managed security services in north america
TRANSCRIPT
Managed Security Services in North America
Once a Convenience Becoming a Necessity
Frank Dickson, Industry Principal
Information & Network Security
30 July, 2014
© 2014 Frost & Sullivan. All rights reserved. This document contains highly confidential information and is the sole property of
Frost & Sullivan. No part of it may be circulated, quoted, copied or otherwise reproduced without the written approval of Frost & Sullivan.
2
Today’s Presenter
• Industry Principal on IT and Information Security market strategies, business
opportunities, and technologies
• Over 20 years of experience in the TMT (Technology, Media, Telecomm) space
• Master of International Management with Distinction, Master of Business
Administration & Bachelor of Science Cum Laude
Frank Dickson, Principal Analyst
Frost & Sullivan
Follow me on:
@fdickson777
www.linkedin.com/in/frankdickson/
3
Focus Points
Why do Managed Security Services exist?
What is the landscape for Managed Security Services?
What are the prospects for the market?
How will the market develop?
Who are the dominant vendors?
What are some predictions and recommendations for the market?
4
Network security was once easy.
Network Security Model Circa 1995
Source: http://www.foursquaretraining.co.uk
5
Network security got slightly more complicated, but still manageable.
Network Security Model Circa 2000
Source: http://www.foursquaretraining.co.uk
6
Cyber Attackers are creative and smart
6
7
A New Security Reality Is Here
61%
Data theft and cybercrimeare the greatest threatsto their reputation
of organizations say
Average U.S.
breach cost
$7million+2013 Cost of Cyber Crime Study
Ponemon Institute
2012 IBM Global Reputational Risk & IT Study
8
The attack surface has grown as well.
Multiple Devices and BYOD
Heading To the Cloud
Using What Comes NaturallyThrough Big Pipes
From Anywhere
9
Consequences of IT Sprawl in Security & Risk Management
9
Broader Exposure
Footprint
Certain Uncertainty in
Data Location &
Protection
Government & Industry
Intervention
10
70%
of security exec’sare concerned about
cloud and mobile security
Mobile malware grew
614%
from March 2012 to March 2013
in one year
A New Security Reality Is Here
61%
Data theft and cybercrimeare the greatest threatsto their reputation
of organizations say
Average U.S.
breach cost
$7million+2013 Cost of Cyber Crime Study
Ponemon Institute2013 Juniper Mobile Threat
Report
2012 IBM Global Reputational Risk & IT Study
2013 IBM CISO Survey
11
Today, network security is more than “slightly more complicated,” and whether it is manageable is a debate.
Frost & Sullivan Network Security Functions Framework
Network Access &
Operations
Network Access Control
Firewall/ Unified Threat Management
Virtual Private Networking
Identity and Access Management
Analytics and Compliance
Log Management
Security Information & Event Management
Vulnerability Management
Forensics
GRC
Automation/ Orchestration
Security Services
IPS/IDS
Web Content Security
Advance Threat Detection
Sandboxing
DLP
Internet Property Defense
Distributed Denial-of-Service Protection
Web Application Firewall
Device Management
Mobile Device Management
Antivirus
Endpoint Protection
IaaS
Hybrid
On-premise
12
Network security has become very complex.
13
The increasing complexity of security is being addressed by security teams that are already overtaxed.
Source: The 2013 (ISC)2 Global Information Security Workforce Study assisted by Frost & Sullivan
14
Staffing problem is having an effect.
Source: The 2013 (ISC)2 Global Information Security Workforce Study assisted by Frost & Sullivan
15
83%
of enterpriseshave difficulty finding the security skills they need
tools from
vendors
85
45IBM client example
70%
of security exec’sare concerned about
cloud and mobile security
Mobile malware grew
614%
from March 2012 to March 2013
in one year
A New Security Reality Is Here
61%
Data theft and cybercrimeare the greatest threatsto their reputation
of organizations say
Average U.S.
breach cost
$7million+2013 Cost of Cyber Crime Study
Ponemon Institute2013 Juniper Mobile Threat
Report
2012 IBM Global Reputational Risk & IT Study
2013 IBM CISO Survey
2012 ESG Research
16
Poll Question
What to you feel is the biggest challenge to maintaining your
organization’s network security posture?
• The increasing sophistication of cyber attacks
• The complexity of tools needed to provide security
• Not enough security professionals positions on staff
• The inability to find individuals with the right security skills
17
Security Organization Losing Ground
17
Spending Up
Staffing is a Challenge
Spinning Faster, but Not Moving
Ahead
18
Managed Security Services to the Rescue
19
What exactly is meant by a managed service?
• In today’s IT environment, managed services represent a strong
partnership—in which the provider contributes technology and
expertise, and the customer retains control and oversight—as
both parties accept accountability for achieving specific
outcomes.
