Understanding the Security and Data Backup Market for ... › u › pdf › Acronis-Omdia-full-report-April-2020_en-US.pdfDifferences exist in MSPs by revenue size as to future most

Brought to you by Informa Tech

Roy Illsley

Distinguished Analyst

[email protected]

Survey of MSPs in UK and US serving SMB customers and understanding the security and data backup market opportunity

April 2020

Understanding the Security and Data Backup Market for Managed Service Providers (MSPs)

© 2020 Omdia

Sponsored By

Information Classification: General

Content• What we did

• Findings

• Current and future capabilities

• Business challenges with achieving future capabilities

• MSP challenges with delivering security as a service

• Key considerations for MSPs when selecting a supplier

• MSPs views on the vendors

• Summary

• Appendix

• Survey demographics

April 2020 © 2020 OmdiaPage 2

What we did



Omdia MSP survey

• Conduct a survey of 263 MSPs in UK and US that serve SMB customers (Figure 1)

• Focused on MSPs that do not use open source technologies.

• Focused on MSPs that either deliver or are planning to deliver security and backup capabilities.


United States, 61%

United Kingdom, 39%

Figure 1: Respondent company location

Current and future capabilities



Top security capability today: minimizing data loss

• Minimizing data loss is #1 most important security capability with nearly 30% of all respondents (Figure 2).

• Minimizing data loss is 10% more important in US than in UK (Figure 2).

• Rapid mitigation is #2 most important security capability with nearly 23% of responses.

• Forensic investigation is lowest rated security capability with only 13% putting it as most important.

• The results show that MSPs consider the ability to protect customers data and deal with known threats quickly as core capabilities. Other capabilities are currently seen as secondary considerations.


Figure 2: Current most important security capabilities

0.00% 20.00% 40.00% 60.00% 80.00% 100.00%

The ability to ensure minimal data loss

Rapid mitigation for discovered cyberthreats

Enforcement of the use of different encryption techniques

Cloud-based solution or an installable solution on an MSP’s own …

A continuous service (zero down-time) while threat mitigation takes place

A secure audit logging service

Automatic assurance that patch-levels are up to date

Cyberthreat detection at the edge and the core

A service that includes securing endpoint devices

A cybersecurity assessment service

Cyberthreat detection using AI/ML technology

Ability to perform a detailed forensic investigation

Most important 2 3 4 5 6 Least important

Figure 3: Top 3 current security capabilities by country

0.00% 5.00% 10.00% 15.00% 20.00% 25.00% 30.00% 35.00% 40.00%


Rapid mitigation for discovered cyberthreats

Enforcement of the use of different encryption techniques

Top 3 % rate as most important Total Top 3 % rate as most important UK Top 3 % rate as most important United States


MSP differ on top security capability depending on size• Minimizing data loss is #1 for MSPs

with revenues of less than $50M (Figure 4).

• Rapid mitigation is #2 for all MSPs , but slightly more important for MSPs with revenues of less than $5M.

• Zero downtime is #1 for MSPs with revenues greater than $50M.

• AI/ML is least important to MSPs with greater than $50M revenue and less than $5M. For MSPs revenue of $5-$50M it was joint third most important.

• Rapid mitigation is a common capability considered important.


Figure 4: MSP by revenue band most important current security capability

0.00%

5.00%

10.00%

15.00%

20.00%

25.00%

30.00%

35.00%

40.00%

The ability toensure minimal

data loss

Rapid mitigationfor discoveredcyberthreats

Enforcement ofthe use ofdifferent

encryptiontechniques

Cloud-based solution or an

installable solution on an

MSP’s own infrastructure

A continuousservice (zerodown-time)while threat

mitigation takesplace

A secure auditlogging service

Automaticassurance thatpatch-levels are

up to date

Cyberthreatdetection at theedge and the

core

A service thatincludessecuringendpointdevices

A cybersecurityassessment

service

Cyberthreatdetection using

AI/MLtechnology

Ability toperform a

detailed forensicinvestigation

Less than $5M $5M to $50M $50M plus


Minimizing data loss remains #1 future security capability

• Minimizing data loss remains the #1 security capability (Figure 5). UK has seen an increase in importance but remains 7% behind North America (Figure 6).

