Upload
others
View
3
Download
0
Embed Size (px)
Citation preview
Brought to you by Informa Tech
Roy Illsley
Distinguished Analyst
Survey of MSPs in UK and US serving SMB customers and understanding the security and data backup market opportunity
April 2020
Understanding the Security and Data Backup Market for Managed Service Providers (MSPs)
© 2020 Omdia
Sponsored By
Information Classification: General
Content• What we did
• Findings
• Current and future capabilities
• Business challenges with achieving future capabilities
• MSP challenges with delivering security as a service
• Key considerations for MSPs when selecting a supplier
• MSPs views on the vendors
• Summary
• Appendix
• Survey demographics
April 2020 © 2020 OmdiaPage 2
Information Classification: General
Omdia MSP survey
• Conduct a survey of 263 MSPs in UK and US that serve SMB customers (Figure 1)
• Focused on MSPs that do not use open source technologies.
• Focused on MSPs that either deliver or are planning to deliver security and backup capabilities.
April 2020 © 2020 OmdiaPage 4
United States, 61%
United Kingdom, 39%
Figure 1: Respondent company location
Information Classification: General
Top security capability today: minimizing data loss
• Minimizing data loss is #1 most important security capability with nearly 30% of all respondents (Figure 2).
• Minimizing data loss is 10% more important in US than in UK (Figure 2).
• Rapid mitigation is #2 most important security capability with nearly 23% of responses.
• Forensic investigation is lowest rated security capability with only 13% putting it as most important.
• The results show that MSPs consider the ability to protect customers data and deal with known threats quickly as core capabilities. Other capabilities are currently seen as secondary considerations.
April 2020 © 2020 OmdiaPage 6
Figure 2: Current most important security capabilities
0.00% 20.00% 40.00% 60.00% 80.00% 100.00%
The ability to ensure minimal data loss
Rapid mitigation for discovered cyberthreats
Enforcement of the use of different encryption techniques
Cloud-based solution or an installable solution on an MSP’s own …
A continuous service (zero down-time) while threat mitigation takes place
A secure audit logging service
Automatic assurance that patch-levels are up to date
Cyberthreat detection at the edge and the core
A service that includes securing endpoint devices
A cybersecurity assessment service
Cyberthreat detection using AI/ML technology
Ability to perform a detailed forensic investigation
Most important 2 3 4 5 6 Least important
Figure 3: Top 3 current security capabilities by country
0.00% 5.00% 10.00% 15.00% 20.00% 25.00% 30.00% 35.00% 40.00%
The ability to ensure minimal data loss
Rapid mitigation for discovered cyberthreats
Enforcement of the use of different encryption techniques
Top 3 % rate as most important Total Top 3 % rate as most important UK Top 3 % rate as most important United States
Information Classification: General
MSP differ on top security capability depending on size• Minimizing data loss is #1 for MSPs
with revenues of less than $50M (Figure 4).
• Rapid mitigation is #2 for all MSPs , but slightly more important for MSPs with revenues of less than $5M.
• Zero downtime is #1 for MSPs with revenues greater than $50M.
• AI/ML is least important to MSPs with greater than $50M revenue and less than $5M. For MSPs revenue of $5-$50M it was joint third most important.
• Rapid mitigation is a common capability considered important.
April 2020 © 2020 OmdiaPage 7
Figure 4: MSP by revenue band most important current security capability
0.00%
5.00%
10.00%
15.00%
20.00%
25.00%
30.00%
35.00%
40.00%
The ability toensure minimal
data loss
Rapid mitigationfor discoveredcyberthreats
Enforcement ofthe use ofdifferent
encryptiontechniques
Cloud-based solution or an
installable solution on an
MSP’s own infrastructure
A continuousservice (zerodown-time)while threat
mitigation takesplace
A secure auditlogging service
Automaticassurance thatpatch-levels are
up to date
Cyberthreatdetection at theedge and the
core
A service thatincludessecuringendpointdevices
A cybersecurityassessment
service
Cyberthreatdetection using
AI/MLtechnology
Ability toperform a
detailed forensicinvestigation
Less than $5M $5M to $50M $50M plus
Information Classification: General
Minimizing data loss remains #1 future security capability
• Minimizing data loss remains the #1 security capability (Figure 5). UK has seen an increase in importance but remains 7% behind North America (Figure 6).
• Zero downtime is second most important as MSPs recognize the need to minimize data loss includes data availability.
