As businesses around the world move faster, adopt a more diverse portfolio of technologies, and expand their global footprint, Managed Security Service Providers (MSSPs) can provide substantial value to already overextended security teams. Effective MSSPs in Asia Pacific are helping CISOs rapidly transform security operations, improve talent diversity & breadth and support global business.
To help companies select the right MSSP for them, Forrester evaluated the strengths and weaknesses of 11 of the most important vendors for Managed Security Services in the region, based on each vendor’s current offering, strategy and market presence.
Whilst traditionally these sorts of assessments are conducted globally, the feedback received from CISOs, CIOs and others responsible for cybersecurity in Asia Pacific is that MSSPs which have been successful globally do not necessarily work well for us here in the region. This is completely understandable because Asia Pacific is different in multiple ways. It is a large geography to begin with, encompassing many different cultures, regulations, languages, as well as levels of cybersecurity maturity. Each of these markets have nuisances which need to be well understood and supported by an MSSP.
After four months of deep dives, hours of executive briefings, product demos and customer interviews, our research showed three key takeaways:
Firstly, firms in Asia Pacific are looking for a MSSP who has a customized offering for the region. They are voting with their feet (and money) against some global vendor who is wishing to scale out their offerings here in the region. For firms considering a MSSP provider, ensure you engage the right vendor by examining each provider to see what people they have on the ground, including subject matter experts, salespeople and leadership. This is important as you need to be supported throughout your cybersecurity journey.
Secondly, many firms hereare looking for partnership for integration and co-creation in the MSS space. The technology in this space is changing so fast, and eventually it’s going to be difficult to differentiate the MSSP on technology alone. For example, operational technology threat intelligence is poor across the board, but that is evolving and is on the roadmap for most providers. Also evolving are user experience, security orchestration and automation. All the vendors Forrester examined are including artificial intelligence and machine learning in their roadmap. Eventually, technology will no longer be the differentiator, so firms need to dig a little bit deeper and consider the partnership on a practical day-to-day level. It is important to engage a provider that the firm can trust and work with on a regular basis.
Finally, CISOs in Asia Pacific continue to have to justify their spending and articulate the business value of often expensive investments in managed security services to a largely non-security audience of executives. Currently, this is nearly impossible: Many MSSPs continue to go to market with messaging that is technology-centric and blind to the benefits they provide to businesses, customers, and citizens.
MSSP offerings are very technical by nature, and as they should be. Unfortunately, the downside is that you can get easily bogged down into a level of detail which does not support your own security, let alone business goals. Some providers in the market do an excellent job at paring back this threat intelligence contextually and providing actual business insights that clearly articulate what the technology means to operators, security managers, CISOs and executives. Others were frankly well below par.
Check this out: Top Managed Security Service Companies in APAC