• Zero downtime is second most important as MSPs recognize the need to minimize data loss includes data availability.

• Rapid mitigation and securing endpoints are joint third. Endpoints are now recognized as one of the most common ways security is compromised.

• The US is consistently more interested in the top 3 security future capabilities than UK (Figure 6).


Figure 5: Future most important security capabilities

Figure 6: Top 3 future security capabilities by country

0.00% 10.00% 20.00% 30.00% 40.00% 50.00% 60.00% 70.00% 80.00% 90.00% 100.00%


Zero down-time

Rapid mitigation

Securing endpoint devices


Enforcement of encryption techniques

Automatic assurance



Cloud-based solution or on an MSP’s own infrastructure




0.00% 10.00% 20.00% 30.00% 40.00%


Zero down-time

Rapid mitigation


Top 3 % rate as most important Total Top 3 % rate as most important UK Top 3 % rate as most important North America


Differences exist in MSPs by revenue size as to future most important security capability

• Minimizing data loss remains the top capability for MSPs with revenues below $50M.

• Cyber assessment service is the top future security capability for MSPs with greater than $50M, showing that they believe their capabilities must now extend beyond basic security offerings.

• AI/ML remains least important to MSPs with greater than $50M and less than $5M. This suggests an education issue with understanding the value of AI/ML.

• Zero downtime is second as MSPs recognize that data availability is part of what customers consider data loss.


Figure 7: MSP by revenue band most important future security capability

0.00%

5.00%

10.00%

15.00%

20.00%

25.00%

30.00%

35.00%

40.00%

The ability toensure minimal

data loss

Zero down-time Rapidmitigation

Securingendpointdevices

A cybersecurityassessment

service

Enforcement ofencryptiontechniques

Automaticassurance

Cyberthreatdetection at theedge and the

core

A secure auditlogging service


Cyberthreatdetection using

AI/MLtechnology

Ability toperform adetailedforensic

investigation



0.00% 10.00% 20.00% 30.00%

Zero down-time







Enforcement of encryption techniques

Rapid mitigation



Current Future

Differences between current and future security capabilities

• Zero downtime shows the biggest increase in interest from current to future security capabilities (Figure 8).

• Cyber security assessment shows second biggest increase in interest, with AI cyber detection with third biggest increase.

• Minimizing data loss remains top capability but shows slight decline in interest – probably not much to read into this as it is such a clear top topic of interest.

• Rapid mitigation was the second capability to show a decline of interest from current to future, but again unlikely enough to be of significance.


Figure 8: Most important capability comparing current and future responses

Significant increases

Slight decreases


Automation is the #1 current backup capability

• Automate the backup process is the top most important capability with over 25% putting it most important and nearly 50% as important or higher (Figure 9).

• Ransomware protection was second most important capability.

• Copy test data and RTO/RPO are the least important capabilities with only 13% of respondents.

• US ranked automation much more important than UK, in fact US ranked top 3 consistently more important than UK (Figure 10).


Figure 9: Most important current backup capabilities

Figure 10: Comparison of top 3 UK to US

0.00% 10.00% 20.00% 30.00% 40.00% 50.00% 60.00% 70.00% 80.00% 90.00% 100.00%

Automate the backup process

Provide protection against ransomware

Back up the most popular SaaS solutions (e.g. Office 365)

Protect corporate intellectual property from an insider threat

Operate backup and recovery in accordance with compliance demands

Provide comprehensive visibility to all backup data

Protect cloud-native solutions such as containers and serverless technologies

Support multiple different public clouds as both target and a source

Offer end-user self-service data backup and recovery services

Provide data recovery to dissimilar environments

Deliver rapid RTO and RPO

Provide authorized copies of production data for application/system testing


0.00% 5.00% 10.00% 15.00% 20.00% 25.00% 30.00%






Larger MSPs place automation as more important than smaller MSPs

• Automating backup was put as most important by over 30% of MSPs with revenues greater than $50M and 28% of those in $5M-$50M revenue bracket, compared to 21% of MSPs with revenues less than £5M (Figure 11).

