and other IT infrastructure. Channel partners and vendors alike are aware of this trend and will continue to develop, adopt and transition toward solutions that enable and support the growing managed security services landscape.

Himanshu Verma is a director of product management at WatchGuard Technologies, with a primary focus on delivering WatchGuard products and solutions to the managed security service provider (MSSP) market. Prior to WatchGuard, he held product management roles for the enterprise authentication-as-a-service division of SafeNet (now Gemalto). During his time at SafeNet, Himanshu helped transition the enterprise authentication business from a traditional on-premises product to a successful SaaS solution. He has extensive experience in in-bound and out-bound product management, engineering and R&D for information security and data protection technologies. Follow @watchguard on Twitter or Verma on LinkedIn.