Partners are identifying niche areas like outsourcing management security infrastructure, penetration testing, security and compliance auditing inside the managed security services (MSS), and are investing in skillsets to leverage the opportunities.
The functions of MSS include round-the-clock monitoring and managing of intrusion detection systems and firewalls, overseeing patch management and upgrades, performing security assessments and security audits, and responding to emergencies under tight SLAs.
According to Frost Sullivan’s analysis of the Asia Pacific MSS market in 2012 the market earned revenue of $1.66 billion in 2012 and estimated this to reach $5.34 billion by 2019.
“We have set up a security operations center in Gurgaon and have signed five enterprise customers for managed data leak prevention services”
Vishal Bindra, CEO, ACPL Systems
“Security is the most complex piece in the managed services stack. Many companies, despite investing in the best of security solutions, are keen to outsource the management of their security infrastructure to others,” remarks Rajesh Maurya, Country Manager, Fortinet, India Saarc.
For many partners MSS is a niche business. Informs Satheesh Nair, Director, Unified Stickman, “We are focused on penetration testing, security and compliance auditing.” Stickman has over 70 customers.
Delhi-based ACPL Systems sees two types of customers. The first, after buying the network security hardware and software, is keen to outsource security management. “Most customers do not want to invest in manpower. They prefer to outsource everything including end-point security, virus scans, monitoring and SIEM,” notes Vishal Bindra, CEO, ACPL. He says the second lot prefers to outsource the management of specialized security services. “We have set up a security operations center in Gurgaon and have signed five enterprise customers for managed data leak prevention services.”
Bindra sees increased traction for Web security and advanced persistent threat (APT) services in the days ahead. He informs that over the past year while 60 customers have signed up for MSS, 20 have opted for DLP and APT.
Nair notes that while the services offered were initially on a project basis, many customers are now willing to sign contracts on a managed services model where they are ready to pay per incident for round-the-year support and periodic audits. While many services are technically single-occasion services, Nair says that more customers are signing up for niche services in an outsourced model. “Monitoring event logs not for intrusions but for change management is a service that identifies changes to a system which violate a formal security policy. We are now offering this as a managed service,” Nair adds.