• Protecting IP was the most important capabilities for MSPs with revenues of less than $5M.

• User self service was of least interest to MSPs with over $50M in revenue, with just 9% respondents putting as most important.


Figure 11: Most important current backup capabilities by size of MSP based on revenue

0.00% 5.00% 10.00% 15.00% 20.00% 25.00% 30.00% 35.00%







Protect cloud-native solutions such as containers and serverlesstechnologies





Provide authorized copies of production data for application/systemtesting

Less than $5M $5M - $50M $50M plus


Automation remain #1 most important future capability

• Automate the backup process remains the top-most important capability (Figure 12).

• The need to protect against ransomware –second most important – is driven by increased awareness of this threat and the number of out-of-support Microsoft Windows servers expected to be active in 2020/21 (Figure 12).

• User self-service and test copy data are the two least important future capabilities. This is a reflection of the customers served by the MSPs where internal app dev is not a common capability, and user self-service is not considered important due to lack of understanding of the benefits (Figure 12).

• US more concerned by ransomware than UK (Figure 13).


Figure 13: UK compared to US future most important backup capabilities

0.00% 10.00% 20.00% 30.00%





Figure 12: Most important future backup capabilities

0.00% 20.00% 40.00% 60.00% 80.00% 100.00%







Protect cloud-native solutions



Provide comprehensive visibility

Offer end-user self-service

Provide authorized copies of data for application/system testing



Future backup capabilities

• Automation is the singular most important future backup capability (Figure 14).

• Automation is more popular with those MSPs with revenues of between $5M and $50M, 31% put it as most important compared with 18% of MSPs with $50M+ revenue.

• Copy test data is the least important future capabilities

• Copy test data least significant for MSPs with greater than $50M revenue – 9% put as most important compared to 16% average.

• Most important future capability for MSPs with revenues greater than $50M was support for multiple cloud as source and target for backup data.


Figure 14: Most important future capabilities by MSP size in terms of revenue

0.00% 5.00% 10.00% 15.00% 20.00% 25.00% 30.00% 35.00%







Protect cloud-native solutions



Provide comprehensive visibility

Offer end-user self-service

Provide authorized copies of data for application/system testing



Differences between current and future backup capabilities

• Only 2 capabilities show a decline in interest; visibility and backup of SaaS applications (Figure 15).

• Biggest growing capability of interest is rapid RTO and RPO, which shows a 5% increase in MSPs putting it as most important – organizations are recognizing that speed and completeness of protection is important.

• Second biggest growing capability of interest is recover to dissimilar hardware environments, which shows a 4% increase in MSPs putting it as most important.


Figure 15: Most important capabilities comparison current to future

0.00% 10.00% 20.00% 30.00%




Provide authorized copies of production data for application/system testing





Protect cloud-native solutions such as containers and serverlesstechnologies




Current Future


Customer requested services from MSPs

© 2020 OmdiaPage 16

Most requestedSecond and third most requested

UK compared to US

Customer requested services

20% put security, or security related, as most requested new service, 19% put second, and 11% as third most requested new serviceIn total 50% put security, or security related, as a top 3 most requested new service.

10% put keeping up with technologyand 18% cost as biggest challenges in delivering the most requested new services

UK was higher with 23% compared to US 11% with security as most requested new service

Business Challenges to achieving future capabilities



Key considerations in building a business case for customers

• Maintaining or delivering better levels of service has the highest impact in US (Figure 16).

