Authored by Cathy Huang, Senior Research Manager, IDC Asia-Pacific.
Comparing MSS Offerings in Asia-Pacific
The recent “IDC MarketScape: 2016 Asia-Pacific Managed Security Services” report evaluated 17 prominent managed security services providers (MSSPs) in the region and identified six market leaders: IBM, NTT Com, CSC, BT, Symantec and Verizon. You’d be surprised how similar some of these vendors’ messages and go-to-market strategies sound if you pay close attention.
The most commonly used terms to describe their MSS offerings include “end to end,” “transformative,” “advanced,” “use of analytics and automation,” and “cloud security,” to name a few. Only after speaking with their customers and analyzing each option critically, however, will you would discover how different they are in reality.
Take flexibility to deliver MSS and onboard MSS customers as an example. The flexibility element is a good demonstration of an MSSP’s capability to leverage cloud architecture and an analytics-driven platform, powered by cognitive systems or any advanced analytics and automation technology. In fact, this links to their target customer segments.
While the majority of the MSSPs evaluated in the study primarily target large enterprises, they demonstrate great flexibility to deliver their MSS offerings and onboard their customers with wide range of options, including self-service, that tend to have a broader spectrum of customers. More importantly, these MSSPs are well-positioned to meet the growing demands of small and midsize businesses.
Another important differentiator is an MSSP’s security operations center (SOC) staffing, capabilities and location. The perception of the SOC as an operations center that processes security alerts is rapidly changing, since they now cater to more complex requirements. This is timely — we are seeing a growing need for broad skills, high levels of automation and seasoned security professionals for more specialized, analytics-focused work.
Some MSSPs boast of staffing their SOCs with Ph.D.-level data scientists ready to extract security context from the vast data stores available, in addition to entry-level monitoring staff. Many have also poured heavy investments into advanced analytics and automation technology. While this is a sound approach, mature MSSPs place equal focus on retaining and training their valuable security talents.
Balancing Business Objectives
While aligning IT security with business outcomes sounds perfectly logical, it is difficult to achieve in reality. The DNA of these two groups — security professionals and line-of-business (LOB) professionals — are too different. This presents communication challenges.
This is slowly changing, however, with improving cybersecurity proficiency in the Asia-Pacific region. A proficient and optimized security program is represented by complex interplay of technology, processes and people. These are all governed by risk management capabilities and driven by a strategy that enables an organization to undergo digital transformation safely.
Mature organizations generally prefer to leverage an external MSSP to create a strong business case for their security investment. More importantly, MSSPs offer the expertise to assist enterprise customers in educating their board on crafting a business-aligned security strategy. Today, only a handful of MSSPs have demonstrated such business acumen and understanding of their clients’ objectives and processes.
The Asia-Pacific MSS market is a very competitive one, with many providers vying for customers. The industry is seeing lots of consolidation, which creates further complexities. For these reasons, it takes a great effort to identify the right MSSP for your organization.