The managed security service provider market has grown recently, with providers adding both new customers and...
new services designed to respond to the changing cybersecurity threat landscape. Let's look at two areas of note: the way that organizations evaluate managed security service providers, or MSSPs, and the types of services they can offer.
Evaluating managed security providers
The MSSP landscape is more crowded today than it was just three years ago, when I wrote about what was then an emerging world. The most recent Forrester Wave report identified 11 major MSSPs, but those large providers are only the tip of the iceberg: Many smaller firms occupy niche portions of the managed security space. This makes it extremely important that organizations critically evaluate the competitive offerings of MSSP candidates.
I originally suggested that organizations ask three questions of their enterprise as they consider whether to evaluate, and how to choose from, the many managed security providers in the market:
- Should we use cloud-based providers, providers who manage on-site equipment or those employing a hybrid model?
- Do we want to use a single, broad-spectrum MSSP or a combination of specialized MSSPs?
- What services do we want to maintain internally?
These questions are still important today, but now I would add a fourth question, one that acknowledges the fact that many enterprises are shifting their own computing workloads to the cloud in unprecedented numbers today:
- How does the use of MSSPs fit in with our own cloud deployment plans? As many organizations shift their own computing workloads to the public cloud, they need to find security services compatible with that shift. Most MSSPs now offer some capability to operate in the public cloud environments offered by Amazon Web Services, Microsoft and Google, but there are marked differences in their cloud capabilities. Some MSSPs were "born in the cloud" and are optimized to support cloud workloads while others are struggling to catch up.
The security that managed services provide
In 2013, I identified five major categories of services available from managed security providers: firewalls and VPNs, content filtering, distributed denial-of-service (DDoS) protection, security monitoring and vulnerability scanning. Each of these services remains available today, with an increased emphasis placed on DDoS protection services due to the recent wave of attacks against major websites and the global domain name system infrastructure.
There are two new areas to add to the list of popular services that MSSPs provide in today's marketplace:
Cloud security. Building out public cloud environments requires learning an entirely new set of technology tools and introduces new security concerns. Some MSSPs specialize in public cloud security and can analyze your public cloud implementations for security flaws, such as errors in security groups, public exposures of block storage contents and the presence of unencrypted sensitive data.
Incident response. The rise of advanced persistent threats and their sophisticated attack techniques make it very difficult for organizations to identify, contain and eradicate attacks against their networks. Several large firms now offer sophisticated incident response services designed to clean up in the aftermath of a security breach.
The past three years have seen significant growth in the adoption of services that managed security providers offer, as organizations struggle to remain ahead of increasingly sophisticated cybersecurity threats. Purchasing security expertise from specialist providers can be more cost-effective and efficient than seeking to attract, train and retain internal cybersecurity expertise.
Learn how service providers are responding to the uptick in demand for security services
Read more about pressures IT managers face and how an MSSP can help
Security through encryption possible via MSSPs and the latest tools