• Making security work while not impacting the business is the highest impact in UK.

• Biggest difference between US and UK is convincing people that change is needed.

• In UK fewer than 5% report it has a high impact on building a business case, whereas in US it is more than double with 10%.


0% 2% 4% 6% 8% 10% 12% 14% 16% 18% 20%

Maintaing or better level of service

Clear roles and responsibilities in shared model

Convincing customer executive leadership

Agreeing metrics to montor our performance

Dealing with technical debt/sunk costs

Dealing with customer's internal people challenges

Making security work while not impacting business or cultureof customer

Convincing people that change is needed

Evolving security infrastructure none-disruptively

Understanding the business value of customer's data

Pricing for acceptable margin

Auditable record for compliance

UK US

Figure 16: Highest impact considerations on building a business case by country


Lack of skills is the biggest business obstacle for MSPs in adopting new services

• Lack of skills shows the biggest variance between most and least important, demonstrating that the skills shortage is a real concern for MSPs (Figure 17).

• Lack of skills most common obstacle irrespective of MSP size; in fact it was the top response in all size groups.

• We are a specialist MSP is the obstacle with the biggest variance (Figure 18):

• In the 20 – 99 employee MSPs it was second most important obstacle.

• In both fewer than 19 and more than 100 employee MSPs it was the lowest business obstacle.

• This response to the business obstacles shows that MSPs face different pressures depending on their relative size – as such, no one size solution will meet all needs


Figure 17: Difference between important and unimportant

0.00%

5.00%

10.00%

15.00%

20.00%

25.00%

30.00%

35.00%

40.00%

Lack of skills Undifferentiatedsolutions

Cannot makebusiness case

Platform too old Margin on theseis too low

Crowded market Managing toomany suppliers

Supplier does notoffer

We are a specilistMSP

0% 5% 10% 15% 20% 25% 30% 35% 40% 45%

Lack of skills

Customers not asking for these services

Managing too many suppliers

Platform too old

Undifferentiated solutions

Cannot make a business case

Crowded market

Margin on these is too low

Supplier does not offer

We are a specialist MSP

Less than 19 employees 20 to 99 employees More than 100 employees

Figure 18: Most important business obstacle by MSP size number of employees


Organizational obstacles

• Pricing the service is the top obstacle in US, whereas in UK it is having sufficient time (Figure 19).

• US put managing efficiently second, compared to UK where understanding the technology was second.

• UK ranked dealing with too many suppliers as the least important business obstacle.

• US and UK both consider their suppliers as trustworthy, with only 10% and 6% respectively stating that it was an important business obstacle.


Figure 19: Business obstacles by country

0.00%

5.00%

10.00%

15.00%

20.00%

25.00%

30.00%

Understanding/knowing the

technology andits capabilities

Managing thetechnologyefficiently

Understandingthe wider impacton process and

people

Being able tooffer SLAs andguarantees to

customers

Pricing theservice so it is

competitive, anddelivering margin

Understandingthe risk to

business activity

Dealing with theinternal

organizationalchange needed

Having sufficienttime andresources

A lack of trust inthe suppliers and

how they willsupport us

Dealing withworking with toomany different

suppliers

UK North America


Organizational obstacles by operating regions

• Those MSPs operating in two regions put pricing the service as most important –36% of respondents –whereas only 18% of those MSPs operating in one country have pricing the service as most important –as such, pricing in more than one currency is a challenge (Figure 20).

• The biggest challenge for those MSPs operating in country is having sufficient time (Figure 20).


Figure 20: MSP most import organizational obstacles by operating region 0.00% 10.00% 20.00% 30.00%

Having sufficient time and resources

Pricing the service

Understanding the technology and its capabilities

Managing the technology efficiently

Understanding the risk to business activity

Being able to offer SLAs

Understanding the wider impact

Dealing with too many different suppliers

Dealing with the internal organizational change

A lack of trust in the suppliers

Global One region Two regions Country only


Organizational obstacles by MSP size

• Having sufficient time was top for MSPs with less than $5M in revenue, emphasising the pressure to release resources to learn new skills. This supports the finding in the previous slide and indicates smaller MSPs are in country only.

