Enterprise leaders say that it's becoming difficult to find the highly qualified IT and network security talent they need that's affordable, and so they look to service providers for a solution. According to the latest market study by Forrester Research, demand has been growing.
That said, Forrester believes that using a managed security services provider (MSSP) is more than just a lower-cost alternative to doing the same work in-house. MSSPs are not just managing devices, they also provide insightful analysis that can help with business decisions.
CIOs and other business technology leaders used to resist out-tasking their IT and network security requirements. The talent scarcity issue has helped to change that mindset.
Now, one in four out-task their email filtering, and another 12 percent are very interested in doing so in the next 12 months. Another 13 percent already out-task their vulnerability management and an additional 19 percent say they are very interested in doing so within the next 12 months.
CIOs Budgeting for Managed Security
Although security-related spending didn't grow during most of 2009, Forrester estimates that the managed services market actually grew by approximately 8 percent.
Managed security services (MSS) has evolved considerably. Service offerings exist in various forms -- from pure system management to more sophisticated log analysis using a number of delivery mechanisms, from software-as-a-service (SaaS) and cloud services to on-premises device monitoring and management.
According to Forrester's assessment, while many MSSPs have started to respond to the human resource challenge by offering consulting services, not all providers are equally capable. However, CIOs should expect more MSSPs to further invest in qualified professional services capabilities to provide appropriate integration and consulting guidance.
Managing Security within the Cloud
Forrester said they've received inquiries about providers offering cloud services -- such as distributed denial of service (DDoS) protection and clean-pipe services. Broadband network service providers that own the access circuit have an inherent advantage, because they typically detect and prevent potential attacks sooner than others.
Again, lower cost was the primary driver for moving to a managed services provider, but now cost only ranks fourth in decision criteria. Today there are a number of other incentives to use MSSP services. They include improving the quality of protection; gaining 24x7 support; getting better skill sets and competencies; a reduction is the cost of protection; and decreasing complexity.
Internal security managers are now expected to provide value-added services in support of business objectives -- such as enhancing privacy, achieving compliance, and protecting intellectual property. Therefore, they are demanding additional services from MSSPs, which in return are responding by broadening their traditional service portfolio.
In summary, Forrester offers a key procurement recommendation. They suggest selecting a provider that excels in the specific area you're looking to out-task. They believe that it's extremely important to assess organization culture. It's considered the most important factor that determines whether a relationship is going to succeed. So, start the process by talking to some of the provider's customer references.