• Rapid mitigation and securing endpoints are joint third. Endpoints are now recognized as one of the most common ways security is compromised.
• The US is consistently more interested in the top 3 security future capabilities than UK (Figure 6).
April 2020 © 2020 OmdiaPage 8
Figure 5: Future most important security capabilities
Figure 6: Top 3 future security capabilities by country
0.00% 10.00% 20.00% 30.00% 40.00% 50.00% 60.00% 70.00% 80.00% 90.00% 100.00%
The ability to ensure minimal data loss
Zero down-time
Rapid mitigation
Securing endpoint devices
A cybersecurity assessment service
Enforcement of encryption techniques
Automatic assurance
Cyberthreat detection at the edge and the core
A secure audit logging service
Cloud-based solution or on an MSP’s own infrastructure
Cyberthreat detection using AI/ML technology
Ability to perform a detailed forensic investigation
Most important 2 3 4 5 6 Least important
0.00% 10.00% 20.00% 30.00% 40.00%
The ability to ensure minimal data loss
Zero down-time
Rapid mitigation
Securing endpoint devices
Top 3 % rate as most important Total Top 3 % rate as most important UK Top 3 % rate as most important North America
Information Classification: General
Differences exist in MSPs by revenue size as to future most important security capability
• Minimizing data loss remains the top capability for MSPs with revenues below $50M.
• Cyber assessment service is the top future security capability for MSPs with greater than $50M, showing that they believe their capabilities must now extend beyond basic security offerings.
• AI/ML remains least important to MSPs with greater than $50M and less than $5M. This suggests an education issue with understanding the value of AI/ML.
• Zero downtime is second as MSPs recognize that data availability is part of what customers consider data loss.
April 2020 © 2020 OmdiaPage 9
Figure 7: MSP by revenue band most important future security capability
0.00%
5.00%
10.00%
15.00%
20.00%
25.00%
30.00%
35.00%
40.00%
The ability toensure minimal
data loss
Zero down-time Rapidmitigation
Securingendpointdevices
A cybersecurityassessment
service
Enforcement ofencryptiontechniques
Automaticassurance
Cyberthreatdetection at theedge and the
core
A secure auditlogging service
Cloud-based solution or on an MSP’s own infrastructure
Cyberthreatdetection using
AI/MLtechnology
Ability toperform adetailedforensic
investigation
Less than $5M $5M to $50M $50M plus
Information Classification: General
0.00% 10.00% 20.00% 30.00%
Zero down-time
A cybersecurity assessment service
Cyberthreat detection using AI/ML technology
Securing endpoint devices
Cyberthreat detection at the edge and the core
Ability to perform a detailed forensic investigation
A secure audit logging service
Enforcement of encryption techniques
Rapid mitigation
Cloud-based solution or on an MSP’s own infrastructure
The ability to ensure minimal data loss
Current Future
Differences between current and future security capabilities
• Zero downtime shows the biggest increase in interest from current to future security capabilities (Figure 8).
• Cyber security assessment shows second biggest increase in interest, with AI cyber detection with third biggest increase.
• Minimizing data loss remains top capability but shows slight decline in interest – probably not much to read into this as it is such a clear top topic of interest.
• Rapid mitigation was the second capability to show a decline of interest from current to future, but again unlikely enough to be of significance.
April 2020 © 2020 OmdiaPage 10
Figure 8: Most important capability comparing current and future responses
Significant increases
Slight decreases
Information Classification: General
Automation is the #1 current backup capability
• Automate the backup process is the top most important capability with over 25% putting it most important and nearly 50% as important or higher (Figure 9).
• Ransomware protection was second most important capability.
• Copy test data and RTO/RPO are the least important capabilities with only 13% of respondents.
• US ranked automation much more important than UK, in fact US ranked top 3 consistently more important than UK (Figure 10).
April 2020 © 2020 OmdiaPage 11
Figure 9: Most important current backup capabilities
Figure 10: Comparison of top 3 UK to US
0.00% 10.00% 20.00% 30.00% 40.00% 50.00% 60.00% 70.00% 80.00% 90.00% 100.00%
Automate the backup process
Provide protection against ransomware
Back up the most popular SaaS solutions (e.g. Office 365)
Protect corporate intellectual property from an insider threat
Operate backup and recovery in accordance with compliance demands
Provide comprehensive visibility to all backup data
Protect cloud-native solutions such as containers and serverless technologies
Support multiple different public clouds as both target and a source
Offer end-user self-service data backup and recovery services
Provide data recovery to dissimilar environments
Deliver rapid RTO and RPO
Provide authorized copies of production data for application/system testing
Most important 2 3 4 5 6 Least important
0.00% 5.00% 10.00% 15.00% 20.00% 25.00% 30.00%
Automate the backup process
Provide protection against ransomware
Back up the most popular SaaS solutions (e.g. Office 365)
Top 3 % rate as most important Total Top 3 % rate as most important UK Top 3 % rate as most important North America
Information Classification: General
Larger MSPs place automation as more important than smaller MSPs
• Automating backup was put as most important by over 30% of MSPs with revenues greater than $50M and 28% of those in $5M-$50M revenue bracket, compared to 21% of MSPs with revenues less than £5M (Figure 11).
