Ovum Decision Matrix: Selecting a Global Telco Managed Security Services Provider

(1)

Ovum Decision Matrix: Selecting a Global Telco Managed Security Services Provider (TE007-000800) 17 Sep 2014

Ovum Decision Matrix: Selecting

a Global Telco Managed

Security Services Provider

Moving from network-centric security to the broader IT security

suite

Reference Code: TE007-000800 Publication Date: 17 Sep 2014 Author: Mike Sapien

SUMMARY

Catalyst

The major systems integrators (SIs), IT providers, and carriers have dramatically increased their investment and interest in managed security services, and security vendors are rapidly introducing new products to arm these providers. There is growing demand for such services from enterprise customers that are struggling with growing security threats and breaches, and overall risk. Ovum has reviewed six carriers' global managed security services portfolios with the aim of providing insight into managed security services trends, focusing on telco-led managed security service provider (MSSP) challenges and opportunities.

Ovum view

Global carriers have been offering managed security services for many years; historically these services have been very network-centric. Carriers started with security services by way of the network (e.g., WAN and Internet service security), and then added more security services as they became significant Internet service providers (ISPs). Managed security services have expanded into many of the carriers' different service areas, including private network, Internet, mobile, and web services, and are now expanding into many of their new cloud-based and IT services. Carriers can now also leverage their cloud, internal IT, and network assets to expand their services and skills as global MSSPs. All the carriers Ovum analyzed for this report stated that they will continue to make investments, recruit outside talent, and rely on strategic partnerships to develop their managed security services portfolios and security expertise. Security now cuts across many different enterprise services, going well beyond the network and defend-the-edge (perimeter) approaches. Owning the network and having visibility of network traffic provides a distinct advantage for telco MSSPs. With the ongoing digitization of consumer and corporate life and

(2)

functions, ever more people and devices will depend on connectivity, which will make network ownership and related traffic visibility an even more compelling advantage. Managed security services have

become a major opportunity, with the prospect of double-digit growth in revenues. After all, security is a required element of every enterprise service. Ovum's global service contracts analysis shows that managed security services are approaching 10% of the total value of the large global deals signed recently.

There is increasing demand for managed security services, and we expect further growth in demand from enterprise customers that are frustrated with the increasing cost and complexity of securing IT and networks. Enterprise customers need help with responding to new threats, managing multiple security solutions, and analyzing disparate security information that still keeps them open to breaches. Threat management, cybersecurity, and analytics are now being added into the solution mix so that enterprises can attain the appropriate security level, and MSSPs need to strengthen their capabilities in these areas. It is still early days, but enterprises are starting to supplement historical defensive security measures with new preventative, real-time, automated measures to defend against, predict, and remediate security incidents faster and with more accuracy. Carriers are already in the game, but will need to make the right investments, pick the right partners, speed internal development, and integrate new security services to stay relevant and become trusted advisors and successful MSSPs.

Key findings

 Telcos are global ISPs and IP backbone providers. They already see and manage high volumes of security incidents, breaches, malware, and hackers.

 Managed security services is already a large services revenue stream for telco-led MSSPs.

 MSSPs addressing the enterprise market have high potential for growth.

 Security is and will remain one of the critical requirements for enterprise customers of all sizes, and must be an integral part of any managed network and IT service now.

 Managed security services are extending beyond perimeter solutions to include more complex core solutions that lend themselves to both network- and cloud-based platforms.

 New security solutions are emerging that will supplement but not necessarily replace perimeter solutions.

 The increasing complexity and breadth of security services beyond devices means that number of managed devices, total revenues, and total number of customers are no longer good metrics for judging MSSPs’ capabilities, qualifications, or skills.

 Owning the network is strategically important, but carriers need to parlay this ownership into security tactics, services, and management that demonstrate and validate its importance. Enterprise customers need to see that network ownership leads to security solutions that are more relevant than those of MSSPs that do not own the network.

 Security is going through a wave of change. Many legacy vendors are being challenged by new architectures and emerging players, and by the move to cloud-based offers, centralized

(3)

Recommendations for telco-led MSSPs

 Consolidate and integrate managed security services efforts and resources to maximize investment, encourage collaboration across the different internal work groups, and create the most comprehensive offer.

 Leverage the security tactics, security knowledgebase, and expertise inherent in being a tier-1 ISP.

 Integrate mobile security as part of the larger managed security services portfolio.

 Promote existing large security contracts, including government security contracts that can be leveraged with commercial offerings.

 Make internal IT security investments part of commercial managed security services offers.

 Ensure you operate at the CIO or chief information security officer (CISO) level for any engagement on managed security services.

 Utilize your strategic security vendors for sales, promotions, and market development activities, as well as product development.

 Make managed security services a top priority for investment; focus on outside hiring and internal skills development in addition to strategic vendor partnerships and alliances.

Recommendations for enterprise customers

 Ensure that you have your security service inventory, access, and requirements well documented prior to engaging with third parties or MSSPs.

 Verify your current spend and planned budget for security services today and for the next three years.

 Prioritize your current security service requirements, with a strong focus on the business impact and infrastructure that you believe is the most vulnerable.

 Assess your interest in and need for cybersecurity and threat management; these have become critical new areas for security within the enterprise.

 Identify security service gaps and corporate willingness to jointly source (internal staff with external MSSP resources) or collaborate on security infrastructure.

VENDOR SOLUTION SELECTION

Inclusion criteria

Ovum chose the service providers profiled here because they are the leading global telco-led MSSPs. They have significant installed bases of MNC, large enterprise, or government customers, and offer managed security services with global coverage. The service providers chosen are:

 AT&T

 BT

(4)

 Telefonica

 T-Systems

 Verizon Enterprise Services (Verizon).

Exclusion criteria

Several telco service providers have strong managed security service offerings but not the total MSSP portfolio or global reach. For example, CenturyLink/Savvis has strong capabilities but does not have the global coverage or full MSSP portfolio. Others that have been excluded may still have a significant installed base of customers in a few regions, including strong capabilities in their home markets, but no significant global coverage.

