How to Choose the Right Managed Security Service Provider (MSSP) for Your Organization

By Martha Vazquez, Senior Research Analyst at IDC

Organizations are reaching a pivotal time where attacks and threats are becoming more prominent due to an increase in the attack surface. As we move into this digital era, the emergence of new digital channels has become yet another vector of fraud due to the growth of online and mobile transactions, as well as the ways to reach out and interact with customers. Organizations are at risk as company assets are moved into different cloud environments, which provides more opportunities and incentives for cybercriminals to steal critical data and other valuable digital assets. As a result, the need to detect threats quickly and respond to them in real time has become even more crucial in this digital age.

It is already a daunting task for organizations to keep up with security efforts. Now with digital transformation (DX) changing how they operate businesses, even more security challenges are introduced. With the rapid adoption of DX, hybrid IT environments have become the new normal. But what does this all mean? Organizations are shifting various workloads to the cloud — public or private — as well as utilizing on premise solutions. In fact, an IDC study revealed that by 2020, over 90% of enterprises will use multiple cloud services, platforms with more than 1/3 of these organizations establishing mechanisms to operate in a multi- cloud environment. Security now must be viewed differently as organizations shift to different IT environments.

For organizations looking for a strong security posture in a hybrid IT environment, many have turned to outsourcing for cost effectiveness, flexibility, and a way to gain access to emerging and/ or advanced technologies. For organizations to be effective, and respond quicker to threats, organizations need to look at integrating advanced security services such as threat intelligence as well as advanced detection methodologies such as using big data analytics. Detecting and responding to threats today has become more difficult which is why organizations are choosing to outsource security functionality to third party providers. In addition, SLAs (service level agreement) provided by third party outsources are crucial in helping organizations identify and report an incident within a customers’ environment.

Given the complexity around security, how do organizations know what to look for when choosing a provider? Within the Managed Security Services market, there are various providers to look at. At IDC, we have classified some managed security service providers (MSSP)s as being more traditional or MSSP 1.0. which are those that provide the basic core security management and monitoring of firewalls/ IPS, log management, patch management, vulnerability scanning, unified threat management and so forth. Many other providers are going beyond the traditional 1.0 and offering 2.0 services such as managed security information and event management (SIEM), threat intelligence, proactive threat hunting capabilities, identity access management and advanced threat detection capabilities and analytics. Furthermore, 2.0 MSSPs may also offer complementary services such as incident response, breach management and compliance services.

An MSSP must go beyond the traditional management of security functions. With the new IT hybrid environments, it has become even more crucial to detect threats and respond to incidents in a timely manner. In effect, today’s MSSPs must prioritize security alerts and respond to them faster on behalf of their customers.

As a result, there are several things that organizations should consider before choosing the right MSSP especially in light of the advancing and evolving threat landscape. When selecting an MSSP, IDC recommends the following:

• Evaluate an MSSP’s depth and breadth of security functions which includes recommendations around detection and response capabilities as well as complementary services around MSSP 2.0
• Consider the security expertise of the MSSP team. Certifications are important, but buyers should look for an MSSP that acts as a trusted advisor and as an extension to the customer’s IT team.
• Review customer service. Buyers should consider how the engagement will occur between them and an MSSP once the services are established.
• Review development and roadmap. Many organizations are embarking on a digital transformation journey and are changing the way they operate, deliver services, and interact with their customers. It is imperative that an MSSP supports these organizations by providing trusted relationships and the security services needed to achieve their goals.
• Review cloud adoption strategy and future security strategy. Workloads are shifting to multiple cloud platforms. It’s important to select an MSSP that can deliver the offerings that best fit an organization’s business needs and can be flexible to meet future changes occurring within an organization’s infrastructure.
• Look for a provider that will deliver leading-edge security features such as threat intelligence, advanced data correlation and analytics which will help maximize visibility into diverse threats.