• Protecting IP was the most important capabilities for MSPs with revenues of less than $5M.
• User self service was of least interest to MSPs with over $50M in revenue, with just 9% respondents putting as most important.
April 2020 © 2020 OmdiaPage 12
Figure 11: Most important current backup capabilities by size of MSP based on revenue
0.00% 5.00% 10.00% 15.00% 20.00% 25.00% 30.00% 35.00%
Automate the backup process
Provide protection against ransomware
Back up the most popular SaaS solutions (e.g. Office 365)
Protect corporate intellectual property from an insider threat
Operate backup and recovery in accordance with compliance demands
Provide comprehensive visibility to all backup data
Protect cloud-native solutions such as containers and serverlesstechnologies
Support multiple different public clouds as both target and a source
Offer end-user self-service data backup and recovery services
Provide data recovery to dissimilar environments
Deliver rapid RTO and RPO
Provide authorized copies of production data for application/systemtesting
Less than $5M $5M - $50M $50M plus
Information Classification: General
Automation remain #1 most important future capability
• Automate the backup process remains the top-most important capability (Figure 12).
• The need to protect against ransomware –second most important – is driven by increased awareness of this threat and the number of out-of-support Microsoft Windows servers expected to be active in 2020/21 (Figure 12).
• User self-service and test copy data are the two least important future capabilities. This is a reflection of the customers served by the MSPs where internal app dev is not a common capability, and user self-service is not considered important due to lack of understanding of the benefits (Figure 12).
• US more concerned by ransomware than UK (Figure 13).
April 2020 © 2020 OmdiaPage 13
Figure 13: UK compared to US future most important backup capabilities
0.00% 10.00% 20.00% 30.00%
Automate the backup process
Provide protection against ransomware
Protect corporate intellectual property from an insider threat
Top 3 % rate as most important Total Top 3 % rate as most important UK Top 3 % rate as most important North America
Figure 12: Most important future backup capabilities
0.00% 20.00% 40.00% 60.00% 80.00% 100.00%
Automate the backup process
Provide protection against ransomware
Protect corporate intellectual property from an insider threat
Operate backup and recovery in accordance with compliance demands
Back up the most popular SaaS solutions (e.g. Office 365)
Provide data recovery to dissimilar environments
Protect cloud-native solutions
Support multiple different public clouds as both target and a source
Deliver rapid RTO and RPO
Provide comprehensive visibility
Offer end-user self-service
Provide authorized copies of data for application/system testing
Most important 2 3 4 5 6 Least important
Information Classification: General
Future backup capabilities
• Automation is the singular most important future backup capability (Figure 14).
• Automation is more popular with those MSPs with revenues of between $5M and $50M, 31% put it as most important compared with 18% of MSPs with $50M+ revenue.
• Copy test data is the least important future capabilities
• Copy test data least significant for MSPs with greater than $50M revenue – 9% put as most important compared to 16% average.
• Most important future capability for MSPs with revenues greater than $50M was support for multiple cloud as source and target for backup data.
April 2020 © 2020 OmdiaPage 14
Figure 14: Most important future capabilities by MSP size in terms of revenue
0.00% 5.00% 10.00% 15.00% 20.00% 25.00% 30.00% 35.00%
Automate the backup process
Provide protection against ransomware
Protect corporate intellectual property from an insider threat
Operate backup and recovery in accordance with compliance demands
Back up the most popular SaaS solutions (e.g. Office 365)
Provide data recovery to dissimilar environments
Protect cloud-native solutions
Support multiple different public clouds as both target and a source
Deliver rapid RTO and RPO
Provide comprehensive visibility
Offer end-user self-service
Provide authorized copies of data for application/system testing
Less than $5M $5M to $50M $50M plus
Information Classification: General
Differences between current and future backup capabilities
• Only 2 capabilities show a decline in interest; visibility and backup of SaaS applications (Figure 15).
