Sridhar S. heads the Managed Services businesses of Cloud, Hosting and Security for Tata Communications. He has been in the IT industry for nearly 30 years, and has held several leadership roles in blue-chip companies such as Dell, IBM, Intel and HCL, working across markets such as India, Asia and the US.
In a recent interview with CISO MAG, Sridhar talks about managed security services, its uptake and current trends in the cybersecurity world.
How do you see the uptake for managed security services today, as compared to, say, two years ago?
The Managed Security Services (MSS) market is maturing and witnessing a wide-scale adoption. A report concluded that the global MSS market is expected to reach USD 64.73 billion by 2025, growing at a CAGR of 15.2%, primarily driven by increased digitisation and the expanding landscape of sophisticated cyberattacks using advanced technologies. The need for enterprises to move beyond simply protecting a fast-vanishing perimeter is evident and CISOs of this era recognise the urgency to protect a growing digital infrastructure that is global, scalable, dynamic, and mobile.
Further, with the COVID-19 pandemic accentuating the need to enable anytime, anywhere monitoring of remote workers and their endpoints, organisations are increasingly seeking next-generation security capabilities which focus on securing the edge. Organizations are now looking to augment their security operations with the help of latest threat intelligence that provides the right quality and context, Artificial Intelligence (AI)/Machine Learning (ML) and user and entity behaviour analytics (UEBA) capabilities, next generation security analytics and managed detection and response (MDR) capabilities.
Amidst this, the perennial problem of skills playing catch-up with technology and shortage of security specialists continue to accelerate the development of the MSS market. While in-house teams are essential for day-to-day security operations, MSSPs are complementing organisations’ initiatives and helping them build specialisation and effectively deliver services to help organisations reduce their dependency on in-house specialists.
The growth of MSS has increased further as organisations add newer cloud security solutions with the increase in their cloud footprint. This further complicates the process of managing multiple standalone and discrete technologies forcing organizations to look at a more comprehensive security operations management processes and governance to help them through their security journey – from design to deployment to management.
From which types of businesses (small, medium, large) do you see the maximum uptake for outsourced security services? (Nearly half of all cyberattacks in the U.S. target SMBs).
With enterprises across sectors establishing their digital future on advanced platforms, more and more companies are now considering outsourcing their security services. After being driven by large enterprises for decades, the MSS market is witnessing an increasing demand from Small and Medium Enterprises (SMEs), who are now sensing an escalated threat environment.
Today, the global demand for MSS is largely driven by SMEs, as their limited awareness and financial constraints make them an easy target for cybercriminals. A recent report notes that 43% of all cyberattacks worldwide are aimed at SMEs.
On the other hand, larger organisations are more dynamic and complex and require fully secured access points. While these organisations generate a significant share of demand and dominate the market, verticals, such as Banking, Financial Services and Insurance (BFSI) and Information Technology (IT) and Information Technology Enabled Services (ITeS) are top spenders followed by Oil and Gas, Utilities, Retail and Logistics.
What is driving demand for managed security services? Can you list the factors as per the company segments (as listed in the previous point)?
Today, most enterprises are embracing the cloud first approach, which is driving the adoption of Managed Security Services (MSS), IoT and AI across segments. Add to that, the Government of India’s push for digitalisation and data security, has added greater urgency to focus on aligning with global standards.
On one hand, larger organisations, who are in different stages of upgrading their technologies, are adding more analytics. Their multiple operations and processes accompanied by humongous data flow make it challenging to monitor and ensure security of all their endpoints. These open-ended gaps and vulnerable servers invite hackers to access data without having to even break in. So, organizations are increasingly focused on users and user authentication making end point detection and response a key tool in security tool repertoire. In addition, as pointed out previously, businesses that already have a SOC are looking at introducing automation and newer security technologies that leverage Artificial Intelligence (AI)/Machine Learning (ML) and next generation security analytics. Also, with an ever-increasing cloud footprint, there is a growing need to deploy the right cloud security solution which could be a combination of Cloud Access Security Broker (CASB) with Cloud Security Posture Management (CSPM) – along with the native cloud security tools provided by the Cloud Service Providers (CSPs).
SMEs, on the other hand, can leapfrog and leverage the cloud and remote business models. Disparate technologies and products in the enterprise environment that often fail to enable a unified control and execution model for comprehensive security are the key drivers for increased demand for MSS in the segment. Additionally, lack of visibility, control, and compliance in a hybrid environment, security posture, readiness to respond to breaches, and risk management capabilities are further driving the demand of MSS.
However, all organisations, irrespective of their size, are rapidly heading towards digitisation and realising the need for a preventive cybersecurity strategy. Growing complexities of malware attacks globally continue to trigger adoption of security services. Shortage of skilled in-house cybersecurity professionals is one of the major drivers for enterprises to extend their responsibility of building a reliable security framework. Moreover, increased cases of employees and insiders of the business organisation attempting to leak confidential and sensitive data has led businesses to adopt the managed cybersecurity services and solutions significantly.