SIs and IT-based MSSPs were excluded from this report, but will feature in a future Ovum study.

Methodology

Portfolio assessment

This assessment dimension covers the features and functionality that differentiate the leading solutions in the marketplace. The criteria for managed security services are:

 Breadth: the complete range of services in the managed security services portfolio that addresses global large enterprise needs.

 Integration: how well the various elements of the managed security services portfolio are aligned and integrated within the overall telco MSSP offer.

 Partners: the number of major partnerships with security vendors to support and expand the managed security services portfolio.

 Road map: the robustness of the managed security services portfolio road map and its alignment with each MSSP’s current portfolio.

Vision

This dimension covers the capability of the solution across the following key areas:

 Strategy: the strength and completeness of the MSSP’s strategy at a company level and its alignment across all global managed enterprise services.

 Road map: the alignment of the road map with the MSSP’s stated vision and the related long-term investment in and commitment to new security services, alliances, and service innovation.

 Vendor involvement: the level of engagement with security vendors and consortia relationships that go beyond the resale of security products and services; this includes joint development, creating security standards, or security collaboration efforts (e.g., cybersecurity).

Execution

(5)

 Customers: the existing total number of customers, the number of significant large enterprise customers, and the range of global enterprise customers beyond the telco MSSP’s home territory.

 Revenues: an estimate of the total annual revenue amount and a breakdown of revenues from the five major global regions.

 Growth: the estimated current annual growth and shared growth objective for the carriers’ managed security services.

 Coverage: the ability to provide global managed security services with regional staff to support customer requirements (sales, professional services, and operations) in all major region of the world.

Ovum ratings

 Market leader: The service providers in this category are those that we believe are worthy of a place on most MSSP selection shortlists. They have established commanding market positions with products and solutions that are widely accepted as best-of-breed and that have been deployed globally.

 Market challenger: Service providers in this category have good market positions and are selling and marketing their solutions and services globally. They offer competitive managed security offers and have limited global coverage with strong pan-regional support. These providers should be considered in specific regions.

 Emerging provider: Service providers in this category typically aim to meet the requirements of particular types of customer or have strengths and coverage in some, but not all, major global regions. As tier-1 providers they should be considered as part of any selection.

MARKET AND SOLUTION ANALYSIS

The telco as MSSP

The history of WAN

For years, carriers have provided managed security services with a network-centric approach and with a “protect the edge” strategy. This approach, which incorporates firewalls and intrusion detection services (IPS), was very common among MSSPs – the perimeter defense approach was historically successful in protecting the various sites and private networks within the enterprise. Security for Internet, web, and email services was added to this perimeter approach, typically by including another security appliance for each new service.

Carriers have a large base of security customers using a network-centric service model. Managing additional appliances was a natural extension to managing the WAN services of corporate private data networks. Telco MSSPs now need to move beyond the network-centric, perimeter approach and supplement their managed security services portfolio with security services that are centralized (within the enterprise core infrastructure). Centralized services can be provided using hosting and cloud platforms, which are now part of most carriers' infrastructure.

(6)

Telcos' current position and fit

Carriers have increased their security offerings as they have expanded from the private networks and basic layer-1 network services to higher-layer services (Internet and Ethernet) and advanced managed services (web hosting, email, business applications). Carriers now have the opportunity to provide additional managed security services for private, hybrid, or public cloud services. Network services will continue to be part of the solution stack for different cloud deployment models, and security will be an integral part of connecting cloud services.

Telcos are not known for IT services such as infrastructure management, business process outsourcing, or application development. However, given their strong experience in network security and as global IP providers and large ISP players, many enterprise customers will have some confidence in telco MSSP offers. Investment in staffing, strategic partnerships, internal development, and planning will be required to broaden the managed security services portfolio and increase customer confidence. If carriers can speed the development of security expertise and managed security services while centralizing and consolidating their security investments they have a strong chance of becoming trusted security advisors to the MNC and large-enterprise market.

The opportunity comes with challenges

Telcos do have some hurdles to overcome. Recent Ovum enterprise research suggests that carriers are not the first option for customers seeking security services or advanced threat protection. IT vendors, SIs, IT value-added resellers, and security tools vendors are the providers that enterprise customers usually mention with regard to managed security services. In addition, carriers' traditional customer contacts are not the CIOs or CISOs of large enterprises. Telcos have made some progress on the strength of providing security for global networks, complex managed hosting, and growing cloud services. Nevertheless, they have work to do in getting brand and industry recognition as qualified MSSPs and security experts.

The move beyond network- and perimeter-based security

Most telcos started their managed security services with protecting the network and defending the edge of the network. This was a great approach 10 years ago; early security services were heavily dependent on defending the edge and protecting access to the corporation's remote sites. Typical early managed security service offers were aligned with router vendors such as Cisco and Juniper for customers connected to the telco's own network. The solutions were subsequently enhanced with security appliances to handle new functions (email filtering, Internet access, web traffic), which increased the security at the perimeter and also increased carriers' share of wallet. Then vendors such as Riverbed Technologies were added to provide enhanced features, including WAN optimization with centralized management, and additional services beyond security.

Now carriers need to move beyond the edge and appliance approaches to include broader managed security services for enterprise IT core resources, including data center and enterprise applications. Cloud security is another emerging opportunity as telcos become both cloud service providers and

(7)

network brokers for cloud services. Mobile security is another growing opportunity, with the use of mobile operators' internal capabilities combined with cloud services.

Distinct opportunities in the large enterprise and SME markets Large enterprises with global needs

For this report, Ovum asked key carriers to provide details of their managed security services for MNCs and large enterprises with global requirements. Telco MSSPs are currently making major investments to address the needs of this segment. Growth in managed security services appears to be very high (double-digit).

