It seems not matter who you speak to, they all agree that managed service providers (MSPs) and managed security service providers (MSSPs) have a bright future ahead of them. More and more organizations of all sizes are looking to outsource IT in general and security and compliance in particular. While IBM, AT&T, Symantec and the like offer traditional outsourced managed security, there are a new breed of MSSPs that offer novel approaches to either the technology or delivery of services that give them a distinct advantage. So much so that Forrester Research released a new Wave report highlighting these "emerging" MSSPs.
I had a chance to speak with Ed Ferrara, the lead analyst from Forrester, on this Wave report. While Forrester already has a Wave report for MSSPs, Ed thought the space was dynamic enough, with so many new technologies and delivery methods to warrant a separate report on the leaders in this emerging sector.
The report looked at several criteria for each of the MSSPs:
Each of these criteria was weighted on a 0 to 5 scale. Some of these were weighted with more importance than others. The final rankings are in the chart below:
I was proud to note that two companies I have a connection to were included in the wave report. One was StillSecure, a company I helped launch way back in 2001. I was also a leading contributor in helping StillSecure move to an MSSP model. The other company is Alert Logic, a company I consult for. Alert Logic was also deemed a leader in this report, while StillSecure was a strong contender.
I had a chance to speak with Urvish Vashi, VP of marketing at Alert Logic. Urvish and I worked together back in the dotcom days for another company called Interliant, which ironically was founded by some of the founders of StillSecure as well. Urvish felt that Alert Logic was deemed a leader in the report because of the high references returned by some of its customers and partners, as well as Alert Logic's by-the-cloud, for-the-cloud model. The company has built its business by working with cloud and hosting providers in securing their infrastructure both in the data center and in the cloud. As the cloud becomes a larger piece of the puzzle of organizations' IT infrastructure, Vashi thinks Alert Logic is well positioned to continue its leadership position in this market.
Other MSSPs included in this Wave report are CompuCom Systems, Integralis, Network Box, Perimeter E-Security, Savvis, A CenturyLink Company, Secure Designs, Tata Communications and Vigilant.
Alert Logic is making copies of the report available for download. While this is the first emerging MSSP Wave Report, I am looking forward to future reports to see if new players emerge and how this group fares as the market continues to mature.
As co-founder and Managing Partner at The CISO Group, Alan Shimel is responsible for driving the vision and mission of the company. The CISO Group offers security consulting and PCI compliance management for the payment card industry. Prior to The CISO Group, Alan was the Chief Strategy Officer at StillSecure. Shimel was the public persona of StillSecure as it grew from start up to helping defend some of the largest and most sensitive networks in the world.
Shimel is an often-cited personality in the technology community and is a sought-after speaker at industry and government conferences and events. His commentary about the state of security, open source and life is followed closely by many industry insiders via his blog and podcast, "Ashimmy, After All These Years" (www.ashimmy.com). Alan is now also a regular contributor to The CISO Group’s security.exe blog and podcast. Follow him on Google.
Alan has helped build several successful technology companies by combining a strong business background with a deep knowledge of technology. His legal background, long experience in the field, and New York street smarts combine to form a unique personality.
Disclosure: The CISO Group sells a software-as-a-service PCI compliance application called SAQPro. The company is independent and does not represent any other vendor's products as a reseller.
Policy on comments: Respectful discussion is welcomed! However comments that use inappropriate language, consist of name calling or personal attacks, or include accusations of wrongdoing are not appropriate. Those comments will be deleted or edited.