RESEARCH STRATEGY REPORT CYBER-SECURITY SERVICES FOR … · boost declining revenue from the enterprise sector reduce churn enhance their brand. The report provides recommendations

Cyber-security services for large enterprises: opportunities for operators

© Analysys Mason Limited 2018

RESEARCH STRATEGY REPORT

analysysmason.com

CYBER-SECURITY SERVICES FOR LARGE ENTERPRISES:

OPPORTUNITIES FOR OPERATORS

PATRICK DONEGAN



KEY QUESTIONS ANSWERED IN THIS REPORT

WHO SHOULD READ THIS REPORT

2

1 Network (or cyber) security consists of the steps necessary in hardware and software, as well as in

human behaviour and processes, to ensure the confidentiality, integrity and availability of

infrastructure and the applications and services that run over it.

This report analyses the opportunity for communications service

providers (operators) to act as managed security service providers

(MSSPs) and sell managed security services to large enterprises.

The MSSP business model gives operators an opportunity to:

▪ boost declining revenue from the enterprise sector

▪ reduce churn

▪ enhance their brand.

The report provides recommendations for operators, and outlines

a framework that will help network security vendors to understand

the MSSP market from an operator perspective.1 It also:

▪ details the factors for success in the MSSP marketplace

▪ includes case studies of three MSSP businesses – IBM

Security, Telefónica and Trustwave.

The report is based on:

▪ Analysys Mason’s research on the MSSP market

▪ a series of interviews and discussions with stakeholders in the

MSSP space, including several MSSPs.

About this report

▪ What role do operators play in the MSSP market today, and what are

their prospects of being competitive in it?

▪ What are the main opportunities and risks?

▪ What are the prospects of new players from industries other than

telecoms entering the MSSP market?

▪ What do telecoms operators need to focus on in order to succeed in the

MSSP market?

▪ To what extent do the world’s leading MSSPs intend to partner with

telecoms operators?

▪ Security and MSSP groups within operators.

▪ Strategy teams and senior executives within operators and vendors that

are defining their organisations’ roles in the cyber-security space.



CONTENTS

3

EXECUTIVE SUMMARY

MARKET OPPORTUNITY AND INVESTMENT REQUIREMENTS

REQUIREMENTS AND OPTIONS FOR MSSP PARTNERING

ASSESSMENT OF POTENTIAL MSSP PARTNERS

APPENDIX: MSSP CASE STUDIES

ABOUT THE AUTHOR AND ANALYSYS MASON



Figure 1: Operators should consider entering the enterprise security market but will need to

overcome some barriers

4

Operators should consider tapping into large enterprise spend

on cyber security. However, they will not succeed with a

‘business-as-usual’ approach – for most, partnerships with

MSSPs will be the best strategy.

Many telecoms operators have declined to enter the MSSP market

because they lack the skills and reach to serve the large

multinational companies that MSSPs have traditionally targeted.

However, operators should consider entering this market because

of the growing demand from large national corporations.

Most operators will need to establish a partnership with a leading

MSSP that has the specialised capabilities that would be costly

and time-consuming to develop internally.

Leading MSSPs, such as IBM Security, SecureWorks, Trustwave

and Telefónica are reaching out to telecoms operators to engage

in such partnerships.

We recommend that operators:

▪ commit to the MSSP space

▪ establish partnerships with leading MSSPs

▪ work closely and collaboratively with MSSP partners to

establish processes to ensure a high-quality service for the

customer.

Executive summary


© Analysys Mason Limited 2018 5

Operators cannot ignore the opportunity to provide security

services to corporations, particularly because core connectivity

revenue is flat (at best) for most providers. However, most

operators are not able to meet the rapidly evolving expectations

that enterprises have of managed security services.

The addressable market for providing security services to

enterprises is substantial – we estimate that large enterprises

spent over USD12 billion worldwide in 2016.1 However, operators

won just 17% of that spend.

This report explores how operators can improve their ability to

address spend by large enterprises on managed security.

MSSPs have focused on large multinational companies and have

paid less attention to large national corporates. These national

corporates are expected to increase their spending on managed

security as the threat level increases and security solutions

become more complex.

Unsurprisingly, the number of players entering the MSSP market is

accelerating. Defence companies (Raytheon and BAE Systems)

and accounting firms (Deloitte and EY) are all exploring it. Cloud

providers like Google and AWS have the potential to be powerful in

this space should they decide to enter it.

Most telecoms operators are not engaged effectively in the

MSSP space.

Most operators either do not offer managed security services or

offer basic services, such as managed firewalls, for large national

customers.

These operators need to rethink their approach if they are to avoid

missing out on the MSSP opportunity. In the context of a growing

volume, variety and sophistication of cyber-security threats, large

enterprises expect a rich suite of managed services driven by

threat intelligence, advanced data analytics and teams of skilled

cyber-security professionals.

Other operators understand these issues and are better placed.

Some, like Telefónica, are aspiring MSSPs and are building out

their businesses to target large national and multinational

companies. A small number of operators like AT&T, BT, NTT

Security, Singtel (through Trustwave) and Verizon have sizable,

MSSP businesses, typically focused on Fortune 500 companies.

Even telecoms operators that are established or aspiring MSSPs

should not underestimate the escalation of requirements – and

hence investment – needed to compete in the long term. Some of

these businesses will not succeed in the long term, because the

locus of competition is moving to the use of threat intelligence

with advanced analytics and highly skilled security analysts.