The SME security market is a unique and separate opportunity

Although this report focuses on the large enterprise and MNC segment, many carriers and security vendors mentioned that they also intend to move down-market with some or all of their managed security service offers. With the increasing use of cloud both as a security platform and a delivery mechanism for security tools and services, carriers are looking to add security options within managed SME service bundles.

Ovum believes that telcos can address the SME market with managed security services. They could easily offer SME bundles with optional security services on a trial basis, for example, to drive a high adoption rate with very cost-effective infrastructure. Managed security services and security resources from the large enterprise efforts can also enable sales down market. The SME and mid-market segments may eventually be a larger market opportunity for telco MSSPs than the Fortune 1000 enterprise market. Many SME solutions or security features within service bundles will likely be simplified or downgraded large-enterprise security solutions.

Managed security services trends

Enterprise customers are overwhelmed

Enterprise customers are increasingly seeking external help in addressing their security requirements. Customers may differ in their specific needs, but they all confirm that security is rising in importance and that it is becoming harder to attain the necessary security staffing and skills for their businesses. They need threat management (including remediation) services, security operations center (SOC) support, and security intelligence (analytics) to develop proactive security tactics.

Customers are also looking for guidance on new attacks and preventative measures. Demand for managed security services is growing, complexity is increasing, and enterprise customers are looking outside for professional, experienced assistance. This demand is not usually for total outsourcing or security information and event management (SIEM) platforms, but rather for a form of joint or co-sourcing to enhance what the customer is doing today.

(8)

Gone are the days of providing managed security services that were limited to reacting to security violations and breaches. And just establishing an SIEM platform for a customer is not enough to qualify as an MSSP. Customers are now demanding new security methods that go beyond just reactive remediation services based on security violations. Most are in a position to manage reactive security programs – they are looking for managed services, expertise, and intelligence that starts to overlay or complement security programs with proactive and predictive actions, automatic policies, and

recommended actions based on specific criteria, behaviors, or known patterns.

Defending the edge plus core infrastructure techniques

Perimeter security has historically been critical to corporate security – and it remains so. However, security services need to be enhanced and supplemented with additional security methods, including tools within the corporate core IT and network infrastructure. It is not a case of one model replacing the other; rather, both models are required to attain the best security position.

Moving to new technology: cloud, network, and IT infrastructure Two dimensions of cloud

Ovum found that that cloud services were a major topic for discussion during the recent US RSA security conference, in MSSP interviews and at multiple security vendor briefings. And in most of these

discussions, cloud services were discussed from two different perspectives. First, MSSPs and security vendors were developing new security offerings, enhancing existing security offers or migrating legacy security solutions to cloud-based platforms for delivery "as a service."

The other aspect of cloud services was the addition of new security services to managed security

services portfolios. These are intended to provide the required security for enterprise customers planning to use cloud services. As IT service consumption moves to the cloud and providers start to deploy new cloud services, it is a natural extension to add the security services that are required for the use of cloud services. The challenge becomes more complex as customers demand a mix of private, public, and hybrid implementations between different vendors of software, network, and cloud resources.

Maintaining and improving security during corporate infrastructure transitions

As enterprise customers transform their IT and network infrastructure, they need to address concerns around security. The transformations go beyond moving to cloud services, replacing network providers, or replacing IT hardware vendors. Whenever customers make plans to replace or refresh major

components of their corporate infrastructure, maintaining and improving security is central to making the transition smoothly and successfully.

Cybersecurity with analytics and intelligence

Managed security services are now expanding to include cybersecurity services that cut across and impact the entire security service portfolio. Cybersecurity is developing into a new service module within managed security services and will quickly become a horizontal capability deployed across each MSSP’s

(9)

full service model. Such services will have to go beyond security breach verification and identification. MSSPs will be required to advise customers on security attacks and add some degree of analysis (to create predictive modeling) or policy (to prevent future attacks). Big Data is a subject in its own right, but the early indications are that cybersecurity investment and related service development will feed into security best practices, analytics across the managed security services portfolio, and intelligence. This will create security policies that quickly and automatically isolate and remediate security outbreaks.

Strategic partnerships: new players, fewer partners, joint development

Major MSSPs and security vendors are increasing their use of strategic partnerships, leading to longer-term commitments and investments in joint development. In some cases, MSSPs are reassessing their security vendor line up and starting to prioritize strategic relationships and reduce the number of

standard vendor relationships. All MSSPs have some relationship with a major SIEM vendor, and usually some experience with a number of them in providing legacy security services.

At the same time, new and different security vendors (e.g., FireEye, Bit9, CipherCloud) are emerging as next-generation security vendors, many leveraging cloud platforms or security analytics. For example, AT&T recently announced partnerships with IBM to enhance its threat-management portfolio; it separately announced a new service based on Blue Coat’s cloud security offering. Such strategic partnerships, along with joint developments, internal developments, and the overall increasing use of security analytics should provide differentiation among the various MSSPs going after the large enterprise market.

Threat management's “three Rs” – readiness, response, remediation

Remediation has been added to the “two Rs,” with a dash of analytics. Threat management has been part of many MSSP service portfolios, but the new part of the service is the addition of remediation, which is a critical part of a comprehensive threat management service in a managed security services portfolio. Remediation goes beyond just the identification and isolation of a security threat; it includes creating preventative measures and tactics to stop future similar threats. Many security vendors and MSSPs have added or plan to add major investments to provide remediation services as extensions of their existing threat management services. Again, cybersecurity is an integral part of the new threat management services, but analytics is the new ingredient. Cybersecurity efforts that provide security analytics are now part of the supply chain, providing the intelligence required for proper threat management and remediation.

