We founded the Managed Security Forum (MSF) to address common concerns facing UK providers of managed security, and quickly realised the best way to make a difference was on the demand side. Buyers are faced with global and local companies offering a massive range of capabilities, often with conflicting and contradicting terminology and claims.
That is why the group decided to produce a “Buyers’ Guide to Managed Security” that maps services into basic, core, advanced and complementary and offers advice on what to look for from providers. It shows what is being commoditised and where talent is most valued, allowing CISOs and business owners to work out what they should deliver in-house and where it makes sense to bring in an outside expert.
The report also includes a “Vendor Landscape” outlining the differing focus and strengths of the UK’s leading Managed Security Providers, from telcos and defence companies to regional champions and specialist providers.
The data used in the report came from detailed submissions from MSF members representing the UK’s main Managed Security Providers, anonymised to allow for greater honesty. They recognised that Artificial Intelligence and Data Science may yet change the industry dramatically, but that how and when remains to be seen.
Automation and virtualisation are causing basic capabilities such as Security Device Management to be commoditised, according to data drawn from UK Managed Security Providers. This will put pressure on low skill service providers and increase the value of advanced capabilities such as Threat Hunting and Security Data Science. Industry insiders explain how this is extending the premium for advanced security skills and making the war for talent even more competitive.
We undertook this research in order to begin a conversation rather than deliver a verdict. Managed security occupies a critical and underappreciated role in protecting British corporate and economic interests, and raising the standards in this industry will improve security standards across the UK.
Other findings from the report include:
* Talent remains the top priority for 21% of MSPs, followed by Managed Detection and Response (MDR) and Artificial Intelligence (11% each)
* Security Architects are the hardest roles to fill for 28% of companies, followed by threat intel specialists (22%), threat hunters and senior analysts (16% each)
* Just 30% of MSPs are investing in an internal Data Science function
Managed security is evolving from something like outsourcing to a crucial part of corporate architecture and national defence. This report lays out the capabilities available for buyers of managed security, as well as the challenges faced by providers trying to keep up. It is compelling reading for CISOs and providers alike.