Organizations turning to managed security service providers for help in boosting data security and regulatory compliance.
Security products continue to improve in capability, yet there is no evidence of a decline in the number and variety of network attacks. At the same time, an increasing number of regulatory mandates are forcing organizations of all sizes to boost data security and privacy. As a result, more and more organizations — particularly those that lack in-house security expertise — are turning to managed security service providers (MSSPs) for help.
An MSSP provides network security services such as firewalls, malware and spam blocking, and intrusion detection and prevention, and employs teams of security experts who keep a handle on the most recent worms and viruses sweeping the Web. Remote monitoring and management allows MSSPs to rapidly detect and mitigate security breaches, and keep the customer’s defenses up-to-date as security threats and business needs change.
“Threats continue to be malicious and complex, and malware is increasing alarmingly, highlighting the need for companies to defend all the endpoints attached to the corporate network,” said Frost & Sullivan research analyst Martha Vazquez. “MSSPs have realized that the key to managing these threats is to seize and maintain the initiative through an increasingly preventive posture.”
According to Frost & Sullivan, MSSPs will see stable demand for their services over the next several years. The North American managed security services market witnessed solid growth of 12 percent in 2008, with revenues of more than $1 billion. The research firm estimates that MSSP revenues will reach $2.4 billion in 2015.
Allaying Fears
In the past, few organizations would seek outsourced security solutions for fear that they would have to give away the keys to the kingdom. Today, organizations are becoming less fearful of handing over sensitive information to qualified MSSPs.
Hackers continue to innovate and refine their attacks in various new formats, making it increasingly difficult and expensive for organizations to maintain robust network security. Rather than continually increasing their security budgets, organizations are seeking more cost-effective security solutions as their internal resources for dealing with security threats fall short. Outsourcing to an MSSP frees them from making investments in security appliances, software and monitoring, and maintaining in-house security skill sets. MSSPs are able to leverage economies of scale to reduce the cost of comprehensive network security.
MSSPs can generate detailed reports on how the security infrastructure is performing, which can improve compliance with regulations such as Sarbanes-Oxley, HIPAA and the Payment Card Industry Data Security Standard. The increasing need for compliance with these mandates is driving the adoption of security services in vertical markets such as manufacturing, energy, retail and utilities.
The best MSSPs offer a broad range of services to meet the security needs of a wide variety of companies, and have multiple operations centers running around the clock in order to achieve continuous management and monitoring. The best MSSPs also employ security specialists with certified expertise across a broad range of security products from a variety of vendors, giving them the freedom to select best-of-breed solutions. Although the MSSP market is relatively new, the best MSSPs have a proven track record of delivering quality security services to a broad range of industry sectors over a long period of time.
ROI Concerns Remain
However, many organizations continue to be reluctant to outsource to MSSPs due to budget constraints and doubts on ROI benefits without actually experiencing a serious breach. Vazquez believes there is a lack of information with regard to damages in terms of costs that serious data breaches entail. Stepping up education on the benefits obtained by outsourcing security to an MSSP is crucial for organizations to realize the tangible benefits of the service.
The confusion over regulatory policies has also remained an issue for many industries. Variations concerning network security laws and liability between different industries and regions are rampant. In addition, the legislation that exists from state to state is creating perplexity in the network security arena. Uncertainties over legislation and compliance are expected to gradually disappear, but will cause a stir in the market as compliance issues evolve and change in the future.
“While the industry-specific legislation is often nebulous, the combination of overlapping and exclusive laws affecting their respective regional markets has been a source of considerable confusion for administrators,” said Vazquez. “Multinational corporations, in particular, are scrambling to comply, and that confusion itself is slowing MSSP industry growth.”
Nonetheless, outsourcing security to an MSSP allows organizations to improve security, comply with regulations, reduce costs and concentrate on core business processes. As security challenges and regulatory mandates continue to grow unabated, managed security services become increasingly attractive.
