According to our sixth annual CISO survey, highlights of which are summarized in our 2020 CISO Benchmark Report, 46% of respondents declare having more than 41% of their organization’s security already fully managed by third-party vendors; albeit with some wide variations between countries, topped by the more mature countries like the UK (49%), Germany (46%) or the APAC region (58%). Security Managed Services are a huge market opportunity for channel partners. Here are some of the key opportunities for partners that were highlighted at Security Partner Day, Cisco Live EMEAR.

1. Address the next wave of cyber threats and your customers’ cybersecurity fatigue

We asked our customers about the reasons behind their choice to include a cloud-based security service from a service provider: the first answer is not about cost, not even shortage of internal IT security resources. It is about reducing the complexity of integrating multiple cybersecurity vendors. Because even if cybersecurity platforms evolve in response to the need for simplification and the consolidation of cybersecurity players’ landscape, the overall size of the ecosystem will continue to grow.

That is what Matthew Ball, Principal Analyst at Canalys confirmed when taking to the stage of Security Partner Day, at Cisco Live EMEAR. The Analyst firm estimates the number of security active suppliers at over 2,500, most of which are private companies. Each year around 180 companies emerge, whilst 150 are consolidated through mergers and acquisitions. So now is the time for you to re-evaluate your customers’ current infrastructure, to better understand how their cybersecurity solutions interact with one another, and to assess their challenge, whether technological (performance), operational (integration) or organizational (resources and skills). Especially as the 2020 the threat landscape is wider and more diverse than ever before.

The number of breaches and records lost shows no sign of slowing down

A few years’ back, everything we talked about was stealing personal data. Now we see financial hacking that targets accounting, procurement and HR departments, or operations in the manufacturing or healthcare industry. Two months ago, an attack partially incapacitated the production of Picanol, a textile multinational, hitting plants in Belgium, Romania and China. Entire countries saw their population datasets compromised. Earlier in 2019, more than 20 million user records were leaked in Ecuador, including personal data on most citizens, including their family trees and children. According to Canalys, the number of records compromised in 2019 exceeded the last 5 years combined.

This picture comes with a huge opportunity for you: your customers need your help to address their new cybersecurity fatigue. According to our latest Cisco 2020 CISO Benchmark Report, 42% of respondents are already suffering from cybersecurity fatigue. It basically means they have given up trying to stay ahead of malicious threats and actors. And working in a multivendor environment contributes to this cybersecurity fatigue. According to our sixth annual CISO survey, only 53% of global respondents estimate that their technical security controls in systems and networks are well managed.

Cybersecurity breaches increasing in frequency and scale. Number of reported breaches and records lost 2020 - Canalys Cisco

2. Offer better consumption models for customers and grow predictable revenues

We often talk about win-wins in the industry, and Security Managed Services definitely are. If CapEx spendings still dominate the IT industry, the change is here. Your customers are more likely to prefer to purchase IT as pay-as-you-go OpEx scaled to their actual needs, rather than significant CapEx for what might well remain unused capacity. And you should not see this as new complexities but as a fantastic opportunity to grow new streams of revenues, both profitable and predictable.

Our Security Management Platform is here to help you build and manage simple and cost-effective security business. This virtualized management and orchestration platform is “SP-Ready” as we built it from the ground up to meet all of your requirements: multi tenancy, open platform and APIS, one touch provisioning or easy plugin into pricing and automated billing system. You told us this was important, so we included it into our offering.

According to Canalys, annual contracts with monthly payments is currently the most important payment model for partners, peaking at 27%. The models are diverse and, in a multicloud environment where your customers can consume services in minutes, the logic is they are also considering other options like pay-as-you-go or prepaid. Within a three-year timeframe, multi-year contracts with monthly payments will become the most important payment model for partners. This will come with a better understanding of your customers’ needs and the opportunity to engage more, whether to increase the value of a contract or to add new services.

Security Managed Services: What's Now and What's Next? - Security Partner Day, Cisco Live EMEAR
Security Managed Services: What’s now and what’s next? – Watch recordings from Security Partner Day, Cisco Live EMEAR

3. Buy as simply as you sell with our Managed Security License Agreement (MSLA)

To sell software allows you to be more flexible in how you deliver services. You can build services based on multi-tenant, cloud-based solutions to maximize margins, or co-deliver or resell solutions to accelerate time to market. To better align, we decided to be more flexible in how we license our software solutions. Our Managed Security License Agreement (MSLA) is a sell-through buying program that allows you to buy Cisco software in a manner that is in line with how you sell, including our Security Management Platform.

As service providers, you are the ultimate owner of those licenses. As reminded by Ted Donat and Marc Inderhees during Security Partner Day, you can either stand up licenses or take them down and only pay for the licenses that you are using at any given time. If you don’t want to make a huge upfront investment in security, this is the perfect vehicle as you are not investing a lot of CapEx upfront. And we are sharing the risk with you. This gives you the opportunity to slowly ramp up at your pace and not to pay for anything you are not using. For some partners, buying licenses upfront and looking at our other license capabilities may make sense to take advantage of associated discounts.

Manage it myself, Manage it together or Manage it for me?

If you are starting this journey and are looking for a turnkey solution; if you don’t have the personnel or just can’t invest in having them become experts on Cisco technologies, you can simply leverage our Managed Detection and Response Service from Cisco Managed Services to get into the market quickly. We will manage the SOC solution for you, and you provide the incident response capability and professional services on top. So basically, you will leave us the day to day management wrapped up in your own value and capabilities. Overtime, if you are willing to take a more active role, you can move to a joint or independent approach: Manage Together, Manage It Myself.

Security Managed Services: Additional Resources