• Pricing the service was most important for MSPs with more than $5M in revenue. This supports the previous slide where operating in more than one country creates problems with pricing.

Month 2020 © 2020 OmdiaPage 22

0.00% 20.00% 40.00% 60.00%

Having sufficient time and resources

Pricing the service

Understanding the technology and its capabilities

Managing the technology efficiently

Understanding the risk to business activity

Being able to offer SLAs

Understanding the wider impact

Dealing with too many different suppliers

Dealing with the internal organizational change

A lack of trust in the suppliers

less than $5M $5M - $50M $50M plus

Figure 21: MSP most import organizational obstacles by MSP size in terms of revenue

MSP challenges with delivering security as a service



People and process challenges with delivering security management as a service• Ability to keep up to date is the top

challenge for MSPs of all size. It was most important to those with revenues of less than $5M (Figure 22).

• Reduction in capex was the least important challenge for MSPs with revenues below $50M. But for those MSPs with more than $50M in revenue it was joint top challenge.

• Enabling greater choice for customers was the least important for MSPs with revenues of less than $5M. The customers of these MSPs are less concerned by choice and are more concerned by cost.


Figure 22: Most important challenge by MSP size in terms of revenue – delivering security as a service

0.00% 10.00% 20.00% 30.00%

Ability to keep up to date withthreats

Understanding of the impact on the business

Ability to acquire the right skills and expertise

The number of IT and security staff needed

Ability to improve our employee engagement, satisfaction, and loyalty

Understanding customer needs/budget/risk tolerance

Ability to retain them as a long-term customer

Ability to foster co-operation among teams

Understanding of how to improve service quality

Enablement of greater choice of solutions to our customers

Reduction of CAPEX through deferring purchasing hardware



People and process challenges with delivering security management as a service• Remaining current in terms of threats was

most important for US MSPs (Figure 23). This was also the challenge with the biggest difference between US and UK.

• Skills showed US and UK in agreement and this demonstrates remaining current is not directly skills related.

• This challenge can be linked to organizational obstacle sufficient time and resources – this was the only obstacle where 20% or more of both UK and US MSPs rated it most important (Figure 18).

• Reducing Capex through deferring purchases is lowest most important challenge for both UK and US MSPs.


Figure 23: Most important technical challenges with delivering security management by country0.00% 5.00% 10.00% 15.00% 20.00% 25.00% 30.00% 35.00%

The number of IT staff needed

Ability to aquire the skills

Impact on the customer of security breach

Remain current in terms of threats

Balancing customer's budge/risk

DevSecOps

Focus on service outcomes

Provide customer's IT staff with more relevant skills

Reduce Capex

Enable greater customer choice of suppliers

Provide our IT staff with skills to help retainment

United Kingdom United States


Technical challenges with delivering security management as a service

• Early identification and isolation is the top technical challenge for MSPs with less than $5M in revenue (Figure 24).

• Encryption as a default for any service was the most important challenge for MSPs with revenues of between $5M and $50M (Figure 24).

• Integrating services, integrated identity and access as well as integrating with other services were joint most import for MSPs with more than $50M in revenue (Figure 25).

• Top country only challenge is encryption as default compared to global where early identification is top challenge (Figure 25).


