The new Forrester Wave: Managed Security Services Providers, North America, Q3 2016 leads off with two key insights. Forrester analyst Jeff Pollard cites the eye-popping number of exhibitors (550+) at this year’s RSA Conference as evidence that security solution choices on the market today have ballooned out of proportion to most IT departments’ ability to evaluate them. At the same time, the analyst points out that many enterprises lack skilled security staffers and either don’t have the resources or the willingness to invest in recruiting additional talent.
Trapped between an abundance of new solutions and a lack of personnel and confronted with serious new security threats on an almost daily basis, how should enterprises go about mitigating risk? This new Wave report recommends that Managed Security Services Providers (MSSPs) offer an appealing solution. With deep benches of security expertise and the organizational scope to evaluate new technologies, MSSPs offer turnkey security solutions and expertise without requiring enterprises to take on additional headcount or invest in new, untested, or administratively intensive security technologies.
CIOs, security leaders, and procurement departments will find this report extremely helpful when comparing and evaluating the solutions offered by top-rated MSSPs from Forrester’s perspective. It reviews which MSSPs are best equipped to fill security skills gap, reduce complexity and improve the quality of protection. Forrester initially reviewed 44 MSSPs before narrowing the field to a list of the 11 most significant providers in North America. They evaluated MSSPs across 36 different criteria, including expertise and competency, customer experience and business alignment. The report shows how each provider measures up and provides valuable information to help an enterprise choose the right MSSP to meet business needs.
In particular, the report emphasizes the importance of deployment flexibility, pricing, integration and use of existing investments. It stresses that many enterprises are interested in consumption-based pricing as an alternative to the prevalent fee-based model.
The report notes that the MSSP category is evolving rapidly. Enterprise clients now expect highly customized services to meet their needs. Previously, MSSP offers tended to be more standardized. This puts pressure on MSSPs to adapt and be more flexible. They must combine multiple vendor solutions and blend services with existing customer security solutions to better leverage investments in existing technologies. MSSPs should also do more than just store logs. Clients are requiring the same kind of log access and data analysis and manipulation that they would enjoy on their own premises. This, too, requires MSSPs to rethink how they handle client data.
Forrester underscores how the cited MSSPs are intermingling their service offerings. For example, the leading MSSPs are combining traditional consulting, software-as-a-service offerings and managed services. Part of this process involves big upgrades to MSSP portals. Providers want to be easier to work with. In this spirit, they are engaging more deeply with clients, defining responsibilities and knowledge transfers to the customer security team more clearly than ever.
CenturyLink ranked as solid “Strong Performer” among MSSPs assessed in this Wave report, ranked ahead of such peers as Verizon and AT&T. (Another CenturyLink peer and MSSP, Level 3, is not included in the report.) Forrester points to CenturyLink’s delivery capability, expertise and competency, investment in its user interface and its log collection methods as reasons for its “Strong Performer” ranking. CenturyLink was the only provider to achieve a perfect score for its delivery capability, expertise and competency. They also view CenturyLink’s consumption-based pricing model and flexibility in service options as reasons to consider CenturyLink as an MSSP.
For help evaluating MSSP vendors, we invite you to download the Forrester Wave: Managed Security Services Providers, North America, Q3 2016.