HfS Research Blueprint Report - Capgemini€¦ · HfS Research Blueprint Report Managed Security Services Excerpt for Capgemini ... clients now expect stronger industry knowledge

The Services Research Company

ChristineFerrusiRossResearchVicePresidentchristine.ferrusi.ross@hfsresearch.com@ferrusi

HfS Research Blueprint ReportManaged Security ServicesExcerpt for Capgemini March 2017

©2017HfSResearchLtd.ExcerptforCapgemini Proprietary│Page2

Table of Contents

TOPIC PAGE

ExecutiveSummary 3

HowCustomer-Centric, DigitalBusinessIsTransformingSecurity 8

ResearchMethodology 19

ServiceProviderGrid 25

ServiceProviderProfile 29

BuyerandProviderRecommendations 33

AbouttheAuthor 39

Executive Summary


Introducing the Managed Security Services Blueprint

■ The2017ManagedSecurityServicesHfSBlueprint isthesecondBlueprintReporttocovertheDigitalTrustandSecuritymarket.ThisreportfocusesonManagedSecurityServices(MSS)– thosedeliveredonanongoingbasistohelpclientsprevent,monitor,report,andremediatethreatstotheirbusinesses.Toreadtheoriginalreport,seetheOctober2015Trust-As-a-ServiceBlueprint.

■ ThisBlueprintReporthighlightsMSSasthebackboneofdigitaltrust,enablingcompaniestomovetotheDigitalOneOfficeTM.TheDigitalOneOfficedescribesthedesignandimplementationofthedigitalcustomerexperienceandthecreationofanintelligent,singleofficetoexecuteandsupportit.(SeetheJanuary2017POVformoredetailsonDigitalOneOffice.)Digitaltrustistheconceptofensuringthatsecurityiswoventhroughallbusinessoperationssocustomersandotherthirdpartiestrustyouasaviablebusinesspartner

■ TheHfSBlueprintidentifiesrelevantdifferentialsbetweenManagedSecurityServicesprovidersacrosstwomaincategories:innovationandexecution.Executionexcellenceisnon-negotiableasclientsrelyontheprovidertomonitor,detect,andremediateincidentsandthreats.Innovationinsecurityisparticularlyrelevantasnewthreatsandthreatactorsappeardailyandclients’securityposturesareconstantlychanging.

■ Inadditiontolookingatserviceofferingsandcapabilities,welookedatnewwaystopriceengagementsandthemovetooutcome-basedmodels.Webelievethesepricingchangesareindicatorsofshiftstowardbusiness-basedandcustomer-experience-enhancingsecurity.


Managed Security Services Value Chain

SERVICE-ENABLINGTECHNOLOGIES

DigitizationandRoboticAutomation•Analytics•Mobility•SocialMedia•CognitiveComputing•ArtificialIntelligence

SECURITYTECHNOLOGIESANDPLATFORMS

Firewalls•EndpointProtection•NetworkMonitoring•IntrusionDetection•ApplicationSecurity•DeviceSecurity•DataProtection•IdentityandAccessManagement•MobileSecurity•ThreatIntelligence•PredictiveAnalytics•Antivirus•LogManagement

IncidentDetectionandReporting

• Reportingandanalysisofdetectedincidentsandthreats

• Supportfor board-leveldiscussionsofdetectedincidents

Remediation

• Recommendationsandactionstoaddressthreatsandincidents

• Recommendationsforwaystoenhanceresponseinthefuture

RiskandThreatMonitoring

• Ongoingmonitoringofsystemsandlogs,includingupdatesbasedonchangingsecurityposture

• Analytics fortrends,patterns,andbehaviors

RiskandThreatandPrevention

• Threatintelligence

• Applicationandinfrastructuretestingforsecurity issues

• Processchangetoembedsecurityinbusinessoperations

Strategy,Architecture,andInfrastructure

• Securitypostureneedsassessmentand execution

• Applicationandinfrastructuresecurityimplementationandintegration

• Support forboard-levelsecuritydiscussions

Note:HfS’valuechainofworkfollowsaprocessflowofactivities,butthis isn’tnecessarilythewayclientsbuyservices.Clientsoftenaskforspecificpointsolutionslikeidentitymanagement.Butwithinthatoffering,theworkflowoftenstillfollowsthevaluechainprocessabove.Seethesecurityservicesgridforaspecificlistofspecificservicesweincludedaspartofmanagedservices.


