Are Managed Services The Best Way To Deliver Security?

IT security is a constantly moving target. As the threat landscape continues to evolve on an hour-by-hour basis, channel partners are weighing the very real possibility that managed services may be the best strategy for keeping their customers safe.

The case is particularly compelling in the SMB segment, and it grows stronger as partners consider best practices for protecting smaller clients. In most cases, these are organizations that are as interested in managing costs as they are in keeping their systems and data secure. But, according to Gartner security analyst Lawrence Pingree, enterprise players are no stranger to managed security either, albeit for different reasons.

"In the high-end enterprise, managed services are engaged when a particular form of security control is believed to be more commoditized," he said. "If you have in-house resources and you wish them to pay closer attention to the more advanced security technologies, then outsourcing the more commoditized technologies to managed service providers has become a popular option. They also engage managed security in places where they can offload the care and feeding of specific functions."

[Related: Unlimited Support: An MSP Recipe For Success? ]

Sponsored post

"The midmarket is more squeezed for resources," he continued. "They engage managed services to augment staff, as opposed to an opportunity to redirect resources that they've already got. At the low end, small businesses typically have very little in-house security expertise available to them. So managed security becomes very helpful to them, especially if they have compliance requirements to satisfy."

Meanwhile, market research from Gartner clearly reinforces the notion that managed security is gaining industry momentum. According to Pingree's report, the growth rate for managed security is more than double that of the rest of the security industry without managed services in the equation.

"We expect managed security services to represent $10.9 billion of spend in 2013, extending to $17.7 billion in 2016 with compound annual growth rate through the period of 16.8 percent," he said. "We expect managed security to grow 15.9 percent in 2013 alone."

Gartner expects the overall security industry, including managed security, to grow at an 8.9 percent compound annual growth rate from 2011 through 2016, representing an increase from $60.6 billion to $85.6 billion.

"The managed security services segment is growing its 16.8 percent CAGR," he said. "That's the highest growth rate in security. The average growth rate for security is 6.9 percent, if you take managed security services out of the equation. So it's more than double the average growth rate for the rest of security."

Pingree also sees channel partners recognizing this opportunity and leveraging it to the fullest extent, whenever possible. He suggests that many partners are leveraging the offers of other providers while at the same time finding creative ways to differentiate themselves and maintain customer stickiness.

"There is obviously a transition underway from a capital expense-based deployment to an operating expense-based service engagement," he said. "So the partners who used to sell products are now turning increasingly towards a service orientation. Sometimes they leverage service catalogs from distributors or cloud service brokers, such as Jamcracker. But in order to gain additional revenue, they need to add their own services and points of differentiation into the equation."

NEXT: The View From The Channel

Gartner's Pingree's observation largely matches the experience of Prevalent Networks, a Warren, N.J.-based MSP and consulting company, which morphed from a value-added resale company towards a stronger managed services footing over a six-year period. Their customers, according to managing director Jonathan Dambrot, have become much more interested in discussing managed security services than they were during the early days of the transition.

"I think you're looking at the second genesis of the solution provider," said Dambrot. "The first genesis occurred eight to 10 years ago when companies like ConnectWise provided the infrastructure to manage a managed environment. So, solutions providers on the cutting-edge made that transition and started managed support practices and then began to extend into other service areas. That was MSP 1.0. Now, MSP 2.0 is about organizations that can deliver an application as a service that means solution providers with a vertical market expertise, or a horizontal expertise across a certain portfolio, can be highly successful delivering technologies as a service. We've streamlined a lot of the processes and eliminated a lot of the complexity around managing the technologies."

Dambrot acknowledges that the transition towards managed security was not an easy one.

"It took a couple of years before we really had a stable services model," he said. "We needed to hire new people to help us develop the services model and develop the operations around them. Fortunately, the core resale and consulting business actually continued to grow, which helped to offset the cost of entering the services space. But, we were able to provide value to our customers on both sides of the business, and that is what helped our service take off."

In addition to adopting the MSP model to support security and compliance, Prevalent Networks also functions as an independent software vendor as a means of adding additional differentiation to their value proposition. Over the course of time, the company learned specific strategies for success, as well as specific strategies to avoid.

"One of the things we learned involves a Trojan Horse mentality," he said. "We typically go in with a smaller deal and let the customers become acclimated and develop some confidence in us. Once that is achieved, they tend to be a lot more amenable to larger-scale deals. Once they start deriving value, we become much more entrenched."

A similarly positive experience is reported by Jacob Braun, president of Waka Digital, a Boston-based managed service provider that has an established niche in regulatory compliance and IT security services for the midmarket and enterprise. Similar to Prevalent, Braun's company also includes an ISV practice.

"It's been an interesting progression," he said. "It's a challenge to look at all the infrastructure and technologies and figure out how they relate to the security piece. A lot of companies don't have the internal resources to do that. But, I think the model works well for security. The benefit to the client is that there is a more seamless approach integrated with the business processes, and that there is a team that is watching it 24/7. Success within managed services depends on both the time commitment and a resource commitment. And, security changes by the minute, so this is especially relevant. However, the transition to managed services is not something that can be done lightly, and it's not something that can be done quickly."