News / Making the right MSSP choice is harder now but choosing well can pay dividends
This week sees the launch of a new piece of research sponsored by Reliance ascn and undertaken for us by the leading European IT research firm PAC-CXP.
The study, “Managing Security in the Digital Era”, was conducted in February this year across the UK, France, Germany, Nordics, Ireland and Netherlands. Just over 200 senior IT and security executives across manufacturing, retail, and transport and services sectors were questioned on investment plans for managed security services.
We think it’s a timely piece of research as threats, compliance and cost pressures are mounting significantly. And this is having an immediate impact on what organisations are now expecting from MSSPs.
The onset of digital transformation, IoT adoption and the subsequent increase in data levels means that organisations need to reappraise the how, what, why and when an MSSP undertakes for the organisation it is servicing.
One of the highlights of the report was a revelation that some businesses are bringing security operations back in house. This was surprising but it could be for two reasons.
One that the MSSP has simply failed to provide the correct level of service or the organisation has decided it is cost effective to bring it back in house, or second, such is the complexity of the data flows or sensitivity of the data that the client feels unable to trust the MSSP to carry this out.
Both scenarios would be worrying. Trust lost between service provider and client is a major failure, but one that suggests that MSSPs are not keeping up with the changing demands of their clients.
But taking operations back in house is not a long term option for many clients. As John Madelin, CEO of Reliance acsn says: “the report has shown that organisations are considering moving more operations in-house. But ultimately, organisations need to focus on securing their critical data and to this properly managed end-to-end security infrastructure is needed, which is challenging for in-house IT departments to handle alone.”
So while bringing security back in house might solve a short term trust or service level problem, it may not be sustainable in the long term.
MSSPs are here to stay but clients are becoming more savvy about the kind of provider they look for, as they realise that business processes in different sectors need variable security approaches.
The lesson for security services providers is that they cannot afford to be complacent about client demands, especially in unpredictable and fast changing trading conditions. End users are now much more likely to continually assess security needs, especially in an age when compliance demands such as GDPR make the consequences of a breach far more wide ranging and damaging to the organisation.
MSSPs need to be as flexible and agile as their clients need to be in digital markets. In short they need to offer full end-to-end security but be prepared to adapt their own approach. An MSSP that simply provides a service that worked on day one, and expect it to be as capable 365 days later is likely to find itself replaced by a more dedicated and flexible competitor.
So while the survey shows a tough security environment for clients, it is also tough for the MSSPs. The best of whom will ensure they have the resources and expertise to step up to the plate and manage security the digital age.
For more details on the survey Managing Security in the Digital Age, please click here.