(10)

Ovum Decision Matrix: telco managed security services

Figure 1: Ovum's view of telcos as global MSSPs

Source: Ovum

Table 1: Ovum Decision Matrix: telco managed security services

Market leaders Market challengers Emerging provider AT&T BT Verizon Orange T-Systems Telefonica Source: Ovum Telco MSSP comparison Overview

When assessing these telcos’ managed security services portfolios, Ovum took into consideration the global capability, current success (revenues and customers), vision, and strategies of each carrier as a global MSSP. AT&T, BT, and Verizon are clear market leaders as global MSSPs. T-Systems is a market challenger, with a smaller base of managed security services business and a strong focus on Europe as

(11)

its primary region. Orange Business Services is also a market challenger, with a strong base of

customers, an expanding product portfolio, and some limitations in its global coverage. Telefonica is an emerging provider, with some product gaps, geographic gaps in coverage, and a developing vision as a global MSSP. It is strong in Europe and Latin America, but lacks coverage and support in North America and Asia-Pacific.

All six carriers have global capabilities and customers, but they vary in the overall maturity and breadth of their product portfolios, the size of their customer bases, the scale of their revenues, and the extent of their global capabilities. All have room for improvement; all of their future services and road map items are still works in progress, and many are based on recent announcements and partnerships that still need to bear fruit.

Portfolio

Figure 2 shows Ovum's view of the managed security service reference portfolio. It is based on our findings from discussions with security vendors, our ongoing research on MSSPs in general, and the research completed specifically for this report. The portfolio represents the broad set of services that MSSPs are attempting to offer to large enterprise customers.

Ovum used this framework to gauge the breadth of the carriers' portfolios. Our assessment also included a review of the integration of each carrier’s security service pillars, security vendor relationships, security industry involvement, and road map. None of the carriers had all elements of the portfolio, and some service elements were either road map items or in development.

Figure 2: Ovum's managed security services reference portfolio

(12)

Source: Ovum Vision

Ovum assessed each telco’s strategy and vision for managed security services. We also researched overall trends and the direction taken by key security vendors to validate our view on the appropriate strategic direction and vision for MSSPs in today's market. We took into account the carriers’ involvement with security industry vendors and related forums. This analysis formed the basis of our assessment of each carrier's current strategy and future vision, including their road maps and work-in-progress items.

(13)

Source: Ovum Execution

Each carrier provided detail about its current managed security services, existing customers, current revenues (or estimated ranges), and expected growth. Some of this information was provided to Ovum under non-disclosure agreements and cannot be published, but we were able to assess their existing revenues, their estimated number of customers, the level of their business, and their scale as a global MSSP. We also considered global capability under this category.

(14)

Source: Ovum

A note on global capability

Every carrier included in this report has some degree of global coverage in terms of managed security services for large enterprise customers. Just as the carriers have been able to provide WAN services to these customers globally, so they can include additional security services. But providing global managed security services support for MNC and large-enterprise customers includes offering pre-sale, sales, and technical support, as well as post-sale, account management, and ongoing maintenance support – and doing so across all the major regions of the world. Offering comprehensive global support means having SOCs in major regions and making regional and professional services staff available for managed security services. Ovum used the survey responses and interviews with the carriers to determine the carriers’ levels of global capability and support.

Shortlisting providers: a view from the enterprise

Geographic/regional guidance

All six carriers in this report provide some degree of global coverage, but all have particular strengths in their home regions and countries. AT&T and Verizon are strong in the US; BT and T-Systems are strong in Europe. Orange is strong in EMEA; Telefonica is strong in Europe and Latin America. Customers need to consider these regional strengths when assessing MSSP vendors.

Procurement, responsibility, and scope guidance

Managed security services are becoming more critical for all MNC and large enterprise customers. They need additional support due to the growing level of threat, the complexity of intrusions, and the

(15)

increased level of risk, while also balancing internal and third-party resources to ensure sufficient security measures and policies are in place.

Security will always be critical – customers must place a high priority on protecting their IT assets and also the corporate brand. MSSPs provide additional support, knowledge, resources, and skills, but the CISO is ultimately responsible. Ovum therefore does not believe that security can be completely outsourced. Customers will need to have the primary responsibility, but they can lean on security vendors such as MSSPs for complementary services and expertise. Each customer will need to determine the balance of internal and external resource that is appropriate for them.

SERVICE PROVIDER ANALYSIS

AT&T

Figure 6: AT&T’s global managed security services portfolio

Source: AT&T

Managed security services overview

AT&T's managed services portfolio includes five main pillars, with consulting as an overlay to them all. Although much of its security services have historically been network-centric and premise-based, AT&T is expanding into cloud-based offers and adding more services to its security portfolio. Managed security services form a major element of AT&T's enterprise services portfolio. Its revenues, customer base, growth rate, investment, global expansion, and current customer demand are all sizable. Earlier in 2014

(16)

the carrier announced an alliance with IBM that will focus on joint development around threat management and analytics.

Threat management

AT&T’s Security Event and Threat Analysis, Internet Protect, DDoS Defense, and Private Intranet Protect services are all part of the threat management service pillar of its managed security services portfolio. Today the carrier’s threat management is very network-centric, but its road map suggests that this service will become a core, centralized offer. It will cover corporate data center infrastructure and IT elements within the enterprise. With its IBM alliance centered on threat management and analysis, AT&T's capabilities in this area should expand to include cybersecurity features and analytics that can feed into other parts of its managed security service portfolio.

Mobile security

AT&T's position in global mobile services and enterprise mobility programs means that mobile security is a natural extension to its managed security services. Device management with antivirus/malware

protection, network security options, and SSL services are included in mobile security. AT&T's mobile device management programs have these mobile security elements as standard options for its

customers and include support for cross-carrier environments beyond AT&T's own mobile network. AT&T is also integrating managed security into its Toggle enterprise mobility program.

Network-based security

Secure network gateways, network-based firewalls, secure email gateways, and web security are all part of AT&T's network-based security services pillar. AT&T has provided these services for many years, and provides such support for many of its large enterprise customers. Customers have a confidence in AT&T's ability to offer and support these security services.

Identity management

AT&T offers its enterprise customers many identity management options, including multi-factor authentication and single-sign-on solutions.

Premise-based security

In addition to network-based security, AT&T has for many years offered premise-based firewall, intrusion detection system (IDS), and application security options to its customers as part of its managed security services portfolio.

