The first stage of my update of my 2018 evaluative research on the European managed security services provider (MSSP) market published this week. “Now Tech: European Managed Security Services Providers, Q2 2020” covers the vendor landscape for MSSP services and is a precursor to a refreshed Forrester Wave™, which will publish later in the year. This Now Tech research covers the core European Economic Area countries (the European Union, plus Switzerland, Norway, Iceland, and Liechtenstein) and the UK. The service provider landscape is varied both in the types of vendors providing services and the geographic regions in Europe in which they are strongest. Here are some of the strongest trends I see from this research.

Clients Want To See Better Value For The Money From Their MSSP Services

Since the publication of my last Forrester Wave in this area in late 2018, one of the biggest client pain points is getting value for the money from the service. This partly comes down to price but also is down to getting good at selecting the appropriate delivery model, technology architecture, and sourcing model. Most clients are operating in a hybrid model with use of an MSSP provider to provide some elements, whereas other activities are undertaken internally. As most MSSP provider solutions are currently still based on devices monitored, or volume-based (a legacy of the events-per-second pricing [EPS] models for the underlying Security information and event management [SIEM] or security analytics technologies underpinning these services), many solutions quickly become very expensive.

I still view an MSSP purchase as one of the most complex types of services purchases a security team can undertake, so I strongly recommend that a security team design an operating model covering its security operations center (SOC) operations and the key handoffs they expect with a service provider. This ensures that you can be as clear as possible with the target operating model you expect the service provider to deliver into and helps select only what you need, helping to keep a lid on prices. Some service providers are starting to recognize and respond to the customer demands to evolve pricing, but this will take some time to bear fruit in the market.

European Data Residency And Near-Shore SOC Delivery Locations

Those following my regular evaluative research know that I have written often about the importance of near-shore delivery capabilities and, for MSSP services, European data sovereignty. One fascinating market development that I heard often from providers in the Now Tech research was that, with the exit of the UK from the EU on January 31, 2020, some EU-based clients have begun to rule out tender invitations from suppliers with no ability to host data or have SOC staff within the EU. Existing deployments in the UK are being migrated and moved to EU locations, showing that people are not waiting around to find out if the UK and EU are successful in negotiating a data-equivalence decision to allow personal data transfers to continue under the current basis.

Clients need to pay attention to these issues in their evaluation and selection processes and make sure that the solution presented to govern data protection needs is acceptable to them (e.g., storage of data and personnel in EU-only or EU-model contract clauses).

Value Collaboration And Proficiency In Implementing Security Controls For Emerging Technologies

The final observation I have is that clients want their MSSP provider to act as an extension of their core security team and work with them in a different way than in the past. The alert notification factory that MSSPs had a reputation for being in the past is no longer acceptable.

Clients value collaboration and expect access to individuals who understand their context and their environments, with hybrid deployments involving on-site presence of a vendor member of staff to colocate with the security team currently very popular (pre-COVID-19 pandemic). We continue to see extremely strong demand for continued expansion of MSSP coverage for cloud and operational technology environments.

Many service provider roadmaps focus on getting on top of these areas, and clients should pay specific attention to what the provider can support now and, second, what they have in their roadmap to grow their capability in these areas.

Find out more about the broader market landscape and the firms that service this market in my report available for Forrester clients.