Kicking off the MSPWorld 2013 conference here today, Edward S. Ferrara, principal research analyst serving security and risk professionals at Forrester Research Inc., told an audience of a couple of hundred attendees that security concerns and constraints at IT organizations of all sizes are shaping up to be a huge disruptive force for them and, thus, a big growth opportunity for managed security services providers (MSSPs) that can win their trust.
In his address, "How customers choose their MSPs," Ferrara highlighted global trends as they relate to how end-user customers are finding, selecting and evaluating their relationships with service providers. What Ferrara discovered during the course of research over the past couple of years was that the market opportunity for what he described as "emerging" MSSPs is as good as, if not better than, it is for the large-enterprise class of providers, such as AT&T, CSC, Dell SecureWorks, Hewlett-Packard, IBM, Symantec, Trustwave, Verizon and Wipro.
This is good news for the emerging MSSP players in attendance at MSPWorld 2013 that have the competency, skills, pricing, customer service, experienced staff and operational flexibility to compete. But it also opens the playing field for customers that are looking for more competitive pricing and choice.
Noting how the outsourcing of security services has waxed and waned since 2002, Ferrara said that research trends indicate that businesses are rushing back to outsource security services such as log management, identity access and management, and email filtering. Forrester estimates the overall annual growth in this area at between 30 to 40 percent. In the midsize market, Forrester pegs growth to be as high as 70 percent annually.
"End-user companies are looking to resolve headaches," said Ferrara. In other words, these companies are deciding where to best focus their internal resources and energy.
According to Forrester, the key reasons companies turn to managed security services are to reduce capital expenditures, fill important security gaps, get more value for the money, keep up with changing industry regulations, address important skills gaps, and control complexity.
Pointing out that businesses spend a lot of money on capital expenditures that don't improve their ability to make a better product, Ferrara said that companies need to look at the cloud business model, since it requires little or no upfront investment.
That's why MSSPs must legally, procedurally and technically prepare for the rise in demand for security services. "They'll be behind the curve if they don't get out in front of it," said Ferrara.
He cited characteristics of leading "emerging" MSSPs: They often offer a variety of technologies, whether proprietary or licensed; provide hands-on customer service in resolving issues; demonstrate effective technical and operational competence; show rapid response to security incidents; and have competitive pricing models.
Ferrara said it's time for MSPs to step in and aid customers in the adoption of the cloud model, noting that cloud computing is now practical for most companies, with security, reliability and availability improving and freedom of choice broadening. He reported that in one 2012 Forrester survey, more than 50 percent of end user organizations said they were ready to adopt cloud services.
Still, he noted that there's a lot of uncertainty for MSPs about legal indemnification around client data and issues of transparency. "These are questions that MSPs will increasingly need to answer for their customers," he said.