Consulting

Along with general security assessments, AT&T offers support for governance, risk, compliance, and payment card industry (PCI) assessments, as well as cloud and mobility security consulting.

(17)

AT&T’s position as a global security provider is based on its network-enabled services, secure mobile business services, cloud-based services, and threat management offering. It is a US-centric security player with a strong focus on serving those of its domestic MNC customers that require global reach. It competes with the large MSSPs, including both IT and telecoms vendors.

AT&T’s position as one of the largest global ISPs, broadband providers, and IP network operators gives it credibility in delivering managed security services. It gains first-hand insight and visibility into the many security attacks, malware attacks, and breaches that occur within its customer base over these networks.

Strategic security assets – staff, partnerships, alliances, and acquisitions

AT&T’s partnerships with IBM and Blue Coat are recent examples of its investment in its managed security services portfolio. The carrier will support joint development that will enhance this portfolio, and it is also adding to its internal skills and resources.

RSA, IBM, Arbor Networks, Cisco, Juniper, and Riverbed are among the strategic vendors of AT&T's managed security services portfolio. Akamai (with Kona Security Services) is another strategic vendor that provides support for AT&T's DDoS and web security service offers.

Road map

AT&T recently announced the Blue Coat security service offering in the US; it plans to expand this cloud-based security service globally in the latter part of 2014. Another major road map item for AT&T will be extended threat management, with its recently announced alliance with IBM. These initiatives are examples of the type of major investments that AT&T is making to provide more robust security offerings and global availability. The carrier is also making the transition to cloud-based security services, and will leverage its internal cloud infrastructure to support these new offerings.

Ovum assessment

AT&T is a major global player in security services and is making significant investments to broaden its managed security services portfolio. It already has a number of contracts in place with large MNC customers in this area. Global reach is one key goal, with global service expansion on the cards. With the exception of Latin America, it already covers the major regions, but the focus of its security support is on US customers. Ovum expects the carrier to continue investing in its security services, with major expansion in the EMEA and Asia-Pacific regions. It may also expand into Latin America in the near future.

AT&T's partnership strategy for security services aligns with its overall strategy to expand its enterprise portfolio. It plans to partner with fewer, larger strategic vendors rather than have many smaller vendors with smaller scale impact. It does not directly define cybersecurity as part of its security service portfolio, but this service will become part of the output from its investment in threat management, especially with the recently announced IBM alliance. AT&T offers managed DDoS and web security services and will continue to extend further into the IT application stack and IT infrastructure, but it will likely acquire these capabilities from its strategic partnerships with SIs and IT security vendors.

(18)

BT

Figure 7: BT’s managed security services global portfolio – Assure

Source: BT

Managed security services overview – BT Assure

BT has been investing in managed security services for many years now. It recently rebranded many of its managed services, including its managed security services portfolio; BT Assure is now the brand for its managed security services portfolio, as depicted in Figure 7. The telco has reorganized its security resources into one central group and is now led by its former CSO. BT has also aligned its security assets and with its regional teams. Although BT's security resources are concentrated in Europe, it has extensive resources in Asia-Pacific and the Americas.

BT Assure Intelligence

Threat monitoring, vulnerability scanning, and analytics are the key elements of the Assure Intelligence services. They provide customers with a comprehensive view of and defense against malicious attacks and security violations. BT Assure Intelligence includes the management of the customer's SIEM on-premise or within BT's security centers or SOCs.

BT Assure Continuity

Assure Continuity provides high availability of the customer's networked IT infrastructure and business continuity management framework. It is focused on network connectivity within the customer's IT infrastructure, and includes DoS services.

(19)

Authentication, identity verification, encrypted email, digital signatures, and public key infrastructure are the key parts of Assure Identity services. BT provides identity and online fraud services to many of its MNC customers globally. It has key accounts in the UK, Australia, and Latin America. URU (you are you) is also part of this service pillar and is offered to reduce fraud.

BT Assure Managed

Most of the traditional network-centric security offers – managed firewall, managed web, IPS, message (email) scanning – are included in Assure Managed. It also has cloud versions of some of these services, plus DDoS services.

BT Assure Secure Remote Access

BT offers solutions for remote and mobile access. It supports IPsec and SSL VPNs with multi-factor authentication to provide secure access to corporate resources for “any device, any time” customer requirements.

BT Assure Cyber

Assure Cyber is an overlay service that includes a security assessment and a fully managed security service that incorporates the oversight and management of customers' entire security programs and policies. Cybersecurity services and professional security consulting are part of this premium service.

BT Advise Assure

Professional services, security consulting, and assessment are all part of BT's Advise Assure program. This is not meant to be stand-alone offer so much as a professional service aligned with BT’s security service portfolio for its MNC customer base.

Go-to-market approach and positioning

BT focuses on MNCs and larger enterprise customers with global requirements in all the major regions of the world. Its offer is meant for sophisticated enterprise customers that are looking for help getting ahead of the threat curve and managing their growing security threats and issues. BT's goal is to provide an end-to-end service through its consulting capabilities, which are all tied to its WAN and LAN solutions. The integration of security solutions is also part of BT's value proposition. BT has a number of large government contracts (not just in the UK) and large MNC customers, and it can take on most MSSP competitors – even going beyond just the telco-led ones. BT has a strong set of security assets, including skilled staff, global SOCs, and a large MNC customer base. It also has strong vendor relationships. These qualities position BT as one of the major global MSSPs.

Strategic security assets – partnerships, alliances and acquisitions

BT made one of the first strategic security vendor acquisitions by a telco when it purchased Counterpane in 2006; it now has partnerships with more than 60 security vendors. Many of these vendors are

(20)

and network experience for its commercial security offer. BT utilizes the traditional vendors (Cisco, Juniper, and Checkpoint), but is also active with new, niche security vendors such as FireEye, Lumeta, and Skybox. BT has its own SIEM platform, Socrates, but also supports other SIEM platforms based on customer demand. The carrier has demonstrated interest and made investments in many emerging security technologies and vendors, a trend that Ovum expects to continue.