• Biggest growing capability of interest is rapid RTO and RPO, which shows a 5% increase in MSPs putting it as most important – organizations are recognizing that speed and completeness of protection is important.
• Second biggest growing capability of interest is recover to dissimilar hardware environments, which shows a 4% increase in MSPs putting it as most important.
April 2020 © 2020 OmdiaPage 15
Figure 15: Most important capabilities comparison current to future
0.00% 10.00% 20.00% 30.00%
Deliver rapid RTO and RPO
Provide data recovery to dissimilar environments
Protect corporate intellectual property from an insider threat
Provide authorized copies of production data for application/system testing
Support multiple different public clouds as both target and a source
Provide protection against ransomware
Automate the backup process
Operate backup and recovery in accordance with compliance demands
Protect cloud-native solutions such as containers and serverlesstechnologies
Offer end-user self-service data backup and recovery services
Back up the most popular SaaS solutions (e.g. Office 365)
Provide comprehensive visibility to all backup data
Current Future
Information Classification: General
Customer requested services from MSPs
© 2020 OmdiaPage 16
Most requestedSecond and third most requested
UK compared to US
Customer requested services
20% put security, or security related, as most requested new service, 19% put second, and 11% as third most requested new serviceIn total 50% put security, or security related, as a top 3 most requested new service.
10% put keeping up with technologyand 18% cost as biggest challenges in delivering the most requested new services
UK was higher with 23% compared to US 11% with security as most requested new service
Information Classification: General
Key considerations in building a business case for customers
• Maintaining or delivering better levels of service has the highest impact in US (Figure 16).
• Making security work while not impacting the business is the highest impact in UK.
• Biggest difference between US and UK is convincing people that change is needed.
• In UK fewer than 5% report it has a high impact on building a business case, whereas in US it is more than double with 10%.
April 2020 © 2020 OmdiaPage 18
0% 2% 4% 6% 8% 10% 12% 14% 16% 18% 20%
Maintaing or better level of service
Clear roles and responsibilities in shared model
Convincing customer executive leadership
Agreeing metrics to montor our performance
Dealing with technical debt/sunk costs
Dealing with customer's internal people challenges
Making security work while not impacting business or cultureof customer
Convincing people that change is needed
Evolving security infrastructure none-disruptively
Understanding the business value of customer's data
Pricing for acceptable margin
Auditable record for compliance
UK US
Figure 16: Highest impact considerations on building a business case by country
Information Classification: General
Lack of skills is the biggest business obstacle for MSPs in adopting new services
• Lack of skills shows the biggest variance between most and least important, demonstrating that the skills shortage is a real concern for MSPs (Figure 17).
• Lack of skills most common obstacle irrespective of MSP size; in fact it was the top response in all size groups.
• We are a specialist MSP is the obstacle with the biggest variance (Figure 18):
• In the 20 – 99 employee MSPs it was second most important obstacle.
• In both fewer than 19 and more than 100 employee MSPs it was the lowest business obstacle.
• This response to the business obstacles shows that MSPs face different pressures depending on their relative size – as such, no one size solution will meet all needs
April 2020 © 2020 OmdiaPage 19
Figure 17: Difference between important and unimportant
0.00%
5.00%
10.00%
15.00%
20.00%
25.00%
30.00%
35.00%
40.00%
Lack of skills Undifferentiatedsolutions
Cannot makebusiness case
Platform too old Margin on theseis too low
Crowded market Managing toomany suppliers
Supplier does notoffer
We are a specilistMSP
0% 5% 10% 15% 20% 25% 30% 35% 40% 45%
Lack of skills
Customers not asking for these services
Managing too many suppliers
Platform too old
Undifferentiated solutions
Cannot make a business case
Crowded market
Margin on these is too low
Supplier does not offer
We are a specialist MSP
Less than 19 employees 20 to 99 employees More than 100 employees
Figure 18: Most important business obstacle by MSP size number of employees
Information Classification: General
Organizational obstacles
• Pricing the service is the top obstacle in US, whereas in UK it is having sufficient time (Figure 19).
• US put managing efficiently second, compared to UK where understanding the technology was second.
• UK ranked dealing with too many suppliers as the least important business obstacle.
• US and UK both consider their suppliers as trustworthy, with only 10% and 6% respectively stating that it was an important business obstacle.