• Thus, a managed service must not only satisfactorily perform a
function (e.g., networking or storage), but must incorporate tools
and processes that allow customers and their expert partners to
continually assess how well their goals are being met, and make
necessary changes.
• The managed service includes proactive, hands-on monitoring by expert technicians.
• The customer participates in defining and redefining success.
• The customer and provider share accountability for success.
20
What Isn’t a Managed Service?
• Business Process Outsourcing
• Software as a Service (SaaS)/Hosted Applications:
• Professional Services
21
Managed Security Service Provider Offerings
Pro
fessio
nal S
ecu
rity
Serv
ices
Security advisory
Implementation services
Technical servicesM
an
ag
ed
Secu
rity
S
erv
ices
Security Asset Monitoring and Management
Threat intelligence,research, detection,
and remediation
Risk and compliance management
Advanced and emerging MSS
Custom to Standard
22
Note: All figures are rounded. The base year is 2013. Source: Frost & Sullivan
Strong growth continues for North American managed security services.
0
2
4
6
8
10
12
14
16
18
20
0
500
1,000
1,500
2,000
2,500
3,000
3,500
2010 2011 2012 2013 2014 2015 2016 2017 2018
Total Managed Security Services Market: Revenue Forecast,North America, 2010–2018
Reven
ue (
$M
)
Gro
wth
Rate
(%
)
Year
23
Note: All figures are rounded. The base year is 2013. Source: Frost & Sullivan
What services are managed security service providers delivering to clients?
Total Managed Security Services Market: Percent Revenue Forecast by Segment, North America, 2013
Risk and compliance management
Threat intelligence, research, detection and
remediation
Advanced and Emerging Managed Security Services
CPE
Hosted
Security asset management and
monitoring
24
How did we get to where we are today?
MaturityDevelopment Growth DeclineTime
Ma
rke
t V
alu
e
Total MSS Market: Market Life Cycle Analysis, North America, 2013
Source: Frost & Sullivan
25
How did we get to where we are today?
CPE-based MSS
MaturityDevelopment Growth DeclineTime
Ma
rke
t V
alu
e
Although the need for hosted security services is increasing in demand, its growth is slower than expected. The CPE-based MSS segment will remain as the leading service and grow at a healthy rate.
Total MSS Market: Market Life Cycle Analysis, North America, 2013
Source: Frost & Sullivan
26
How did we get to where we are today?
CPE-based MSS
MaturityDevelopment Growth DeclineTime
Ma
rke
t V
alu
e
As the threat landscape evolves, the demand for assessment services will grow.
Assessment services
Although the need for hosted security services is increasing in demand, its growth is slower than expected. The CPE-based MSS segment will remain as the leading service and grow at a healthy rate.
Total MSS Market: Market Life Cycle Analysis, North America, 2013
Source: Frost & Sullivan
27
How did we get to where we are today?
CPE-based MSS
MaturityDevelopment Growth DeclineTime
Ma
rke
t V
alu
e
As the threat landscape evolves, the demand for assessment services will grow.
Assessment services
Although the need for hosted security services is increasing in demand, its growth is slower than expected. The CPE-based MSS segment will remain as the leading service and grow at a healthy rate.
Hosted services continue to experience high growth. Customers are demanding that managed security service providers offer more emerging services from a hosted model. Hosted MSS
Total MSS Market: Market Life Cycle Analysis, North America, 2013
Source: Frost & Sullivan
28
How did we get to where we are today?
CPE-based MSS
Threat detection and remediation
MaturityDevelopment Growth DeclineTime
Ma
rke
t V
alu
e
As the threat landscape evolves, the demand for assessment services will grow.
Assessment services
Although the need for hosted security services is increasing in demand, its growth is slower than expected. The CPE-based MSS segment will remain as the leading service and grow at a healthy rate.
Hosted services continue to experience high growth. Customers are demanding that managed security service providers offer more emerging services from a hosted model. Hosted MSS
Total MSS Market: Market Life Cycle Analysis, North America, 2013
Threat detection and remediation is a growth area in managed security services as providers look to provide higher value services.
Source: Frost & Sullivan
29
How did we get to where we are today?
CPE-based MSS
Threat detection and remediation
MaturityDevelopment Growth DeclineTime
Ma
rke
t V
alu
e
As the threat landscape evolves, the demand for assessment services will grow.
Assessment services
Although the need for hosted security services is increasing in demand, its growth is slower than expected. The CPE-based MSS segment will remain as the leading service and grow at a healthy rate.
Hosted services continue to experience high growth. Customers are demanding that managed security service providers offer more emerging services from a hosted model. Hosted MSS
Total MSS Market: Market Life Cycle Analysis, North America, 2013
Threat detection and remediation is a growth area in managed security services as providers look to provide higher value services.