Road map

BT’s new managed security services include web security, mobile device management, cybersecurity and threat management offerings, along with the related professional services. The carrier is adding more cloud-based, hosted, and assessment options to its overall product line for most of its security portfolio pillars. Assure eValuator is an example of BT’s enhanced security assessment offer, whereby it provides security readiness and a 24-month plan. The telco is also developing analytics enhancements to help correlate and analyze disparate security events and provide proactive security recommendations and policies. It is engaged in the prioritization and consolidation of its security partnerships line up, which should result in fewer, stronger relationships that provide increasing integration, lower costs, and faster time to market for many of its security offers.

Ovum assessment

BT has a pedigree as one of the major MSSPs for MNC customers and has invested in expanding its security services to include IT infrastructure. It also has the most complete global reach, with strategic security staffing and infrastructure in all the major regions of the world. Its MNC and large enterprise security customer base is global, with customers in key verticals such as public sector, healthcare, and financial services. BT's recent investment in expanding its threat monitoring services in Brazil is yet another example of the priority it gives security portfolio build-out and global presence.

(21)

Orange

Figure 8: Orange’s managed security services portfolio

Source: Orange

Orange delivers its managed security services portfolio in three major components: managed security solutions, consulting, and cyberdefense. These are the major ingredients for its offer to the MNC and large enterprise market globally. These service components are delivered in a combination of three different delivery models – custom solutions, managed services, and cloud based.

Managed security solutions

Management and governance, trusted work environment, and trusted infrastructure are the three pillars of Orange's managed security solutions. Management and governance consists of CyberSOC, cyber risk and compliance intelligence, and security event intelligence; trusted work environment includes security integrated services, flexible and mobile SSL, mobile security, and flexible identity in providing security for access, terminal/devices, and identity management; and trusted infrastructure includes DDoS and unified defense (e.g., firewall, web filtering). These services form the core of Orange's managed security

(22)

Orange's consulting services are the professional services overlay to its managed security services portfolio. They include comprehensive assessments, PCI DSS support, audits, pentesting, engineering, and recommendations for enterprise security infrastructure, programs, and policies. Orange has a range of consulting to address the full security lifecycle.

Cyberdefense

Orange leverages its CyberSOCs, security personnel, managed solutions platforms, and its recent acquisition of Atheos to offer an additional layer of service, providing a plan for cybersecurity strategy that monitors, responds to, and remediates security events. The correlation and patterns of security activity, along with the correlation and analytics, allow Orange to provide this additional premium security service to its customers. Orange offers cybersecurity assessment and recommendation as part of its security consulting services. This is a new area for the carrier, and Ovum expects more announcements and enhancements in this domain.

Orange offers its managed security services individually, but positions itself as full service MSSP and provides global, unified security management. It can take over the management of devices and network and IT infrastructure for its MNC and large enterprise customers. The telco has a strong global support structure for security services, with a particular concentration in EMEA, and also has security resources in the Americas and Asia-Pacific. Orange caters to MNC and government accounts that are based in France and other parts of Europe and that have global requirements.

Strategic security assets – partnerships, alliances, and acquisitions

Orange has partnerships with more than 50 vendors, including many of the network, Internet, and web-centric vendors used by most telco-led MSSPs. The carrier also has strong relationships with security vendors such as HP, Qualys, Zscaler, Blue Coat, SafeNet, and Varonis and is working with many of these vendors in transitioning to more cloud- and network-based security solutions. It has obtained various security certifications, is working on collaborative cybersecurity efforts, and is participating in security industry forums. Orange’s recent acquisition of Atheos will add to its security expertise, experience, and knowledge.

Road map

Orange is investing in network- and cloud-based security solutions, making improvements to its DDoS and identity management services, and enhancing its cloud security support. It is also investing in cybersecurity services; Ovum expects more announcements about the carrier’s cyberdefense offer and the progress it is making with integrating its new acquisition, Atheos. Orange remains active with the security vendor community, so we expect to see further enhancements in its analytics and threat management.

(23)

Orange is a strong player in managed security services in EMEA, with the common telco alignment with its network roots and services. It offers these services as a complement to its other network, IT, and managed services. The telco is leveraging its internal IT security resources and experience to create its security offers and increase customer credibility. It predominately works with its existing MNC and large enterprise customers that need help with security. Customer adoption shows that Orange has become a trusted advisor based on its customer base and security assets. Orange can also assist its larger enterprise customers in the Americas and Asia-Pacific.

Telefonica

Figure 9: Telefonica’s managed security services portfolio overview

Source: Telefonica

Telefonica has been providing managed security services to its large enterprise customers for many years. With its global services push, the carrier has been investing in providing global security resources and technology to MNC and large enterprise customers.

Network-based services

The major elements of Telefonica’s network-based services pillar are its clean pipes, web security, email filtering, and anti-DDoS services. Clean-pipes services include many security features that are aligned with the carrier’s network and Internet services.

(24)

Mobile device management, WAN device management, and security monitoring are the major elements of Telefonica’s managed services pillar. Mobility and device management at the perimeter are included in its managed services for both fixed and mobile networks.

Cybersecurity

Threat and vulnerability detection are the key elements of Telefonica's cybersecurity offer. This appears to be one of the newer elements of the carrier’s managed security services portfolio, and is also one of its areas of current and planned investment.

Global services, security-as-a-service, and 24/7 service management

The horizontal service overlays to the three major pillars of Telefonica's managed security portfolio are expanding security services from local coverage to global coverage, moving managed security services to cloud-based platforms, and providing complete 24/7 security service management. Telefonica's web security and email filtering services are examples of where its security service is offered in a security-as-a-service model. The carrier has security consulting services available across its managed security services portfolio.