April 2020 © 2020 OmdiaPage 20
Figure 19: Business obstacles by country
0.00%
5.00%
10.00%
15.00%
20.00%
25.00%
30.00%
Understanding/knowing the
technology andits capabilities
Managing thetechnologyefficiently
Understandingthe wider impacton process and
people
Being able tooffer SLAs andguarantees to
customers
Pricing theservice so it is
competitive, anddelivering margin
Understandingthe risk to
business activity
Dealing with theinternal
organizationalchange needed
Having sufficienttime andresources
A lack of trust inthe suppliers and
how they willsupport us
Dealing withworking with toomany different
suppliers
UK North America
Information Classification: General
Organizational obstacles by operating regions
• Those MSPs operating in two regions put pricing the service as most important –36% of respondents –whereas only 18% of those MSPs operating in one country have pricing the service as most important –as such, pricing in more than one currency is a challenge (Figure 20).
• The biggest challenge for those MSPs operating in country is having sufficient time (Figure 20).
April 2020 © 2020 OmdiaPage 21
Figure 20: MSP most import organizational obstacles by operating region 0.00% 10.00% 20.00% 30.00%
Having sufficient time and resources
Pricing the service
Understanding the technology and its capabilities
Managing the technology efficiently
Understanding the risk to business activity
Being able to offer SLAs
Understanding the wider impact
Dealing with too many different suppliers
Dealing with the internal organizational change
A lack of trust in the suppliers
Global One region Two regions Country only
Information Classification: General
Organizational obstacles by MSP size
• Having sufficient time was top for MSPs with less than $5M in revenue, emphasising the pressure to release resources to learn new skills. This supports the finding in the previous slide and indicates smaller MSPs are in country only.
• Pricing the service was most important for MSPs with more than $5M in revenue. This supports the previous slide where operating in more than one country creates problems with pricing.
Month 2020 © 2020 OmdiaPage 22
0.00% 20.00% 40.00% 60.00%
Having sufficient time and resources
Pricing the service
Understanding the technology and its capabilities
Managing the technology efficiently
Understanding the risk to business activity
Being able to offer SLAs
Understanding the wider impact
Dealing with too many different suppliers
Dealing with the internal organizational change
A lack of trust in the suppliers
less than $5M $5M - $50M $50M plus
Figure 21: MSP most import organizational obstacles by MSP size in terms of revenue
Information Classification: General
People and process challenges with delivering security management as a service• Ability to keep up to date is the top
challenge for MSPs of all size. It was most important to those with revenues of less than $5M (Figure 22).
• Reduction in capex was the least important challenge for MSPs with revenues below $50M. But for those MSPs with more than $50M in revenue it was joint top challenge.
• Enabling greater choice for customers was the least important for MSPs with revenues of less than $5M. The customers of these MSPs are less concerned by choice and are more concerned by cost.
April 2020 © 2020 OmdiaPage 24
Figure 22: Most important challenge by MSP size in terms of revenue – delivering security as a service
0.00% 10.00% 20.00% 30.00%
Ability to keep up to date withthreats
Understanding of the impact on the business
Ability to acquire the right skills and expertise
The number of IT and security staff needed
Ability to improve our employee engagement, satisfaction, and loyalty
Understanding customer needs/budget/risk tolerance
Ability to retain them as a long-term customer
Ability to foster co-operation among teams
Understanding of how to improve service quality
Enablement of greater choice of solutions to our customers
Reduction of CAPEX through deferring purchasing hardware
Less than $5M $5M - $50M $50M plus
Information Classification: General
People and process challenges with delivering security management as a service• Remaining current in terms of threats was
most important for US MSPs (Figure 23). This was also the challenge with the biggest difference between US and UK.
• Skills showed US and UK in agreement and this demonstrates remaining current is not directly skills related.
• This challenge can be linked to organizational obstacle sufficient time and resources – this was the only obstacle where 20% or more of both UK and US MSPs rated it most important (Figure 18).
• Reducing Capex through deferring purchases is lowest most important challenge for both UK and US MSPs.
April 2020 © 2020 OmdiaPage 25
Figure 23: Most important technical challenges with delivering security management by country0.00% 5.00% 10.00% 15.00% 20.00% 25.00% 30.00% 35.00%
The number of IT staff needed
Ability to aquire the skills
Impact on the customer of security breach
Remain current in terms of threats
Balancing customer's budge/risk
DevSecOps
Focus on service outcomes
Provide customer's IT staff with more relevant skills
Reduce Capex
Enable greater customer choice of suppliers
Provide our IT staff with skills to help retainment
United Kingdom United States
Information Classification: General
Technical challenges with delivering security management as a service
• Early identification and isolation is the top technical challenge for MSPs with less than $5M in revenue (Figure 24).
