Managed Security Services: Next Generation for the Cloud-Driven World
As though the alphabet-soup of managed services options wasn’t quite chunky enough, there’s a host of new players in the managed security space as companies work to deliver on new security requirements in a cloud-driven world.
What was, until recently, a relatively well-defined segment is transforming rapidly. Managed security services (MSS) players now include entrants from managed detection and response (MDR) providers, managed services providers (MSPs) expanding into cloud and security, and many value-added resellers (VARs) that are pivoting from reselling products to offering services-led models. Further muddying the water, it is sometimes difficult to distinguish among managed security service provider (MSSP) offerings because of convoluted messaging and similar technical capabilities.
That said, expectations are that demand for managed security services will continue to rise. Adoption will be driven by the growing complexity of enterprise IT infrastructure, including IoT and multicloud challenges; the ongoing shortage of security professionals; and as cyberthreats continue to evolve. In fact, projections forecast a total addressable market for MSS to grow from $24.05 billion in 2018 to $47.65 billion by 2023, according to a report from MarketsandMarkets.
This represents an incredible opportunity for those MSSPs that can adapt to the new dynamics and deliver the greatest value to increasingly security-conscious enterprise customers. To succeed, MSSPs must first recognize how the market’s needs are changing and then identify what new capabilities they will need to address changing demands.
Security Challenges in a Cloud-Driven World
As businesses increasingly operate in multiple clouds, their applications are breaking out from monolithic to distributed, scalable models. Modern applications are built around scalability and automation. This results in an increasing number of processes running in the data center. Workloads span physical servers, virtual machines and containers, delivering new levels of flexibility. As adoption of cloud-native services increases, the complexity of IT infrastructures also increases, with multiple tools, APIs and internal protocols to support. Additionally, more companies are adopting DevOps delivery models, with applications releasing at a high-speed pace and with security policies often being set by the application owners. As all these trends accelerate rapidly, IT is increasingly foundational to meeting business objectives and driving a company’s competitive differentiation.
Perhaps the most sobering effect of these changing dynamics is a dramatically expanded attack surface. With cloud architecture, the perimeter is no longer relevant. Conventional security tools and methods cannot scale to these expanding and ever-changing cloud environments. Security and data center operators lack visibility into their assets and the traffic flowing among them. With this comes inconsistent security policies, leaving any unmonitored server, container or VM as a prime target for an attack launching pad. Once inside the core data center, sophisticated attackers will move laterally in the blind spots of east-west traffic to land, expand and dwell indefinitely. This represents significant risk to businesses and to the MSSPs that secure them.
The emergence of managed detection and response is an acknowledgement of customers’ shifting priorities. MDR moves beyond traditional MSS (i.e., tool management, monitoring and reporting) to include more proactive approaches to identify a breach and manage an incident through remediation. The fact that many MSSPs are embracing this model is a step in the right direction. In fact, according to Gartner’s Market Guide for Managed Detection and Response Services, “By 2020, 15 percent of organizations will be using MDR services, up from less than 5 percent today.”
However, most MDR capabilities are built around endpoint detection and response (EDR) technologies, with protection at the endpoint and perimeter. Although valuable, this approach maintains focus on traditional, north-south attack vectors, leaving significant vulnerabilities and blind spots within the data center. This means that the clear majority of MDR providers still have a significant gap in how they’re protecting the core data center workloads and lateral traffic between them. That’s troubling to customers who understandably want to safeguard the crown jewels of their operations, namely their data center assets.
So, what’s needed? How can MSSPs capitalize on this opportunity? What can providers do to differentiate themselves, gain a competitive edge and create new revenue streams in this changing landscape?
To address the new realities of today’s data centers, the next generation of MSSPs needs a whole new set of capabilities that will address the major security gaps that most every company has today, and that will continue to exasperate them as environments become more diverse and complex.