Telefonica focuses its managed security services customer acquisition on Europe and Latin America, and has security assets and capabilities in North America. The carrier can provide global services, but its strongest offering for MNC and large enterprise customers is in these three regions. It promotes its internal development and external vendor products to offer reactive, proactive, and preventative managed security service management approach.

Telefonica works with many network security vendors, including Cisco, Juniper, and Arbor, as well as many IT security vendors, including AlienVault, Fortinet, HP, McAfee, RSA, and Symantec. FireEye, Rapid7, and Palo Alto Networks are also part of the telco’s multi-vendor security mix, and it is using AirWatch for mobile device management. Telefonica also has security platforms developed by its own staff that are part of its proprietary mix of managed security services. The carrier has made some investments in security technology start-ups such as ElevenPaths (a fully-owned subsidiary set up as a 100% product company) and Blueliv (a cybersecurity technology company), has launched Sinfonier (a collaborative security knowledge and intelligence community for developers and researchers), works with various security consortiums and standards (ISO), and has its own proprietary developments (e.g., Saqqara, its security monitoring automation solution). Cybersecurity and threat management are Telefonica’s key investment areas.

Road map

The major road map items for Telefonica are making additional SOC investments in its major regions (Latin America and Europe), expanding its geographic coverage (to include managed security services in

(25)

the UK, for example), and continuing to invest in threat management and cybersecurity. Ovum expects to see more investment in analytics and advanced persistent threat and behavioral modeling within the carrier’s cybersecurity offer.

Ovum assessment

Telefonica's recent managed security service launches, its planned and announced geographic

expansion, and its investments in managed security services are boosting its position as a global MSSP. The carrier’s MNC and large enterprise potential lies mainly in Europe and Latin America; North America is one secondary region where it has increased its managed security resources. It has potential for market expansion, especially among US-based customers with growing Latin America or European presences. Ovum expects to see further investment from Telefonica; this, followed by customer adoption and service expansion, will position it as one of the major telco-led MSSPs within two years.

Telefonica has global capabilities and a broad base of customers; these can provide the basis for competing to win global customers. It is most likely to succeed when MNC requirements lie in Europe, Latin America, and North America – it has some work to do on building a comprehensive MSSP service portfolio. Ovum expects Telefonica to refine its managed security services portfolio as that portfolio matures and it develops its cybersecurity capabilities further, and we believe that the telco should highlight and provide more detail on its security consulting capabilities.

T-Systems

Figure 10: T-Systems’ managed security services portfolio

(26)

T-Systems offers its managed security services with four different pillars and two service overlays: advanced cyberdefense services and security consulting. The major pillars are enterprise security management, identity and access management, ICT infrastructure security, and clean pipe services. The carrier’s managed security services come under ICT infrastructure security services, as does mobile security, although it is not shown in Figure 10. T-Systems' mobile security portfolio addresses the mobile interactions within the enterprise and can be added in a modular way to the managed security services portfolio.

Enterprise security management

T-Systems offers comprehensive security management of ICT infrastructure; this includes governance, risk, and compliance systems. Design and integration of security processes, architectures, and

implementation for ICT systems are part of this service pillar, as are audit and penetration services, security products, and system evaluations.

Identity and access management

Management of digital identities, trust center solutions, and smart cards are all included in T-Systems’ identity and access management service pillar. Authentication services, PKI-based solutions, and cloud-based identity management services fit into this service group.

ICT infrastructure security

Dedicated security solutions (firewalls, VPN, IDS/IDP, antivirus, and filtering solutions) are part of this service pillar. This includes content, web, email, and network security services.

Advanced cyberdefense services

Advanced cybersecurity management services that provide detection, response, and recommendations for security threats and incidents are part of this existing managed security services overlay. The newly announced RSA and T-Systems alliance mentions enhancements for advanced cyberdefense SOC support, security tools, and enhanced malware support. Managed SIEM services have been running for several years and are an integrated element of this service.

Security consulting

T-Systems provides complete consulting services as an overlay to its managed security services portfolio. It offers consulting for the many different elements of its service portfolio and is working on customized support and sharing vendor expertise.

Mobile security portfolio

T-Systems offers mobile security, but classes it separately from its managed security services portfolio. Its security offers are divided into five categories: Dynamic Net-centric Sourcing (Cloud), Collaboration, Mobile Enterprise, Security and Governance, and Sustainability and Corporate Responsibility. Mobile security services are positioned as safeguarding mobile interactions across the enterprise and include

(27)

options for traditional mobile device management. One interesting aspect of T-Systems’ mobile security offer is how it is built around different threat scenarios, with contrasting approaches for when the attacker is and is not in possession of the device. In addition, the carrier has a mobile encryption program.

T-Systems positions itself as “the 360-degree MSSP” and the only MSSP that can provide the full balance of IT and network security. It highlights its Deutsche Telekom (DT) heritage and claims to provide a unique combination of IT security and telecoms security as core competencies. It also highlights its end-to-end capabilities and cyber defense offering. In this context the provider builds on four fundamental principles to structure its cyber security development: transparency, simplicity, expertise and co-operation. The carrier’s efforts in managed security services have a primary regional focus on the EU, with global expansion driven by its European (primarily German) MNC customers.

T-Systems has a strong set of security vendor partners, including HP, RSA, McAfee, Juniper, Checkpoint, and newer vendors such as FireEye. The carrier recently announced a cyber security partnership with global insurance company Allianz. It is also investing in certain vendors (e.g.,

CipherCloud) and is cooperating with a number of security start-ups. Like the other MSSPs in this report, T-Systems emphasizes its carrier heritage as part of its experience in security, based on its roles as ISP, global IP backbone provider, and manager of DT's internal infrastructure.

