As I distribute the news of my new startup, Seccom Global , I am getting asked why? And why now? The answer derives from my travels over the last year and a half. I have been to six continents and 28 countries evangelizing both the changes in the threat-scape as well as value proposition of UTM (Unified Threat Management). I am seeing the beginnings of a confluence of factors all of which point to managed security being the next big thing. Those factors include:
The threats. Let’s face it, security is no longer about set and forget firewall rule sets, logs that can be safely ignored, desktop software updates, and vulnerability management. As cyber criminals come in to their own and even nation states start to attack each other it is becoming harder and harder for the typical IT department to stay on top of the problem. Concentrated expertise in an MSSP is the answer.
Regulations. No one can argue that the regulatory environment is going to get any simpler over time. It seems like every data breach results in more calls for laws, and oversight by government. PCI compliance is most easily achieved through third party oversight and outsourcing of onerous record keeping and controls has already started to accelerate.
Data center consolidation. The same trend that is driving the virtualization and band width optimization industries (look at the rapid success of VMWare and Riverbed and yesterday’s acquisition of Packeteer by BlueCoat) is making the connectivity and access from remote offices back to key applications that much more critical. Multiple locations needing reliable, secure connections to those data centers are ideal candidates for outsourced security.
UTM. There is a rapid evolution of gateway security towards new technologies that provide full content inspection and the ability to block threats no matter how they are delivered. While the technical press, analysts and old school security practitioners have pooh-poohed UTM as shoddy technology, perhaps justifiable based on some of the vendors claiming to deliver UTM, the reality is that there truly is demand for solutions that allow vendor consolidation while simplifying management, reporting, and protection. Cisco, Juniper, and Check Point have fueled the demand for UTM with marketing hype while utterly failing to develop UTM solutions. New gateway devices are a challenge to the installed base of MSSP’s who have deployed their own favorite tools but have not developed the ability to support UTM devices.
Take these four factors and add them to the already extant drivers for security outsourcing (lack of expertise, not a core competency, hiring and retention problems) and you have a recipe for a new surge in the security outsourcing market.
And why now? The first part of the answer to that is easy. The rapid changes occurring in the space have generated the opportunity. Acting now will ensure rapid growth. The other part of the answer is related to the economy. A recession is the best time to start a business that has a value proposition based on reducing capital and operational expenditures for its customers. I would probably hold off starting an upscale restaurant today. But, leveraging the trends above is an opportunity that should be addressed just when entrenched competitors are cutting back (Verisign is even diversifying away from managed security) and more and more enterprises are looking at the benefits of security outsourcing.
I have a personal reason for entering the MSSP space as well. My introduction to security came from my experience at Netrex, arguably the first MSSP. Netrex (since sold to ISS, since sold to IBM) would install a server running Check Point Firewall-1 in their data center for each new customer at tremendous investment in hardware and licensing fees. Yet the value was there and I truly enjoyed the connection to the myriad customers as we enabled their business with secure Internet connectivity. It is that closeness to customers that I miss at either a vendor or an analyst firm. There is no closer commercial relationship than a security service provider to its customer. Despite contracts and SLA’s it is a relationship that must be renewed and reinforced on a daily basis.
Of course I will continue to blog here. An MSSP has unique visibility into threat trends and I will continue to evaluate technology and share my thoughts on industry directions.
Richard Stiennon is a security industry analyst. He is currently consulting, speaking and writing on all manner of security topics for IT-Harvest, the IT research firm he founded to cover the security space. He was most recently chief marketing officer for Fortinet. He has served stints at PricewaterhouseCoopers, Gartner, and Webroot Software.
The Leader in Network Knowledge
MSSP not Security SaaS?
As my understanding, recently MSSP is rebranded as Security SaaS, because SaaS is very Hot keyword now.
Do you think there are some difference between Security SaaS and MSSP?
I would like to hear about recent SaaS boom trend.
Always Marketing Guys create a new term and try to creat the market by the new term.
Since you were in Markting career, I expected you use the new term (SaaS).
Thanks,
Koji
Saas does not equal MSSP
@Koji: SaaS is not necessarily the rebranding of MSSP. MSSP's will typically leverage available technology to deliver their services. SaaS uses a specific architecture to provide a given service (in some cases, security). Where SaaS may have its place in an MSSP, the MSSP does not necessarily rely on SaaS technology.
outsource
Outsourcing has so many benefits:
1) Cost Savings
2) Time Zone Benefits
3) Quick Turn Around Time
4) Standardizing Business Processes
and many more....
http://www.outsourcewebsite.com