Visualize the Environment
It all starts with visibility. This is the foundational element of modern security infrastructure that enterprises need but lack. Visibility in this case means the ability to visualize an environment so that operators can see not only which networks, applications and workflows are running, but also the processes, relationships, and dependencies among them. Even the most sophisticated enterprises usually lack this insight, much less the MSSPs that are securing them.
This is fundamental, as you can’t truly secure what you can’t see. Having this level of visibility, both historically and in real time, also provides a range of new possibilities for MSSPs – from threat hunting, incident response, security assessments and audits to gaining new efficiencies in the security operations center. Beyond security, MSSPs that are able to provide comprehensive visibility will provide their customers with extraordinary business value by, for example, enabling improved cloud migration, DevOps, and merger and acquisition (M&A) discovery.
Dictate Security Policy Management
Once deep visibility is achieved, it becomes easier for MSSPs to start deploying security measures specifically designed to reduce the attack surface and secure critical applications and workloads. As every server and application within the data center constitutes an attack surface, MSSPs need a systematic approach to security policy management.
Security policies must follow workloads dynamically as they spin up, down or migrate among cloud instances. These polices dictate which applications can and cannot communicate with each other. MSSPs, on behalf of their clients, should be able to establish security policies around individual or groups of applications, regardless of where they reside in the hybrid data center. Proper security policy management enables an MSSP to measurably reduce the client’s risks while helping meet their compliance requirements.
Segment and Isolate at the Process Level
Then, MSSPs need the ability to enforce policies through segmentation. Microsegmentation is increasingly viewed as the state-of-the-art best practice for securing applications and reducing the attack surface in today’s dynamic data centers. Gartner defines microsegmentation as “the process of implementing isolation and segmentation for security purposes within the virtual data center,” further noting that it reduces the risk of a lateral spread of advanced attacks. Microsegmentation works by securing process-to-process communications—hence the need for visibility. Many enterprise security teams have found it difficult to implement microsegmentation on their own. The ability to deliver microsegmentation as a service can accelerate an MSSP’s advancement toward a “zero trust” services model. This is a novel concept in the MSS space and potentially a huge competitive differentiator for any MSSP that can deliver it.
Detect and Respond
Besides protecting applications from malicious access, microsegmentation has the additional benefit of strengthening automated breach detection and response, in that any attempt at unauthorized communication is an instant indicator of a threat.
Beyond microsegmentation, MSSPs need the ability to identify suspicious activity within east-west traffic. This is a gaping blind spot in most organizations’ defenses that allows attackers that have successfully breached the perimeter to maximize “dwell time” before they’re detected. Innovative MSSPs will employ multiple methods of breach detection in east-west flows, including policy violation, reputation analysis based on threat intelligence, deception, file integrity monitoring, and other mechanisms for detecting unauthorized connection attempts or other suspect behavior in lateral movements. Any suspicious activity should result in the immediate isolation of the attack outside of production. Once quarantined, an attack can be fully analyzed, resulting in deep insights and intelligence that can be used to accelerate remediation or to further fortify a customer’s production environment.
Combine Capabilities for Seamless Offerings
Essential to successful implementation of these new technical capabilities: they must be infrastructure-agnostic, DevOps friendly, carrier-grade scalable, easy to integrate via APIs, and simple to operate. Forward-looking MSSPs will embrace solutions that can address all these requirements in a seamless fashion across heterogeneous environments.
Those that can successfully deliver these capabilities stand to gain a significant competitive advantage. Their highly differentiated service offerings position them as the pioneers in the next-generation of MSS in the cloud-driven world.
Todd Bice is senior director of channels at GuardiCore, where he focuses on the channel strategy and go-to-market execution for the company’s cloud security platform. He has established alignment with strategic partners including services-oriented VARs, MSSPs, cloud transformation providers and global systems integrators. Bice brings more than 18 years of successful revenue performance and business growth in the IT space to his role with expertise in managed services, data center, security software and managed security business models. You may follow Bice on LinkedIn.