Key Highlights: The State of Managed Security Services

■ Risks,specificthreats,andthenumberofthreatactorsareallincreasing– bothinnumberandimpact.Companiesarelookingformanagedservicesfirmstohelpthemprevent,monitor,andremediatecurrentthreats.Butcompaniesalsoexpectthattheirproviderswillevolvetheservicesovertimetoensurethatnewthreatsdon’tgoundetected.

■ Analyticsarenon-negotiablecomponentsofsecurityservicestoday;predictiveanalyticswillbenon-negotiabletomorrow.Everyproviderweevaluateddiscussedtheimportanceofstronganalyticstofindandreportincidentstoclients.Manytalkedabouttheirworkinpredictiveanalyticstohelpclientsmitigatenewrisksandincidentsthatperhapsaren’tfoundintraditionalways.Manychallengesexistinproactiveriskremediation(whowantstobetheonewhotakesanactiononariskthathasn’thappenedyet?)Butdespitethechallenges,predictiveanalyticsarecriticaltokeepingupwithconstantlychangingsecurityenvironments.

■ Industryexpertiseismovingbeyondunderstandingofvertical-specificregulatoryrequirementsandthreats. Securityneedstobeintegratedintothebusiness,notjustsupportthebusiness.Andakeywayforsecurityservicesproviderstohelpclientsistounderstandtheirbusinesscontextbetter.Providersandclientsnowexpectstrongerindustryknowledgetoprovidethisbusinesscontext.Tyingsecurityintobusinessoperationshelpsmoveintoavalue-creationroleandtodriveimprovedcustomerexperiences.

■ Talentwarscomplicatethesecuritylandscape. Likemanycomplextechnicalspaces,thesecurityareafacesatalentshortage.Wefoundthatmostprovidersarefollowingstandardrecruitingandretentionbestpractices.Butsomeoftheleading-edgefirmsshowmorecreativeapproachestoensuretheyhaveenoughtalenttoserveclientsandmitigatethecannibalismthathappensinsecurityservicestalentpools.


Key Highlights: Managed Security Services Providers■ TheWinner’sCirclereflectsanabilitytoexecutewellona

broadsetofcapabilitieswhilefocusingonemergingissueslikepredictiveanalyticsandcraftingdifferentiatedthoughtleadershipinthemarket.

TherankingreflectsananalysisofInnovationandExecutioninmanagedsecurity,whereweplacedextravalueonofferingsanddeliverythatdemonstratedunderstandingofhowsecurityfitsintobroaderbusinesscontext,proactivelystayedcurrentwithchangingsecuritythreats,andhadavisionforsecurity’sroleinthecustomerexperience.

• Winner’sCircle:Providersthatrosetothetop:Accenture,Capgemini,Cognizant,EY,IBM,Infosys,Unisys,andWipro

• HighPerformers:Providersdrivingthecoreofthemarket:CSSCorp,Luxoft,SecureWorks,andTechMahindra

• ExecutionPowerhouses:Providersbringingprovenvaluetotheirclients:TCS

■ AlloftheproviderscoveredinthisBlueprintprovideaveryhighlevelofSecurityServices,andit’simportanttoevaluateagainstyourindividualneeds.Thescoringdifferencesamongtheproviderswasoftensmall.

AS-A-SERVICEECONOMY

Useofoperatingmodels,enablingtechnologiesandtalenttodrivebusinessoutcomesthroughoutsourcing.Thefocusisonwhatmatterstotheendconsumer.

HfSusestheword“economy”todescribethenextphaseofoutsourcingasanewwayofengagingandmanagingresourcestodeliverservices.

The8IdealsoftheAs-a-ServiceEconomy:

1. Write OffLegacy2. DesignThinking3. CollaborativeEngagement4. BrokersofCapability5. IntelligentAutomation6. AccessibleandActionableData7. Holistic Security8. Plug-and-PlayDigitalServices

Source:BewareoftheSmoke:YourPlatformIsBurningbyHfSResearch,2015

How Customer-Centric, Digital Business Is Transforming Security –

and Vice Versa


The As-a-Service Economy Sharpened Business Focus on the CustomerOperatingintheAs-a-ServiceEconomymeansarchitectinguseofincreasinglymatureoperatingmodels,enablingtechnologiesandtalenttodrivetargetedbusinessoutcomes.Thefocusisonvaluetotheconsumer.

