Managed Security Services: The Next Opportunity October 2016

Security is undoubtedly top of mind for customers, in both the public and private sectors, as breaches continue to make headlines. But despite the flow of investment dollars and what seem to be an endless list of security providers, underlying problems in the industry – from the skills gap to the constant launch of half-baked IT projects and technology – are making it difficult to keep networks secure.

As a result, companies are doubling down on their security spending. Some are adding more solutions or providing additional training for on-staff IT pros. Others are taking a step back and rethinking their entire network infrastructure.

But it seems there is yet to be a widely adopted way to secure organizations without losing pace or spreading resources thin. When time and resources are in high-demand, what can best manage this call for security?

Taking a Load Off With MSSPs

One service can nip the problem in the bud: managed security services, the fastest-growing part of the security industry, according to industry analysts.

Allied Market Research predicts the global managed security services market will reach $29.9 billion by 2020, as enterprises and SMBs alike increasingly turn to managed security services as their preferred cybersecurity deployment model.

According to the 2016 Security Pressures Report from my company, 86 percent of cybersecurity professionals already partner or plan to partner with an MSSP in 2016. Moreover, according to Gartner, by 2020, 40 percent of security-technology acquisitions will be directly influenced by MSSPs as well as on-premises security outsourcing providers, up from less than 15 percent today.

That growth is an indicator of the success the MSSP model offers, especially for companies lacking their own internal security teams. Organizations that are capable of detecting compromises internally – either on their own or in partnership with a managed security services provider – can contain them more quickly and are more likely to limit data loss. So what model should you take, internal, external or a mix?

The stats are clear: It takes on average one day for breaches to be detected internally versus 28 days for externally detected breaches. Half of the internally detected compromises were contained on the same day they were discovered. Even in an outside MSSP model, ensure you are focusing on speed of detection.

Additionally, consider a teamwork approach. Fueling a lot of the market growth are partnerships between MSSPs and security players like Palo Alto Networks, value-added resellers and system integrators, as well as international telco providers such as Singtel, Optus and Rogers Communications, which are now offering managed security services. Developing strong partnerships in the space can help you deliver comprehensive, competitive and profitable security programs to your customers.

Making the Sale

The 2016 Security Pressures Report shows that 63 percent of respondents say they are feeling more pressure to secure their organizations compared with last year, and 65 percent expect that stress to only increase through 2016.

For customers hesitant to hire security help to relive the pressure, there are a few selling points.

Perhaps most urgent is the fact that the need for security has never been higher, even as demand is outpacing supply in terms of both human and technological resources. The shortage of security expertise has climbed from the eighth-biggest operational pressure to the third-biggest pressure. In fact, more than one-quarter (29 percent) of respondents said they wish they could quadruple their staff from its current size.

The issue is further exacerbated by unrealistic IT expectations. Seventy-seven percent of respondents are pressured to unveil IT projects that are not security-ready. And the pressure to select security technologies containing all the latest features has jumped from 67 percent up to 74 percent, while those given the resources to do so have grown fewer in number, from 71 percent to 69 percent.

Ultimately, few organizations can shoulder the full burden of security. Most just don’t have the personnel to protect themselves, and throwing money and products at the problem won’t help. Instead, an adept team – managed or fully delivered externally – is key to a comprehensive effort.

Chris Schueler is senior vice president of managed security services at Trustwave, where he is responsible for managed security services, the global network of Trustwave Advanced Security Operations Centers and Trustwave SpiderLabs Incident Response.