As IaaS and PaaS providers continue to grow at rates significantly faster than the overall IT industry – proof that a rapidly increasing percentage of total IT infrastruture resides in and is moving to service provider data centers – the pure-play MSSP business model will fade in significance…even despite the fact that security is becoming more important to mid-market customers, as shown by a recent market survey by SANS and another by RSA.
MSSPs will fade in importance because MSSPs have built their businesses on providing managed IT security for the do-it-yourself crowd. MSSPs tend to support on-prem IT infrastructure for businesses that tend to manage their core infrastructure themselves, or through on-prem partners, but don’t have the internal security team necessary to provide the full spectrum of security services for mission-critical IT infrastructure.
Historically, this has been a good business model with a decent growth rate. With IT infrastructure moving to the cloud, the MSSP market opportunity is slowing and will eventually shrink. Mid-market businesses want to consume IT as a service from IaaS providers who aggregate all elements of the IT infrastructure stack – including security. The historical value proposition of the MSSP is now embedded in the broader IaaS solution. The marketplace is voting with its wallet, and the growth rate of IaaS is already running circles around MSSP growth.
This is not to say that security solutions in the IaaS (or PaaS) world are fully mature. As we recently indicated, progressive IaaS providers are integrating SaaS security offerings into their stack of managed infrastructure services to ensure their customers have the best security solutions available on the market today. This model works and is rapidly being adopted across the hosting industry.
In response to these trends, can (or should) MSSPs secure IaaS infrastruture? I suppose it is possible, but it will be difficult. First MSSPs will need to change their business and value models. The best approach to better-cheaper-faster security solutions for IaaS providers is to deploy solutions built from the ground up to be integrated with IaaS offerings. This means native multi-tenancy, SaaS delivery model, API integration points, and automated provisioning. Most MSSPs on the market today have designed their product, provisioning and business models around on-premise deployment for businesses who are managing their own IT.
While nobody believes in-house IT will disappear, we do believe the default option will increasingly be IaaS/PaaS, putting pressure on MSSPs and creating opportunity for Security SaaS providers.
This is part 8 in a running series of posts by Gray Hall, CEO of Alert Logic on the future of the Service Provider industry. Gray’s experience and background give him a unique vantage point to comment and help lead what the Service Provider of Tomorrow has to do in order to be successful. Parts 1, 2, 3, 4, 5, 6 and 7 are also available here on Secure Cloud Review.
Related articles by Zemanta
- The Service Provider of Tomorrow, part 7: Revenue-producing Infrastructure SaaS Fills the Void (securecloudreview.com)
- Is PaaS Really Going To Replace SaaS? Even For Security? (securecloudreview.com)
- The Service Provider of Tomorrow, Part 4: SLA Segmentation (securecloudreview.com)
- Multi-Tenancy Requires More Than Just Isolating Customers (devcentral.f5.com)
- The Service Provider of Tomorrow, Part 3: SaaS and Cloud Economics (securecloudreview.com)
- The Service Provider of Tomorrow, Part 2: NetSecDevOps (securecloudreview.com)
- More Firms Outsourcing Security To MSSPs (informationweek.com)
- SecureWorks Cited as a Leader in Managed Security Services by Independent Research Firm (prnewswire.com)
{ 3 trackbacks }