I.#THE#OPTIMUM#OPERATING#MODEL#Outsourcing+|+Shared+Services++GBS+|+BPaaS/SaaS/IaaS+|+Crowdsourcing+

II.#EMPOWERING#TALENT#TO#MAKE#IT#POSSIBLE#

Capabili=es+over+Skills+|+Defining+Outcomes+|+

Crea=vity+|+Data+Science+

III.#A#BURNING#PLATFORM#FOR#CHANGE#

Globaliza=on+of+Labor+|++HighGgrowth+Emerging+Markets+|+Disrup=ve+Business+Models+|+

Consumeriza=on+

AS7A7SERVICE7ECONOMY#

Agility+|+Collabora=on++OneGtoGMany+|+Outcome+Focus++

PlugGandGPlay+Services+

IV.#TECHNOLOGY##TO#AUGMENT#KNOWLEDGE#LABOR#Digi=za=on+&+Robo=c+Automa=on+|+Analy=cs+|+Mobility+|+Social+Media+|+Cogni=ve+Compu=ng+

TOOLS/INFRASTRUCTURE# GOVERNANCE#


FixedAssetsLeveragedAssets

2DesignThinking

3BrokersofCapability

1WriteOffLegacy

4CollaborativeEngagement

7HolisticSecurity

5IntelligentAutomation 6

Accessibleand

ActionableData

8Plug-and-PlayDigitalServices

SOLUTIONIdeals

LEGACY

ECONOMY

AS-A-SERVICE

ECONOMYCHANGEMGMTIdeals

§ MovingintotheAs-a-ServiceEconomymeanschangingthenatureandfocusofengagementamongenterprisebuyers,serviceproviders,andadvisors

§ “As-a-Service”unleashespeopletalenttodrivenewvaluethroughsmartertechnologyandautomation

Operating in the As-a-Service Economy Requires Adoption of 8 Ideals


The 8 Ideals Affect What Firms Need From SecurityIDEAL DEFINITION SECURITYIMPACT

WriteOffLegacy

Usingplatform-basedsolutions,DevOps,andAPIecosystemsformoreagile,lessexception-orientedsystems

Ascompanieswriteofflegacy,therearesecurityimplicationsforremoval andreuseofoldequipment,plusnewvulnerabilitiesbroughtintotheenvironmentwithnewapplicationsandsystems.Theimpactonsecurityoperationsismorepressuretoknowaboutallofthenewtechnologiesinordertoeffectivelymitigatevulnerabilities.

DesignThinking

Understandingthebusinesscontexttoreimagineprocessesalignedwithmeetingclientneeds

Tostrategicallyprotectthebusinessasitchangesandgrows,organizationswillseemoredesignthinkinginsecurityenvironments.Thisincludesdoingworkshopstounderstandpotentialnewthreatactorsandtheculture,process,andtechnologychangesneededtoprotectthebusinessfromnewthreats.

Brokers ofCapability

Orientinggovernance tosourceexpertisefromallavailablesources,bothinternallyandexternally,toaddresscapabilitygaps

Digitaltrustisthekey forbrokers– companiesworkwithoutsourcersandproviderstheytrust.Addressingtheabilitytoprotectdataisasharedresponsibilityamongtradingpartnersandoutsourcersinmultipartyengagements.

CollaborativeEngagement

Ensuring relationshipsarecontractedtodrivesustainedexpertiseanddefinedoutcomes

Trading partnersneedtotrusteachother’sabilitytoprotecttheirdataandintellectualpropertyinoutcomesandtransactions.Securitythenenablesbusinessgrowth.

IntelligentAutomation

Usingautomationandcognitivecomputingtoblendanalytics,talent,andtechnology

Thenumberofthreatsandthreatactors – plus thestrainonsecuritytalent– makesautomationarequirement.Andprotectingautomatedsystemsisthedifferencebetweensuccessandfailure.

AccessibleandActionableData

Applyinganalyticsmodels,techniques,andinsightsfrombigdatainreal-time

Analytics helpssecuritygetbetter,butsecurityteamsalsoneedtoprotectanalyticsinotherfunctionstomakesurealgorithmsanddataaren’thackedtocreatefalseresultsandcausebusinesschaos.

