The recently published Forrester Wave and IDC Marketscape reports for Managed Security Services highlight the triple bind that enterprises and government agencies find themselves in when it comes to security. Threats continue to proliferate and grow more serious. Skilled security personnel are hard to find and often difficult to justify as a value add. At the same time, the security industry is introducing myriad new technological solutions – not all of which are proven or easy to fit into an existing security program.
What should you do to make your organization more secure in this environment without the necessity of hiring more security staff or adding CAPEX to your budget? Managed security services offer a potential solution. Whether you work with a Managed Security Services Provider (MSSP) on a limited or extensive basis, they can typically address the skills gap with their own personnel. They can help you choose the right tools from the broad selection on the market. And, they can offer advanced security processes, 24/7 operations, threat intelligence and technologies that are extremely difficult to replicate for all but the largest organizations. Better still, by using an MSSP, you can effectively manage and control your costs.
The trick, of course, is to find the right MSSP. As a buyer, you face complex choices. How should you go about finding an MSSP that will work for your particular organization’s security needs? The Forrester and IDC analyst reports offer a number of helpful ideas to navigate the vendor selection process. Six themes emerge as the analysts describe what sets the best MSSPs apart from the others:
- Flexible delivery models – Flexibility and customization are growing trends in MSS service delivery. Customers want choice when it comes to integrating MSSP technologies, people, and processes into their environments. They may want to keep some services on-premise and others hosted. They need providers who can accommodate various requirements of today’s hybrid IT environments.
- A deep bench of expert staff – Filling in skills gaps may be one of your main reasons for seeking an MSSP. Providers that offer a deep bench of highly experienced security staff are better positioned to offer services that improve the quality of protection, the application of preventative threat intelligence and the rapid resolution of security breaches and incidents. MSSP staff includes security operations center (SOC) and analyst staff as well as consulting staff who offer security training.
- Adoption of cloud models – MSSPs are now offering cloud-based delivery and shared platforms for select security services as well as hybrid implementations, as mentioned above. Many providers are also adopting consumption-based pricing that mirrors cloud pricing models.
- A rich, intuitive portal – The day-to-day operation of managed services, as well as the relationship between the client and MSSP, is increasingly taking place through a sophisticated “pane of glass” dashboard interface. This online interface is the primary conveyor of information about your security posture. A well-designed portal offers transparency into MSSP activity as well. In the spirit of the recommended “Trust but verify” approach to working with an MSSP, the portal should include visual tools, workflows based on roles, sophisticated analytics along with custom reports and views and multiple communication options. Notifications should be available by text, email, IM, chat or voice call, offering your security staff choice in communications options.
- Business-aligned consulting services – A good MSSP has the ability to understand and evaluate your regulatory environment, industry, geography, risk profile, business priorities and security maturity. From there, the MSSP should recommend and execute a security program with practical services that most appropriately balance cost with your unique risk profile.
- Advanced capabilities – MSSPs need to possess capabilities that outstrip anything you do in your own department. These include detection and analytics as well as advanced incident response capabilities to assist with the containment and remediation of attacks.
CenturyLink aligns extremely well with these themes. We were named a “Leader” in the IDC MarketScape: U.S. Emerging Managed Security Services 2016 Vendor Assessment. In addition, The Forrester Wave™: Managed Security Services Providers, North America, Q3 20161 named CenturyLink a “Strong Performer.” The IDC report highlighted several advanced offerings in CenturyLink’s Managed Security Services Suite, such as DDoS and complementary services. The analysts also praised CenturyLink’s flexible delivery models, strong channel presence and pricing methods. CenturyLink is the only communications service provider (CSP) to be named a Leader in the IDC report.
To learn more about how these analyst firms rate the top MSSPs, please access the reports here.