What type of services are in demand? Why?
There are several types of MSS and their deployment varies depending on the organisational need. While traditional defences, such as firewalls, Intrusion Detection Systems/ Intrusion Prevention Systems and antivirus software are a must-have, organisations are opting for a layered approach to security. One such approach is threat management, which has seen a rapid increase in demand globally. Threat management facilitates proactive identification of threats and enables faster detection with AI and ML powered comprehensive threat indicator scoring methodologies, such as real-time monitoring of the deep and dark web, social media, and underground forms for specific threat intelligence monitoring. User and Entity Behaviour Analytics for analysing deviations from usual user patterns to highlight anomalies, and forensics are also in great demand.
Next, the adoption of multi-factor authentication as a managed service has also augmented recently. A report found that the Multi-factor Authentication market, which was valued at $9.17 billion in 2019, would grow at a CAGR of 15.2 and reach $21.44 billion by 2025. The cloud-based delivery model enables businesses to implement an additional security layer that verifies the legitimacy of a transaction and secures access to corporate networks. The rise of enterprise trends, such as bring your own device (BYOD), increased use of cloud-based services and network-based application deployment, makes added user authentication measures vital – especially within industries such as e-commerce and banking. We are also witnessing an increased popularity for Vulnerability Management Services (VMS) that enables discovery, policy creation, scanning, reporting and remediation workflows to quickly and accurately identify and remediate security vulnerabilities. VMS is preferred as it an on-demand service that includes four-service levels to meet unique requirements of large-scale global enterprises as well as small and remote offices.
Lastly, with growing cloud adoption the need for CSPM solutions is also growing. CSPM helps respond to the growing need to correctly configure public cloud infrastructure. This is because cloud misconfigurations continue to be a prevalent source of security risk across organizations.
There is more automation and intelligence coming into these services. Can you please elaborate on the threat intelligent services, automatic threat hunting and incident response?
The relentless attacks on IT networks and systems make it critical for organisations to find new ways to recognise, hunt and respond to cyberthreats. End-point detection and response (EDR) is one such solution, which integrates real-time monitoring and collection of end-point data from users, servers and infrastructure with automated response and analysis capabilities. Threat intelligence services help increase the effectiveness of EDR solutions by providing superior context about emerging or ongoing threats, thereby increasing an EDR’s ability to identify exploits. Automating the steps in an investigative process by leveraging AI and machine learning helps take the effectiveness to another level.
Secondly, Automation and orchestration (SOAR) capabilities are essential for security teams to scale and respond to incidents quickly. Automating security processes can enable more efficient use of security staff, enable teams to investigate more (if not all) alerts, improve effectiveness and efficiency of detection and response, and enable better decision-making.
When deployed collectively, threat intelligent services, automatic threat hunting and incident response facilitate real-time threat detection, prioritisation, and rich and actionable insights to guide further investigations – helping security teams to quickly identify and respond to threats.
We see a trend of increasing attacks on Managed Security Service Providers. What steps should MSSPs take to protect their infrastructure and their client’s infrastructure that they manage?
In today’s digital economy, security is not something that businesses deploy and set aside. As the digital scenario evolves, security needs continuous management and MSSPs need to look at data and information across its lifecycle across environments and deliver security for the cloud and from the cloud to global enterprises. They also need to keep in mind the ever-changing security landscape and deploy a security infrastructure that boasts strong competencies in cloud security, data security and privacy, risk and compliance, and identity and threat management. At the same time, service providers need to ensure that their approach is supported by analytics to predict cyberattacks and ensure network and infrastructure security, intelligence, scalability, and flexibility demanded by today’s businesses. Lastly, MSSPs need to ensure that they constantly support their customers and bring these offerings as a 24×7 service to help businesses fight cyberthreats.
How do you see MSS and MSSPs evolving in the future?
In a connected world, businesses are vulnerable to a range of evolving threats like never before. As organisations increasingly migrate to the cloud and adopt IoT devices, the horizons for threat landscape are growing larger and more complex.
This has triggered organisations to rapidly opt for a partner, who can help them break out of this cyber-siege and provide them with the necessary intelligence to protect all the elements of the business’s architecture. MSSPs, on the other hand, will increasingly combine the power of analytics, cutting-edge technologies and deep knowledge of data environment to offer businesses early warnings and actionable advice on globally emerging threats. Further, as MSS market matures, service providers would widen their offerings and include specialised technologies to lock up the systems we rely on most – the Operational Technology (OT). As more organisations adopt Software-and-Infrastructure-as-a-Service (SaaS and IaaS), OT will help MSSPs address a wide range of needs and move up the value chain.
Additionally, as regulators tighten data security laws, businesses will turn to a managed service provider that offers data privacy and can help the business with its compliance requirements, right from identifying and remediating risks, to providing end-user training and necessary documentation. MSSPs will also continue to emerge as important channel partners that allow the product vendors to propose more effective monitoring and management as adjuncts to their technology products.