HolisticSecurityProactivelymanagingdigitaldataacrosstheservicechainofpeople,systems,andprocesses

Security can’tbeasilo,relegatedtoasmallsetofspecialistsinthecorporatedatacenter.Instead,securityneedstobeincorporatedacrosstheentireenterpriseandunderstoodbybusinessstakeholdersatalllevels.

Plug andPlayDigitalBusinessServices

Plugginginto“readytogo”business-outcome-focused people,process,andtechnologysolutionswithsecuritymeasures

Thespeedof businessmeanscompanieswanttoconnecttoeachotherquickly– andthatrequiresthattheytrusttheplayersthey’reconnectingto.Sosecurityneedstobeembeddedinallofferingstoallowtransactionstohappenquickly,reducingthefrictionthatcomeswhenpartieshavetoslowdowntoevaluatesecurityprocedures.


MovingtotheAs-a-ServiceeconomyandDigitalOneOfficeTM requiresfirmstoadoptholisticsecuritythat’sintegratedwithbusinessoperations.Organizationsneedtoshifttheirthinkinginafewkeyareas:

Traditional Security Needs to Adapt to Support the 8 Ideals

■ Stoptreatingsecurityasastandalonecapabilityandintegrateintobusinessprocesses.Traditionalsecurityteamsfocusonsecurityalone,assumingthathighlyefficientsecuritybydefaultwillprotectthebusinessandaddvalue.However,themovetoDigitalOneOfficechangesthatmindset.Theprovidersandclientswespokewithforthisreportagreedthatsecurityneededtounderstandthebusiness,sosecuritycanbecomepartofthebusinessinsteadofanafterthought.Leading-edgeorganizationsthinkaboutsecurityinthecontextofwhichassetsaremostcriticaltothebusinessandwhichriskshavethegreatestimpact.Thentheyeducatestakeholdersonsecurityinthisbusinesscontext,gainingbetteradoptionofbestpracticesandsupportfromallpartsofthebusiness.

■ Focusonbehaviormorethantechnology.Whileclientreferenceswantedproviderstohaveexpertiseinthespecifictechnologiesbeingused,theysaidtoprotectthebusinessbetter,youneedtofocusonbehaviorsbeforetechnologies.Thebestfirewallintheworldcan’tstopahackerfromgettinginthroughapasswordhegotfromphishinganemployee,forexample.

■ Resistbeingsocomfortableintheiroperationsthattheymisschangesinthemarket.Ofcourse,youshouldgetvaluefromexistinginvestments.However,severalclientreferencesnotedthattheywantsecurityoperationsteamstolookoutsidetheirexistingapproaches.Asonereferencesaid,“Ifsecurityteamsjustdotheirjobseverydaybyroteandneverreallythinkaboutwhatthey’redoingorwhy,we’llmissnewthreatsandpotentiallyhurtourbusiness.”


Digital OneOffice Is the Operating Model for the As-a-Service Economy

ToeffectivelyparticipateintheAs-a-Serviceeconomy,organizationsneedtoaligntheiroperationstosupportcustomers.Thisalignmentmeansthatdistinctionsbetweenfront-officeandback-officeprocessesgoaway.Thispushessecurityoutofitssiloasastandalonedisciplineandembedsitinallprocessesinordertoensurethequalityofthecustomer’sexperience.


Security Underpins the Alignment of All Operations to Improve Customer Experiences

20%

22%

24%

26%

29%

30%

31%

31%

42%

48%

46%

38%

55%

50%

45%

48%

48%

43%

19%

19%

17%

13%

17%

20%

15%

15%

8%

12%

12%

21%

5%

4%

5%

6%

6%

7%

Invest in cognitive technologies and machine learning to reduce reliance on mid/high skilled labor

Invest in process automation and robotics to reduce reliance on low-skilled labor

Policies that restrict the hiring of people

Improve the quality of operations talent

Scalable / Flexible services

Accelerate speed to market with new products

Create real-time data that supports predictive, not reactive decisions

Align middle/back office operations to improve customer experiences

Drive down operating costs

Mission Critical Increasingly Important Emerging Not a Directive

Source: HfS Research in Conjunction with KPMG, “State of Operations and Outsourcing 2017” Sample: n=454 Enterprise Buyers

HowcriticalarethefollowingC-Suite directivestoyouroperationsstrategy?(SVPsandabove)


Business Executives Recognize Security’s Importance in Their OneOffice Transformations

