IT security has become an arms race as cyber-attacks become more sophisticated and businesses struggle to keep up with the latest attacks. Organizations are aware of their limited capacity to protect their IT infrastructure from increasingly sophisticated cyber-attacks, and that simply relying on their in-house security processes can be very challenging. This is where managed security service providers (MSSPs) come in.
Globally, the managed security services market is estimated to grow at a compound annual growth rate (CAGR) of 14.7% by 2025 and is expected to reach US$ 18,030.9 Mn in the year 2025, according to a ‘Research and Markets’ report.
In particular, the MSSP market in the region is growing rapidly, estimated at 10% CAGR or higher over the next 4 years, adds Anis Tell, Research Director (Telecom & IT Services) at IDC.
“Several high-profile incidents have prompted organizations to take strong measures to avoid future incidents, financial loss, data loss and reputational loss. Organizations in nearly all sectors are pursing security certifications and compliances in order to not only protect but also to compete, leading to more MSSP demand,” he adds.
Working towards building smart cities, the Middle East has integrated IoT into its agendas to ensure that citizens and residents are provided with better and quicker services. Simultaneously, security solutions have also been witnessing quick advancements. As most organizations are unable to cope with the speed to stay updated, the MSSP space can look forward to increasing number of business opportunities.
The Director of Marketing and Business Development at eHosting DataFort, Sachin Bhardwaj adds that parallel to the increasing number of government initiatives enabling more services being provided online, there is an enormous amount of data which needs to be secured. This has provided a tremendous boost to the growth of MSSPs in the region,” says.
Managed Security Services (MSS) have been part of the eHDF portfolio since the start of delivering Hosting Services in 2001 and ever since, has expanded the MSS portfolio to cope with the growing trends in the region. eHDF has also recently launched a Cyber Defense Centre (CDC)/ Security Operations Center (SOC) in the UAE. It offers customers a portfolio of Managed Security Services along with Remote Managed SIEM Services.
Tusharkanti Dave, Practice Head- Cyber Security Intelligence at ProVise Secure Lab explains that while matured security organizations have a unified view of their threat and vulnerability (RISK) landscape, MSSP are ultimately the key enablers to bring any organization to a higher security maturity level through a systematically designed managed security program.”
Any Business enabled by IT and/or exposed to cyber world, needs protection from cyber-attacks. When an organization is in need to improve upon its security maturity level or improve upon its security posture, is when they should look out for a suitable MSSP partner.
According to the Security Architect at Secureworks, Gopan Sivasankaran, all organizations require some level of managed security service. “There are only a few organizations in this region that have the resources or technical know-how to deploy and manage a robust security solution across the enterprise network. In the long-term, organizations and governments should nurture talented staff to boost retention rates, while simultaneously encouraging capable students to enter the field.”
Sivasankaran adds that in reality, the pool of cybersecurity professionals continues to dwindle and while it is critical to fill this gap, it is this very shortage of skills that is driving more and more organizations towards MSSPs.
Bhardwaj agrees that though there is a greater demand for security across business sectors such as healthcare, finance, government, manufacturing, transportation, etc., there exists a massive skills gap, demonstrating the significance of utilizing the services of an MSSP.
Hence it is important to hire, retain and train highly-skilled resources while implementing the right technologies to have the right processes in place for tackling breaches. Since all but the largest enterprises with right level of maturity, budget & focus will find it challenging to do this, the most viable option is to get the experts in by engaging with the right MSSP partner.
In fact, ISACA, a non-profit information security advocacy group, predicts that there will be a global shortage of two million cyber security professionals by 2019. This has given a strong push towards the adoption of MSS and hence the increased demand for using MSSP’s.
The advantages of working with an MSSP are innumerable since the recent high-profile attacks illustrate the tremendous might and motives that today’s cybercriminals possess. At the enterprise level, detecting and predicting the scale of cyber-threats any organization faces is immensely challenging. An MSSP can help organizations stay one step ahead of potential threats by customizing their security infrastructure to solve security and compliance challenges.
Also, MSSPs offer complete managed security services that include round-the-clock monitoring of clients’ IT infrastructure coupled with state-of-the-art prevention of cyber-attacks and threats.
Rise in budgets required to tighten the security of any organization is also pushing the need for investing in the services of MSSPs. Bhardwaj adds that the costs for hardware and software as well as on-going updates and upgrades are something that can be circumvented by shifting away from the CAPEX model to the OPEX model which can be achieved only by partnering with an MSSP.
As cloud, data management and storage gain traction, there is now an added focus on security. Due to increasing sophistication of cyber-attacks it is will prove beneficial for organizations to partner with Managed Security Service Providers.
According to Majid Khan, Manager Cybersecurity Managed Services at Help AG, the MSS market is now catered to by three types of providers – the telecom operators, international providers and local channel players.
“These providers have huge opportunities as each have their own set of advantages. Telecom operators have the necessary infrastructure, brand value and existing penetration into customer accounts, international providers bring a wealth of experience but fail to alleviate security concerns as they require customer data to be managed and stored in out-of-region data centres, while the local players can tailor their services to the specific needs of the market,” explains Khan of Help AG.
Regionally and globally, organizations are looking for cost-effective ways to bolster their security postures despite a shortage of cybersecurity professionals. This is especially helpful in the Middle East wherein the lack of qualified cyber security professionals is a pressing concern.
In terms of where the opportunities are coming from, one avenue could be the spate of small and medium businesses in the region. “MSSPs can invest in best-of-breed technologies that customers – especially SMBs and SMEs – simply would not be able to afford. Further, they have teams of expertly qualified and certified technical professionals and through their work with large pools of clients, they are exposed to and therefore knowledgeable of the threat landscape,” he concludes.