Figure 24: Top technical challenges by MSP size in terms of revenue

0.00%

5.00%

10.00%

15.00%

20.00%

25.00%

30.00%

35.00%

40.00%

Being able toidentify anattack early

Havingencryption as a

default

Having accessto a database

of knownthreats

Being able toapply

remediationwithout service

disruption

Providing aservice that

covers a widerange ofdifferent

technologies

Having accessto a

vulnerabilityscanningcapability

Having greatervisibility into the

cost of ITservices

Being able to understand and

baseline ‘normal or expected’ behavior

Having anintegratedidentity,

authentication,and accesscapability

Having anautomation

capability forcommon tasks

Integrating theservice with

other functionssuch as

development,testing etc

Isolatingcustomers so

that there is no'noisy neighbor'

syndrome

Less than $5M $5M to $50m $50M plus

0.00% 10.00% 20.00% 30.00% 40.00%

Being able to identify an attack early

Having encryption as a default

Having access to a database of known threats

Being able to apply remediation without service disruption

Providing a service that covers a wide range of different technologies

Having access to a vulnerability scanning capability

Having greater visibility into the cost of IT services

Being able to understand and baseline ‘normal or expected’ behavior

Having an integrated identity, authentication, and access capability

Having an automation capability for common tasks

Integrating the service with other functions such as development, testing etc

Isolating customers so that there is no 'noisy neighbor' syndrome

Global Country only

Figure 25: Top technical challenges by MSP coverage global v local


Technical challenges with delivering security management as a service

• UK MSPs place a database of known threats as the only technical challenge where it is more important than US MSPs (Figure 26).

• Top US technical challenge is early identification with over 30% putting it as most important.

• Top UK technical challenge is encryption by default with 27% putting as most important.

• Broad coverage of technologies is the technical challenge with the biggest difference between UK and US responses.


0%

5%

10%

15%

20%

25%

30%

35%

Database ofknown threats

Vunerabilityscanning

Automation Visibility intocost/benefit

Integratedidentity,

authentication,and access

Encryption asdefault

Early identificationand isolation

Remediationwithout service

distruption

Identifynormal/expected

behaviour

Ability to integratethe service with

otherfunctions/sevices

Isolatingcustomers toavoid noisyneighbour

Broad coverage oftechnologies

UK US

Figure 26: Most important technical challenge by country

Biggest differenceOnly instance where UK greater than US

Key considerations for MSPs when selecting a supplier

Key MSP considerations and the show stoppers preventing MSPs using a supplier’s technology



Supplier selection show MSPs want to control the delivery and manage the customer experience

• Most MSPs want to have everything under their own control, with nearly 30% selecting it as the most important consideration.

• Reducing cost was second most important, closely followed by managing data as if was our own and improving reliability. These three were all within 1% of each other and show a focus on customer experience.

• Fast RTO and RPO were the least important features when selecting a supplier.


0.00%

5.00%

10.00%

15.00%

20.00%

25.00%

30.00%

35.00%

Havingeverythingunder our

control

Reducing thecost of

managing thedata

Managingcustomer data

as our own

Improving thereliability

Demonstratingcompliance

Providing a highlevel of userself-service

Enforceableservice levels

Havingintelligentanalysis

Flexibility tochange theapproach to

meet customerneeds

A DR solutionthat is proven to

work whenneeded

Continuousavailability, ascost is not aprime issue

Fast RTO andRPO

Figure 27: Most important considerations when MSPs are selecting a supplier


US MSPs place more importance on control than UK MSPs

• Global operating MSPs want to have everything under their own control (Figure 28).

• US MSPs are more likely to want to control all aspects of the service delivery than UK MSPs.

• Smaller (fewer than 19 employees) and mid-sized MSPs (20-99 employees) put having everything under our control as most important. Larger MSPs ranked it as the second most important consideration.


Figure 28: Having everything under our control deeper analysis

25.00%

26.00%

27.00%

28.00%

29.00%

30.00%

31.00%

32.00%

33.00%

34.00%

35.00%

Global Regional Country

UK

US

25.00% 26.00% 27.00% 28.00% 29.00% 30.00% 31.00% 32.00%


Global MSPs put cost reduction as top consideration

• In US cost reduction was second most important and is more important than in UK MSPs (Figure 29).