• Encryption as a default for any service was the most important challenge for MSPs with revenues of between $5M and $50M (Figure 24).
• Integrating services, integrated identity and access as well as integrating with other services were joint most import for MSPs with more than $50M in revenue (Figure 25).
• Top country only challenge is encryption as default compared to global where early identification is top challenge (Figure 25).
April 2020 © 2020 OmdiaPage 26
Figure 24: Top technical challenges by MSP size in terms of revenue
0.00%
5.00%
10.00%
15.00%
20.00%
25.00%
30.00%
35.00%
40.00%
Being able toidentify anattack early
Havingencryption as a
default
Having accessto a database
of knownthreats
Being able toapply
remediationwithout service
disruption
Providing aservice that
covers a widerange ofdifferent
technologies
Having accessto a
vulnerabilityscanningcapability
Having greatervisibility into the
cost of ITservices
Being able to understand and
baseline ‘normal or expected’ behavior
Having anintegratedidentity,
authentication,and accesscapability
Having anautomation
capability forcommon tasks
Integrating theservice with
other functionssuch as
development,testing etc
Isolatingcustomers so
that there is no'noisy neighbor'
syndrome
Less than $5M $5M to $50m $50M plus
0.00% 10.00% 20.00% 30.00% 40.00%
Being able to identify an attack early
Having encryption as a default
Having access to a database of known threats
Being able to apply remediation without service disruption
Providing a service that covers a wide range of different technologies
Having access to a vulnerability scanning capability
Having greater visibility into the cost of IT services
Being able to understand and baseline ‘normal or expected’ behavior
Having an integrated identity, authentication, and access capability
Having an automation capability for common tasks
Integrating the service with other functions such as development, testing etc
Isolating customers so that there is no 'noisy neighbor' syndrome
Global Country only
Figure 25: Top technical challenges by MSP coverage global v local
Information Classification: General
Technical challenges with delivering security management as a service
• UK MSPs place a database of known threats as the only technical challenge where it is more important than US MSPs (Figure 26).
• Top US technical challenge is early identification with over 30% putting it as most important.
• Top UK technical challenge is encryption by default with 27% putting as most important.
• Broad coverage of technologies is the technical challenge with the biggest difference between UK and US responses.
April 2020 © 2020 OmdiaPage 27
0%
5%
10%
15%
20%
25%
30%
35%
Database ofknown threats
Vunerabilityscanning
Automation Visibility intocost/benefit
Integratedidentity,
authentication,and access
Encryption asdefault
Early identificationand isolation
Remediationwithout service
distruption
Identifynormal/expected
behaviour
Ability to integratethe service with
otherfunctions/sevices
Isolatingcustomers toavoid noisyneighbour
Broad coverage oftechnologies
UK US
Figure 26: Most important technical challenge by country
Biggest differenceOnly instance where UK greater than US
Key considerations for MSPs when selecting a supplier
Key MSP considerations and the show stoppers preventing MSPs using a supplier’s technology
Month 2020 © 2020 OmdiaPage 28
Information Classification: General
Supplier selection show MSPs want to control the delivery and manage the customer experience
• Most MSPs want to have everything under their own control, with nearly 30% selecting it as the most important consideration.
• Reducing cost was second most important, closely followed by managing data as if was our own and improving reliability. These three were all within 1% of each other and show a focus on customer experience.
• Fast RTO and RPO were the least important features when selecting a supplier.
Month 2020 © 2020 OmdiaPage 29
0.00%
5.00%
10.00%
15.00%
20.00%
25.00%
30.00%
35.00%
Havingeverythingunder our
control
Reducing thecost of
managing thedata
Managingcustomer data
as our own
Improving thereliability
Demonstratingcompliance
Providing a highlevel of userself-service
Enforceableservice levels
Havingintelligentanalysis
Flexibility tochange theapproach to
meet customerneeds
A DR solutionthat is proven to
work whenneeded
Continuousavailability, ascost is not aprime issue
Fast RTO andRPO
Figure 27: Most important considerations when MSPs are selecting a supplier
Information Classification: General
US MSPs place more importance on control than UK MSPs
• Global operating MSPs want to have everything under their own control (Figure 28).
• US MSPs are more likely to want to control all aspects of the service delivery than UK MSPs.