Advanced (Big Data) Analytics Services
Managed security service providers are launching advanced analytics services in a number of fashions. This is the hottest area in managed security services as managed security service providers look to differentiate and be a high-value solutions provider.
30
Note: All figures are rounded. The base year is 2013. Source: Frost & Sullivan
20112009 2013 2018
Need for combined services:
AV/AS/CF
Hosted demand emerging – but
slower than expected
Growth in Managed SIEM
and log management
Expansion and advancement of mobile security
offerings
Enhanced threat detection & remediation
capabilities
Increase demand in compliance
services
Total MSS Market: Service Technology Road Map, North America, 2010–2018
Managed security migrates to cloud-delivered security
services
Advanced analytics solutions
becomes a key differentiator
MSS evolve to secure changing technology and in parallel with the perceived threat.
31
Note: All figures are rounded. The base year is 2013. Source: Frost & Sullivan
Compliance and threat remediation services are becoming significant segments.
Security asset
management and
monitoring
Risk and compliance
management
Threat intelligence, research, detection
and remediation
Advanced and
Emerging Managed Security Services
2010
Total Managed Security Services Market: Percent Revenue Forecast by Segment
Security asset
management and
monitoring
Risk and compliance
management
Threat intelligence, research, detection
and remediation
Advanced and
Emerging Managed Security Services
2018
Total Managed Security Services Market: Percent Revenue Forecast by Segment
32
Note: All figures are rounded. The base year is 2013. Source: Frost & Sullivan
Solutionary
SilverSky
MegaPath
CenturyLink
Level 3
Nuspire
CompuCom Systems
Alert Logic
Sprint
Masergy
The market is typified by a significant number of participants.
VerizonAT&T
Dell SecureWorks
IBM
Symantec
British Telecom
Trustwave
HP
Percent of RevenueTotal MSS Market: North America, 2013 Notable “Other” Market Participants
Remaining Players 31%
Remaining players are comprised of
managed security service providers that
are NOT including on this slide.
33
Five factors are leading competition
Stronger relationships with Consulting and Professional Services is being required.
Advanced Threat Detection and Remediation Services is becoming a differentiator.
Services are being integrated into Managed Services
Telecommunication providers with managed security service offerings are leveraging their access customers to develop new managed security service accounts.
Need for compliance assistance is a strong source of funding for managed security services.
34
Source: Frost & Sullivan
Predictions
Managed security services to defend against APTs will become increasing popular. This segment will drive market.
1
Compliance will continue to be a strong driver for North American
managed security services. Unfortunately, compliance needs will continue to justify and fund spending for non-compliance related
security spending.
2
Advanced and emerging services will increasingly be introduced to
the market in 2015. Identity and access management, mobile security, and cloud security should lead these new services.
3
35
Source: Frost & Sullivan
Recommendations
North American managed security services providers are advised not to get overly distracted by the hype in the news. Successful providers are the companies that stay close to their customers and provide solutions. Although not “sexy,” managed security service providers that focus on their customers are most success in growing revenue.
1
Threat and incident remediation is THE growth sector. Customers want solutions that solve problems and not just add to the number of alerts to be addressed. The most successful managed security service providers will approach this sector with a unique service attribution such as big data or unique sensory data collection.
2
The linking between managed security services and consulting, professional & technical services is unmistakable. Providing consulting, professional & technical services is not a requirement for managed security services providers . . . unless the provider is looking to grow its revenue.
3
36
Next Steps
Develop Your Visionary and Innovative SkillsGrowth Partnership Service Share your growth thought leadership and ideas or
join our GIL Global Community
Join our GIL Community NewsletterKeep abreast of innovative growth opportunities
Phone: 1-877-GOFROST (463-7678) Email: [email protected]
37
Your Feedback is Important to Us
Growth Forecasts?
Competitive Structure?
Emerging Trends?
Strategic Recommendations?
Other?
Please inform us by “Rating” this presentation.
What would you like to see from Frost & Sullivan?
38
http://twitter.com/fdickson777
Follow Frost & Sullivan on Facebook, LinkedIn, SlideShare, and Twitter
http://www.facebook.com/frankdickson
http://www.linkedin.com/companies/4506
http://www.slideshare.net/FrostandSullivan
39
For Additional Information
Chris Kissel
Industry Analyst
IT & Network Security, IRG-74
(623) 910-7986
Michael Suby
VP of Research
IT & Network Security, IRG-74
(720) 344-4860
Frank Dickson
Principal Analyst
IT & Network Security, IRG-74
(469) 387-0256
Chris Rodriguez
Senior Analyst
IT & Network Security, IRG-74
(210) 477-8423