Fortinet: Firms Adopting Managed Security Services For Ease Of Use


internet lock

Large enterprises and SMBs are moving toward managed security services to reduce cost and complexity and redouble focus on core competencies, a Fortinet executive said.

The managed security services market has enjoyed a compound annual growth rate of between 15 percent and 17 percent over the past few years as firms look to wholly outsource their cybersecurity operations, according to Stephan Tallent, Fortinet's senior director of MSSP and service enablement. This allows companies to capitalize on economies of scale while reducing their own liability, he said.

"Businesses are looking at security as a utility," Tallent said during XChange 2018, hosted by CRN parent The Channel Company. "They're seeking to migrate risk out of their IT departments and into the hands of professionals."

[Related: Fortinet Snaps Up IoT-Focused Security Firm Bradford Networks]

Sponsored post

Margins for managed security services began to climb sharply in 2011, and now reaching a gross margin of 53.9 percent, according to Tallent. In contrast, Tallent said gross margins for security product resale have fallen all the way down to 15.5 percent as customers opt for more service-intensive operations.

Managed security services now constitute a $12.4 billion market globally, and Tallent said the size of the industry is only expected to continue growing.

Customers want to migrate risk out of their IT department, Tallent said, and avoid having to worry themselves about the loss of intellectual property, compliance regulations, or associated fines. Organizations are also loathe to take it all on themselves given that CEOs and CISOs have lost their jobs as the result of cybersecurity breaches.

"Security is so complex and difficult to do, and it doesn't make much sense for businesses to do it," Tallent said Sunday at the conference, being held Aug. 19 - 21 at the JW Marriott Hill Country in San Antonio, Texas. "They want to have somebody deal with this for them so that they can focus on their core competencies as a business."

Customers also prefer managed security services from an operational expenditure point of view, Tallent said, since it relieves them of the responsibility of having to own gear and then figure out what to do with it once it's time for a refresh. Working with an MSSP makes it possible for businesses to fold all their security hardware, engineering and ongoing support into a monthly recurring bill, according to Tallent.

Some 90 percent of LAN Infotech's clients are looking to fully outsource their security operations due in part to the complexity of the vendor landscape, according to Michael Goldstein, president of the Fort Lauderdale, Fla.-based solution provider.

Over the past nine months, Goldstein said the landscape has fundamentally changed as cybersecurity has evolved from a "what if" discussion at many smaller businesses to an obvious threat. As a result, Goldstein said managed security services have moved from being essentially an industry buzzword to becoming a mainstream expectation for many customers.

Channel partners looking to be successful in managed security services must understand which regulations are most relevant for their customers and find a strong security vendor to stand behind them, Goldstein said.

In the old days, Fortinet's Tallent said, many companies felt like nobody was going to come after them due to their small size or lack of intellectual property. But SMBs have increasingly become a target for bad actors, Tallent said, since they can serve as a springboard into the larger companies they partner with.

"Small businesses serve larger businesses, and you go for the weak point if you're the hacker," Tallent said.

MSSPs are also well-positioned to hear customers decipher the signal from the noise and determine which threats an organization should act upon or be the most concerned about, according to Tallent. Threat intelligence is critical to stopping bad actors, Tallent said, since it allows for greater insight into what they're doing.

From a cost perspective, Tallent said small businesses can either pay $150,000 for an engineer to secure their own environment, or turn to an MSP or MSSP to fill staffing needs. By breaking staffing costs into smaller chunks, Tallent said MSSPs allow small businesses to take advantage of enterprise-level thought leaders and engineers without having to pay the price tag of hiring those individuals themselves.

Tallent said partners looking to break into managed security services will need to determine where to allocate their energy and resources in order to maximize their margin and most effectively address the security issues their customers are facing.

It can be difficult to MSSPs to ascertain what their actual profit margins are, Tallent said, since they need to determine the operational expenses associated with their labor, the cost of actual infrastructure and ongoing support, and then calculate how much money they're making. Tallent encouraged channel partners to focus their sales, marketing and delivery resources to maximize quality and profitability.

"If you try to do all things for all people, you're going to be a failure," Tallent said. "You've got to focus on what you can do well, and what you can make money on."