• Smaller (fewer than 19 employees) and mid-sized MSPs (20-99 employees) put having everything under our control as most important. Larger MSPs ranked it as the second most important consideration.
April 2020 © 2020 OmdiaPage 30
Figure 28: Having everything under our control deeper analysis
25.00%
26.00%
27.00%
28.00%
29.00%
30.00%
31.00%
32.00%
33.00%
34.00%
35.00%
Global Regional Country
UK
US
25.00% 26.00% 27.00% 28.00% 29.00% 30.00% 31.00% 32.00%
Information Classification: General
Global MSPs put cost reduction as top consideration
• In US cost reduction was second most important and is more important than in UK MSPs (Figure 29).
• In UK this was fifth most important with 20%.
• Cost reduction was of least interest to those MSPs operating regionally where it was fourth most important consideration.
• Global operators put cost reduction as the top consideration.
• Reducing costs was second lowest consideration for larger MSPs (greater than $50M revenues) with 15%, compared to nearly double that from MSPs with revenues less than $50M
April 2020 © 2020 OmdiaPage 31
Figure 29: Reducing cost deeper analysis
0.00% 5.00% 10.00% 15.00% 20.00% 25.00% 30.00% 35.00%
UK
US
0.00%
5.00%
10.00%
15.00%
20.00%
25.00%
30.00%
35.00%
40.00%
Global Regional Country
Information Classification: General
Managing data was most important to MSPs with revenues of less than $5M
• Managing data like it is our own is more significant to smaller MSPs
• MSPs with revenues less than $5M rated it second most important with 30%, compared to $6-$50M where it was only 20% (joint-fifth most important)
• Geographic coverage was at odds though, with MSPs with a global presence scoring nearly 29% as most important compared to 24% for regional MSPs (Figure 30).
• US MSPs consider it more important than UK MSPs. UK # consideration was improving reliability with over 30% putting as a most important consideration.
April 2020 © 2020 OmdiaPage 32
Figure 30: Managing data as our own – deeper analysis
0.00% 5.00% 10.00% 15.00% 20.00% 25.00% 30.00%
UK
US
22.00%
23.00%
24.00%
25.00%
26.00%
27.00%
28.00%
29.00%
Global Regional Country
Information Classification: General
What is stopping MSPs
• Lack of fast identification of incidents/threats and automation are the top 2 reasons given by MSPs that are show-stoppers when assessing security management solutions (Figure 31).
• UK top show stopper is fast identification, which is recorded 43% of respondents with a solution that allows MSPs to select the aspect of security they want was #2 with 33%.
• US top 2 (fast identification and automation) are broadly similar with 42% and 41% receptively.
April 2020 © 2020 OmdiaPage 33
42%
36%
30%
30%
29%
29%
26%
23%
21%
20%
17%
36%
35%
43%
43%
43%
43%
37%
43%
46%
49%
46%
22%
29%
27%
27%
28%
28%
37%
34%
34%
30%
37%
0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%
A solution that enables any threat to be identified quickly and responds by protecting the organizationwhile it is investigated and remediated
A fully automated solution that does not require me to spend time in setting up security policies anddeploying them, it works out-of-the-box
An easy to use yet comprehensive solution to protect a range of environments that comes as a singlepackage
A solution that enables me to define the processes and then automate them, but I remain in control ofany change. This must be an efficient system that does not impose a large overhead
A solution that allows me to select the aspect of security management I want, and does not force meto take capabilities I already have
A solution that provides guarantees on availability and performance impact so I can use it on customer’s environments with confidence
A solution with a good forensic investigation capability so we can dig into any issues and fullyunderstand the root cause
A solution that works for a wide range of environments/technologies from a single UI
A solution that has pre-built integrations with leading vendor solutions in adjacent markets, such asservice desk etc
A solution that comes from a vendor with a long history and reputation in the security market
A solution that comes from a new vendor bringing a fresh approach to security
Show-stopper Desired but not disqualifying Nice-to-have
Figure 31: Attributes MSPs consider show stoppers for delivering security as a service
Information Classification: General
Show stoppers vary by MSP size
• Being able to define processes and automate them is of least importance to MSPs with more than $50M in revenue (Figure 32).
• Smaller MSPs are less interested in new security vendors.
• A solution that provides guarantees for availability and performance is the attribute that shows most consistency across all MSP sizes.
• Regional MSPs put rapid threat detection most important with 50% saying it is a show stopper compared to 40% of country only MSPs, and 34% of global MSPs.