• In UK this was fifth most important with 20%.

• Cost reduction was of least interest to those MSPs operating regionally where it was fourth most important consideration.

• Global operators put cost reduction as the top consideration.

• Reducing costs was second lowest consideration for larger MSPs (greater than $50M revenues) with 15%, compared to nearly double that from MSPs with revenues less than $50M


Figure 29: Reducing cost deeper analysis

0.00% 5.00% 10.00% 15.00% 20.00% 25.00% 30.00% 35.00%

UK

US

0.00%

5.00%

10.00%

15.00%

20.00%

25.00%

30.00%

35.00%

40.00%



Managing data was most important to MSPs with revenues of less than $5M

• Managing data like it is our own is more significant to smaller MSPs

• MSPs with revenues less than $5M rated it second most important with 30%, compared to $6-$50M where it was only 20% (joint-fifth most important)

• Geographic coverage was at odds though, with MSPs with a global presence scoring nearly 29% as most important compared to 24% for regional MSPs (Figure 30).

• US MSPs consider it more important than UK MSPs. UK # consideration was improving reliability with over 30% putting as a most important consideration.


Figure 30: Managing data as our own – deeper analysis

0.00% 5.00% 10.00% 15.00% 20.00% 25.00% 30.00%

UK

US

22.00%

23.00%

24.00%

25.00%

26.00%

27.00%

28.00%

29.00%



What is stopping MSPs

• Lack of fast identification of incidents/threats and automation are the top 2 reasons given by MSPs that are show-stoppers when assessing security management solutions (Figure 31).

• UK top show stopper is fast identification, which is recorded 43% of respondents with a solution that allows MSPs to select the aspect of security they want was #2 with 33%.

• US top 2 (fast identification and automation) are broadly similar with 42% and 41% receptively.


42%

36%

30%

30%

29%

29%

26%

23%

21%

20%

17%

36%

35%

43%

43%

43%

43%

37%

43%

46%

49%

46%

22%

29%

27%

27%

28%

28%

37%

34%

34%

30%

37%

0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%

A solution that enables any threat to be identified quickly and responds by protecting the organizationwhile it is investigated and remediated

A fully automated solution that does not require me to spend time in setting up security policies anddeploying them, it works out-of-the-box

An easy to use yet comprehensive solution to protect a range of environments that comes as a singlepackage

A solution that enables me to define the processes and then automate them, but I remain in control ofany change. This must be an efficient system that does not impose a large overhead

A solution that allows me to select the aspect of security management I want, and does not force meto take capabilities I already have

A solution that provides guarantees on availability and performance impact so I can use it on customer’s environments with confidence

A solution with a good forensic investigation capability so we can dig into any issues and fullyunderstand the root cause

A solution that works for a wide range of environments/technologies from a single UI

A solution that has pre-built integrations with leading vendor solutions in adjacent markets, such asservice desk etc

A solution that comes from a vendor with a long history and reputation in the security market

A solution that comes from a new vendor bringing a fresh approach to security

Show-stopper Desired but not disqualifying Nice-to-have

Figure 31: Attributes MSPs consider show stoppers for delivering security as a service


Show stoppers vary by MSP size

• Being able to define processes and automate them is of least importance to MSPs with more than $50M in revenue (Figure 32).

• Smaller MSPs are less interested in new security vendors.

• A solution that provides guarantees for availability and performance is the attribute that shows most consistency across all MSP sizes.

• Regional MSPs put rapid threat detection most important with 50% saying it is a show stopper compared to 40% of country only MSPs, and 34% of global MSPs.


