Drivers for managed security services include 24/7 monitoring, the skills gap, threat prevention and cloud

According to 451 Research’s Information Security, Technology Roadmap 2022 study, 59% of respondents plan to increase their spending on managed security services in the next 12 months, and 19% say that increase will be “significant.” However, MSS is a broad market category that can include a wide range of providers, technologies and services. Our Information Security, Managed Security Services 2022 survey explores the nature of this demand and provides deeper insight into MSS market growth by asking enterprises about the types of MSS providers and services they are using, and the primary drivers for adoption.

The take

Full-time (24/7) security monitoring and the cybersecurity skills gap remain the most prevalent buying drivers for MSS, although cloud migrations are a major factor as well. Enterprises are seeking these capabilities from a wide range of providers, including managed IT services, traditional MSS and emerging security specialists. Managed detection and response (MDR) providers, security operations center (SOC)-as-a-service providers and hyperscalers — the latter a more significant emerging factor in MSS — have seen substantial media hype in recent months, but they are not yet as prevalent in our findings as traditional MSS providers. Overall, survey results indicate that demand for various types of MSS will remain strong over the next several years.

Summary of Findings

Full-time coverage and the cybersecurity skills gap stand out as major drivers for MSS. Security monitoring 24/7 (41%) is the most-cited driver for MSS adoption. This speaks to the increased demand for threat detection and response services offered by traditional MSS providers, as well as by newer entrants such as MDR specialists. Incident response (17%) and closing the skills gap (15%) are also reported as motivators, with demand for specific skills adding to responses — strong evidence that the cybersecurity skills gap remains a major challenge for enterprises and a primary driver for buying MSS. When asked how their SOC is staffed, 46% of respondents say there is an even mix of in-house and outsourced staffing, 36% say it is staffed mostly in-house, 16% say mostly outsourced and only 2% of MSS users say they do not have an SOC, indicating that many MSS providers serve as an extension of their customers’ in-house teams.

The nature of MSS providers runs the gamut. When asked to categorize their primary MSS provider, respondents most often choose “IT service provider offering security services” (26%). Traditional MSS (20%) is second, followed by managed SIEM (18%). The list also includes some relatively new provider types focused on threat detection and response, such as MDR providers (11%) and SOC-as-a-service providers (8%). Despite the recent trend of product vendors adding security services on top of their platforms, only 5% of respondents select “security product vendor’s service” as their primary MSS provider. Although industry giants Microsoft Corp. and Google launched and acquired security services in 2022, only 2% of respondents say hyperscalers are their primary MSS provider. Other responses include consulting firms, value-added resellers and telcos, underscoring the fact that enterprises have several options when it comes to MSS providers.

Cloud migrations are a major driver for adopting MSS. When asked about primary drivers for using MSS, “securing cloud migrations as capabilities move from on-premises technology stacks” (32%) is the second most chosen option, behind only 24/7 security monitoring. It is worth noting that the 26% of respondents who describe their primary MSS provider as an “IT service provider offering services” are working with vendors that typically provide cloud services such as cloud modernization and ongoing management as well as security services.

Respondents strongly emphasize prevention. When asked about the types of controls they are using from their MSS providers, 55% of respondents select “preventive,” 28% select “reactive” and 18% select “detective.” Among specific services in use, the top two choices — firewall management (43%) and data loss prevention (42%) — are both preventive services.

Want insights on information security delivered to your inbox? Join the 451 Alliance.