April 2020 © 2020 OmdiaPage 34
Figure 32: Top show-stoppers deeper analysis
0.00%
5.00%
10.00%
15.00%
20.00%
25.00%
30.00%
35.00%
40.00%
45.00%
50.00%
Any threat to beidentified quickly
A fullyautomated
solution thatworks out-of-
the-box
An easy to useyet
comprehensivesolution
A solution thatenables me to
define theprocesses andthen automate
them
A solution thatallows me to
select theaspect ofsecurity
management Iwant
A solution thatprovides
guarantees onavailability andperformance
A solution with agood forensicinvestigation
capability
A solution thatworks for a wide
range ofenvironments
A solution thathas pre-built
integrations withleading vendor
solutions
An establishedvendor with a
good reputationin the security
market
A solution thatcomes from anew vendor
Less than $5M $5M - $50M $50M plus
Information Classification: General
Vendor perception
• McAfee is most well-known vendor –potentially because it has a strong name in both consumer and business environments
• Not much variation between US and UK MSPs in terms of known vendors
• McAfee with 52% is top current supplier
• Symantec/Broadcom #2 current supplier with 30%
April 2020 © 2020 OmdiaPage 36
Figure 33: Known vendor
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
Total United Kingdom United States
Information Classification: General
Market presence is dominated by McAfee
• McAfee has a much higher market presence than any other vendor (Figure 34).
• McAfee is top market presence in all MSPs with less than $50M in revenue.
• Symantec/Broadcom have biggest market presence in MSPs with revenues of greater than $50M.
April 2020 © 2020 OmdiaPage 37
Figure 34: Market presence by vertical industry leading
0.00%
5.00%
10.00%
15.00%
20.00%
25.00%
30.00%
35.00%
40.00%
45.00%
Less than $5M $5M - $50M $50M plus
Information Classification: General
Symantec/Broadcom recorded the largest industry leading score in value for money
• McAfee was strongest in value for money in MSPs with revenues less than $50M (Figure 35).
• Symantec/Broadcom is #1 in MSPs with revenues over $50M, and recorded the top score of nearly 30% in this group.
• KnowB4, ThreatConnect, and Mimecastall recorded entries where 0% considered them as industry leading.
April 2020 © 2020 OmdiaPage 38
Figure 35: Value for money industry leading by vendor
0.00%
5.00%
10.00%
15.00%
20.00%
25.00%
30.00%
35.00%
Less than $5M $5M to $50M $50M plus
Information Classification: General
Summary
• The needs of MSPs vary by the size and scope of their operations, with pricing being particularly sensitive. Those working globally rate this more than twice as much of a problem as those with operations in country only.
• Minimizing data loss is the clear top security capability, but this varies significantly by MSP size. Zero downtime is the fastest growing security capability.
• Automation and ransomware protection are most important backup capabilities. These indicate customers are looking more broadly at where threats are coming from and how to mitigate them quickly.
• Security as a service is what customer want from MSPs, MSPs want to have everything under their own control, so any supplier to MSPs must be able to deliver:
• Rapid identification of incidents.
• Automation to overcome the lack of skills.
• The biggest vendor in the target market is McAfee – in terms of both perception and actual presence, followed by Symantec/Broadcom.
April 2020 © 2020 OmdiaPage 40
Brought to you by Informa Tech
Thank You
© 2020 Omdia
Sponsored By
Learn more about Acronis Cyber Protect Cloud, the AI-powered integration
of data protection and cybersecurity.
Information Classification: General
Split between UK and US
April 2020 © 2020 OmdiaPage 43
39%
61%
United Kingdom
United States
Information Classification: General
MSP’s revenue profile
April 2020 © 2020 OmdiaPage 44
Number of employees at MSP
12.55%
13.69%
19.39%
25.86%
28.52%
0%
5%
10%
15%
20%
25%
30%
Less than 4Between 5 and 19Between 20 and 49Between 50 and 99Between 100 and 499
22%
21%
26%
18%
13%
% of respondents
<$1M
$1M -$5M
$6M -$10M
$11M -$50M
$50+M
Information Classification: General
Geographic presence
April 2020 © 2020 OmdiaPage 45
Global, 21%
One region, 26%
Two regions, 10%
Country only, 43%
S6: Where does your organization have market presence?
Brought to you by Informa Tech
Thank You
© 2020 Omdia
Sponsored By
Learn more about Acronis Cyber Protect Cloud, the AI-powered integration
of data protection and cybersecurity.