Figure 32: Top show-stoppers deeper analysis

0.00%

5.00%

10.00%

15.00%

20.00%

25.00%

30.00%

35.00%

40.00%

45.00%

50.00%

Any threat to beidentified quickly

A fullyautomated

solution thatworks out-of-

the-box

An easy to useyet

comprehensivesolution

A solution thatenables me to

define theprocesses andthen automate

them

A solution thatallows me to

select theaspect ofsecurity

management Iwant

A solution thatprovides

guarantees onavailability andperformance

A solution with agood forensicinvestigation

capability

A solution thatworks for a wide

range ofenvironments

A solution thathas pre-built

integrations withleading vendor

solutions

An establishedvendor with a

good reputationin the security

market

A solution thatcomes from anew vendor


MSPs views on the vendors



Vendor perception

• McAfee is most well-known vendor –potentially because it has a strong name in both consumer and business environments

• Not much variation between US and UK MSPs in terms of known vendors

• McAfee with 52% is top current supplier

• Symantec/Broadcom #2 current supplier with 30%


Figure 33: Known vendor

0%

10%

20%

30%

40%

50%

60%

70%

80%

90%

100%

Total United Kingdom United States


Market presence is dominated by McAfee

• McAfee has a much higher market presence than any other vendor (Figure 34).

• McAfee is top market presence in all MSPs with less than $50M in revenue.

• Symantec/Broadcom have biggest market presence in MSPs with revenues of greater than $50M.


Figure 34: Market presence by vertical industry leading

0.00%

5.00%

10.00%

15.00%

20.00%

25.00%

30.00%

35.00%

40.00%

45.00%



Symantec/Broadcom recorded the largest industry leading score in value for money

• McAfee was strongest in value for money in MSPs with revenues less than $50M (Figure 35).

• Symantec/Broadcom is #1 in MSPs with revenues over $50M, and recorded the top score of nearly 30% in this group.

• KnowB4, ThreatConnect, and Mimecastall recorded entries where 0% considered them as industry leading.


Figure 35: Value for money industry leading by vendor

0.00%

5.00%

10.00%

15.00%

20.00%

25.00%

30.00%

35.00%


Summary



Summary

• The needs of MSPs vary by the size and scope of their operations, with pricing being particularly sensitive. Those working globally rate this more than twice as much of a problem as those with operations in country only.

• Minimizing data loss is the clear top security capability, but this varies significantly by MSP size. Zero downtime is the fastest growing security capability.

• Automation and ransomware protection are most important backup capabilities. These indicate customers are looking more broadly at where threats are coming from and how to mitigate them quickly.

• Security as a service is what customer want from MSPs, MSPs want to have everything under their own control, so any supplier to MSPs must be able to deliver:

• Rapid identification of incidents.

• Automation to overcome the lack of skills.

• The biggest vendor in the target market is McAfee – in terms of both perception and actual presence, followed by Symantec/Broadcom.



Thank You

© 2020 Omdia

Sponsored By

Learn more about Acronis Cyber Protect Cloud, the AI-powered integration

of data protection and cybersecurity.

https://www.acronis.com/en-us/cloud/cyber-protect/

Survey demographics



Split between UK and US


39%

61%

United Kingdom

United States


MSP’s revenue profile


Number of employees at MSP

12.55%

13.69%

19.39%

25.86%

28.52%

0%

5%

10%

15%

20%

25%

30%

Less than 4Between 5 and 19Between 20 and 49Between 50 and 99Between 100 and 499

22%

21%

26%

18%

13%

% of respondents

<$1M

$1M -$5M

$6M -$10M

$11M -$50M

$50+M


Geographic presence


Global, 21%

One region, 26%

Two regions, 10%

Country only, 43%

S6: Where does your organization have market presence?


Thank You

© 2020 Omdia

Sponsored By

Learn more about Acronis Cyber Protect Cloud, the AI-powered integration

of data protection and cybersecurity.

https://www.acronis.com/en-us/cloud/cyber-protect/

Documents

Understanding the Security and Data Backup Market for ... › u › pdf › Acronis-Omdia-full-report-April-2020_en-US.pdfDifferences exist in MSPs by revenue size as to future most