Road map

The major elements of T-Systems' road map for its managed security services are cybersecurity, expanded DDoS protection, and identity management. With its RSA alliance T-Systems will offer analysis of individual cyber risks for companies, advising them on cybersecurity strategies and

architectures and delivering advanced cybersecurity services. Next-generation security operation centers will combine the latest technology with the expertise of cyberdefense specialists fromT-Systemsand RSA and other vendors such as FireEye (for advanced malware detection, for example). The carrier has also announced a new relationship with CipherCloud for cloud security, including an encryption solution for enterprise customers using Salesforce.com services. It is working with global insurance company Allianz to develop integrated solutions for damage prevention, network security, and risk management. T-Systems will also continue to hire more security professionals; its managed security services and these new alliances require additional staffing.

Clean pipes services are a set of bundled security services (e.g., email, web, firewall) for the various segments of the enterprise market, with a strong focus on German enterprise customers. T-Systems will leverage its cloud-based and network services to provide standard bundles with integrated security services to its largest enterprise and SME customers. This is a planned offering that will be based on T-Systems managed security investments.

(28)

T-Systems has one of the most IT-centric managed security services portfolios of all the MSSPs in this report. Its legacy as the IT provider born out of the DT family means it has additional IT expertise that has an impact on its position as an MSSP. Although the carrier does have global capabilities, the EU is the primary focus of its managed security services. T-Systems will have strong appeal among EU-based MNC and large enterprise customers. It recently announced new alliances with security vendors, and it continues to invest in new security technology that will give it a strong position as it increases its

capabilities and expands in Europe. Mobile security is treated as a separate but integrated service based on T-Systems’ five product categories. Ovum would expect this to result in growth in T-Systems’

European managed security business and for an increasing percentage of its large global deals to include managed security services.

Verizon

Figure 11: Verizon’s managed security services portfolio overview

Source: Verizon

Verizon's managed security services started with a significant staff and geographic boost based on its acquisition of Cybertrust in 2007. The carrier has developed its managed security portfolio over several years and recently reorganized it, with a new focus on cybersecurity.

Asset and exposure management

Vulnerability management, application security and exposure management, data security for mobile, and M2M professional services are all included in this service pillar, which is part of Verizon’s professional services.

(29)

Verizon offers different service models that provide security monitoring and analytics with standard SIEM platforms (RSA and HP ArcSight). Advanced threat intelligence and monitoring is another premium option that provides support beyond standard managed security monitoring services. Managed SIEM is another option for enterprise customers that want Verizon to manage their SIEM on a dedicated basis. The carrier recently announced support for RSA Security Analytics based on RSA's NetWitness platform.

Incident response and forensics

In this service pillar Verizon uses investigative incident responses and research to provide analysis and response measures for security practices.

Security enforcement and protection

DDoS, IPS, and firewall are the major elements of Verizon's security enforcement and protection services, with premise-based and cloud-based service varieties. Managed enterprise gateway services and professional services are also included in this service pillar.

Identity and access management

Universal identity services, managed certificate services, and professional services related to identity management are included in this service pillar.

Risk and compliance management

Verizon's Security Management Program includes assessments, audits, tactical recommendations, and guidelines. Risk and compliance professional services and PCI certification are additional elements of this service pillar.

Professional security consulting services

Verizon's global consulting and integration services organization covers services across its managed security portfolio, including mobile security. Security consultants are disbursed globally but predominately located in Europe, North America, and Asia-Pacific.

Mobile security

Verizon offers mobile security as part of its enterprise mobility program, which is separate from its formal managed security services portfolio. The carrier’s enterprise-mobility-as-a-service includes secure remote access, PC security, and updates for corporate devices. Its managed mobility service supports managing, deploying, and supporting global mobile enterprise assets and workforces, including security features.

Verizon's efforts in managed security services are a key part of its global go-to-market strategy for its MNC and large enterprise customers. Verizon's annual Data Breach Investigations Report (DBIR) is also one of the key activities that opens doors and creates credibility for the telco’s managed security

(30)

services. The DBIR stimulates discussion, and sometimes demand from enterprise customers and also, from a PR perspective, helps Verizon to position itself at the center of the security industry, alongside many international security players. The carrier positions its network and its Cybertrust acquisition as the key anchors of its credibility as a trusted advisor on managed security services.

Verizon focuses on the US market, plus major MNCs and large corporate enterprises in Europe, Asia-Pacific, and Latin America. Its security coverage in Latin America has been strengthened by its acquisition of Terremark, which also had managed security services in the region.

Verizon's past acquisitions include Cybertrust, Terremark, and UUNet; incorporating these organizations has created a strong base of security expertise and staff. CyberTrust had global capabilities and a methodology that provided a strong base for security services, and included ICSA Labs, another security asset. Verizon Cyber Intelligence Center (VCIC), established in April 2014, is a new business unit that consolidates and centralizes the telco’s cybersecurity resources. VCIC will leverage these assets for internal and external managed security efforts and will include participation with third parties to provide an improved service for its customers. Verizon now also supports advanced persistent threat

technologies such as FireEye and Palo Alto WildFire in order to address the needs of the public and private sectors.

Road map

Verizon will continue to partner with third parties and invest internally to increase its security incident database. It will continue to boost its cybersecurity focus through its newly consolidated group. The carrier plans to invest in analytics to provide correlation of security information for improved identification, response, and remediation across its various managed security services clients and platforms. Verizon has plans for enhancing its network DDoS service with a managed on-premise version to complement its network-based service. There are also plans for a new security portal interface for customers and for further expansion in Asia-Pacific.

Ovum assessment

Verizon is one of the stronger telco-led MSSPs, with a solid track record based on its telecoms heritage and Cybertrust acquisition. Its global reach is very strong, covering North America, Europe, Asia-Pacific, and Latin America. The carrier’s professional services and SOC coverage is one of its strengths. Verizon has also worked extensively and deeply with security industry vendors and third parties since its

Cybertrust acquisition, and is engaged with many of the new start-ups that are providing security services and cybersecurity intelligence.

APPENDIX

Methodology

This report is based on interviews with, briefings from, and surveys of the managed services divisions of AT&T, BT, Orange, Telefonica, T-Systems, and Verizon. All the carriers provided responses to Ovum's