Most operators risk missing the MSSP opportunity for large enterprises

1 For more information, see Analysys Mason’s Telecoms services for large enterprises: worldwide

forecast 2017–2022. Available at: www.analysysmason.com/le-forecast2017-worldwide-ren01-

ren02.



MSSP Seeking channel

partners

Explicitly seeking

telecoms operator

channel partners

IBM Security Yes Possibly

SecureWorks Yes Possibly

Trustwave

(owned by Singtel)

Yes Yes

Telefónica Yes Yes

6

The established leaders in the MSSP market are ready-made

partners for telecoms operators.

A subset of the world’s largest operators like AT&T, BT and Verizon

are probably capable of succeeding in the MSSP market on their

own.

However, most operators do not have these capabilities and

building them will be challenging. To do so would require large

investment (over USD100 million), an understanding of

specialised requirements and would need the operator to compete

for the limited talent pool of cyber-security professionals. For these

operators, a partnership with an existing MSSP may be the best

way to engage with the market for managed security.

The large existing customer base that operators can offer and the

capabilities of an MSSP is a potent match. Furthermore, many

MSSPs are looking to build on their revenue from large

multinational companies by reaching large national corporates,

many of which have not purchased from large MSSPs before, and

with which local telecoms operators tend to have much stronger

relationships.

The idea of MSSPs partnering with telecoms operators is not new.

IBM has powered an Asia–Pacific operator’s managed security

services for several years. Rogers Canada offers Trustwave

services and BAE Systems has a partnership with O2 UK.

Figure 2: Potential MSSP partners for telecoms operators

These deals could indicate that there are more to come. At least

four – and probably more – large MSSPs are explicitly looking for

new channel partners, in significant part to reach the large

national corporates.

Delivering high-quality managed security services to enterprises

across separate MSSP and telecoms operator infrastructure is

challenging. Successful partnerships between telecoms operators

and MSSPs require a deep and long-term commitment on both

sides.

MSSPs that can help operators to serve the cyber-security market are

seeking partners



Recommendations

1A strategic commitment is needed if operators are to be serious providers of security to large enterprises.

The opportunity for telecoms operators to serve large enterprises with managed security services for revenue

growth and customer retention is compelling. However, telecoms operators will need to commit to providing large

enterprise customers with a rich suite of managed security services; offering little more than a managed firewall

service will not be sufficient. Operators need to either make a significant commitment to security, or leave the

market to others.

2

3

Operators should partner with leading MSSPs rather than go it alone.

To be successful in the managed security space, providers will need to combine data analytics, machine learning

and threat intelligence. It also requires large teams of costly cyber-security analysts. Most telecoms operators

should access these capabilities by serving as channels to market for established MSSPs, some of which are

actively reaching out to telecoms operators for partnerships. Most operators cannot acquire capabilities at scale

and succeed alone in the MSSP space.

Engage in collaborative change management with MSSP partners to prioritise the end-to-end experience.

Telecoms operators and their MSSP partners must commit to a detailed process for anticipating, explaining,

managing and tracking the impact of frequent changes in their own respective IT and network environments over

time. They must also understand and collaboratively manage the end-to-end impact of changes in their

environments on the enterprise customer’s experience of the service.



CONTENTSCONTENTS

32

EXECUTIVE SUMMARY

MARKET OPPORTUNITY AND INVESTMENT REQUIREMENTS

REQUIREMENTS AND OPTIONS FOR MSSP PARTNERING

ASSESSMENT OF POTENTIAL MSSP PARTNERS

APPENDIX: MSSP CASE STUDIES

ABOUT THE AUTHOR AND ANALYSYS MASON



Patrick Donegan (Senior Contributor) contributes to Analysys Mason’s Telecoms Software and Networks, and Enterprise and IoT research

practices. He specialises in telecoms and IT security and has worked in the telecoms sector for over 25 years. Patrick has led several custom

consulting projects for leading vendor and operator clients in this area. In recent years, his research has focused on the security opportunities

and threats presented by the telecoms sector’s efforts to use more software-controlled networking.

33

About the author



Research from Analysys Mason



Consulting from Analysys Mason



PUBLISHED BY ANALYSYS MASON LIMITED IN JANUARY 2018

Bush House • North West Wing • Aldwych • London • WC2B 4PJ • UK

Tel: +44 (0)20 7395 9000 • Email: [email protected] • www.analysysmason.com/research • Registered in England No. 5177472

© Analysys Mason Limited 2018. All rights reserved. No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means – electronic,

mechanical, photocopying, recording or otherwise – without the prior written permission of the publisher.

Figures and projections contained in this report are based on publicly available information only and are produced by the Research Division of Analysys Mason Limited independently of any

client-specific work within Analysys Mason Limited. The opinions expressed are those of the stated authors only.

Analysys Mason Limited recognises that many terms appearing in this report are proprietary; all such trademarks are acknowledged and every effort has been made to indicate them by the

normal UK publishing practice of capitalisation. However, the presence of a term, in whatever form, does not affect its legal status as a trademark.

Analysys Mason Limited maintains that all reasonable care and skill have been used in the compilation of this publication. However, Analysys Mason Limited shall not be under any liability for

loss or damage (including consequential loss) whatsoever or howsoever arising as a result of the use of this publication by the customer, his servants, agents or any third party.

Documents

RESEARCH STRATEGY REPORT CYBER-SECURITY SERVICES FOR … · boost declining revenue from the enterprise sector reduce churn enhance their brand. The report provides recommendations