Pleasestatehowsignificantyouseethe“As-a-ServiceEconomy”idealsandtheshifttomoreintelligentoperationsforyourorganization?(Justabsolutelycritical/criticalresponses)

15%

15%

21%

20%

19%

20%

29%

30%

20%

23%

21%

26%

27%

30%

22%

25%

35%

38%

42%

46%

46%

50%

51%

55%

Plug&PlayDigitalBusinessServices

BrokersofCapability

WriteoffLegacy

IntelligentAutomation

CollaborativeEngagement

DesignThinking

HolisticSecurity

Accessible&ActionableData

Absolutelycritical

Critical

Source: “Intelligent Operations" Study, HfS Research 2017Sample: Buyers = 371


How Security Improves Customer Experience in the OneOffice Operating Model

§ EnsuringOneOffice: Digitizationandtherenewedriseofcustomer-centricitymeanthatthewallbetweenthebackofficeandfrontofficehascollapsed–everyoneinacompanyiscustomerfacinginthisagewherecustomershavesignificantvisibilityintoourinternaloperations.Thatmeansyoursecuritypolicies,procedures,andriskapproachesneedtobebroughtupfromthebasementandsharedacrossyourentireorganization.

§ Facilitatingsharedresponsibility: Securityisn’tjustsomethingyouworryaboutwithinyourfourwallsanymore.AsdataandIPgetsharedacrosstradingpartners,theneedforasharedviewonsecuringdigitalassetsbecomescritical.Thismeansmovingbeyond“protecttheperimeter”approachtoacollaborationamongpartnerstosharebestpractices,insights,andmetricstocreateasharedresponsibilityforprotectingdataintransactions.

§ Creatingdigitaltrust: Yourabilitytosucceedinthedigitalenvironmentrequiresthatyourtradingpartners(customers,suppliers,externalstakeholders)trustyoutobeethical,legallyoperating,andpracticingup-to-datesecurityprocedurestoprotecttheirdataandIP.Ifothersstarttodoubtyourabilitytosecureyourowndataortheirs,youaredeadasabusiness.It’sprettysimpleasaconceptandamazinglycomplextoexecute.Tobetrusted,youneedtodemonstratethatyoursecurityoperationsareeffective,automated,andcurrentwithevolvingthreats.

Businessesneedtoelevatesecuritysocustomer-facingemployeescanhelpcustomersandothertradingpartnersfeelcomfortableworkingwiththefirm.Itthenbecomespartofthebusinessstrategyandafacilitatorofdifferentiatedcustomerexperiences.

OneOffice

SharedResponsibility

DigitalTrust


Managed Security Services Value Chain – The Process Needed to Support OneOffice

SERVICE-ENABLINGTECHNOLOGIES

DigitizationandRoboticAutomation•Analytics•Mobility•SocialMedia•CognitiveComputing•ArtificialIntelligence

SECURITYTECHNOLOGIESANDPLATFORMS

Firewalls•EndpointProtection•NetworkMonitoring•IntrusionDetection•ApplicationSecurity•DeviceSecurity•DataProtection•IdentityandAccessManagement•MobileSecurity•ThreatIntelligence•PredictiveAnalytics•Antivirus•LogManagement

IncidentDetectionandReporting

• Reportingandanalysisofdetectedincidentsandthreats

• Supportfor board-leveldiscussionsofdetectedincidents

Remediation

• Recommendationsandactionstoaddressthreatsandincidents

• Recommendationsforwaystoenhanceresponseinthefuture

RiskandThreatMonitoring

• Ongoingmonitoringofsystemsandlogs,includingupdatesbasedonchangingsecurityposture

• Analytics fortrends,patterns,andbehaviors

RiskandThreatandPrevention

• Threatintelligence

• Applicationandinfrastructuretestingforsecurity issues

• Processchangetoembedsecurityinbusinessoperations

Strategy,Architecture,andInfrastructure

• Securitypostureneedsassessmentand execution

• Applicationandinfrastructuresecurityimplementationandintegration

• Support forboard-levelsecuritydiscussions

Note:HfS’valuechainofworkfollowsaprocessflowofactivities,butthis isn’tnecessarilythewayclientsbuyservices.Clientsoftenaskforspecificpointsolutions,likeidentitymanagement.Butwithinthatoffering,theworkflowoftenstillfollowsthevaluechainprocessabove.Seethesecurityservicesgridforaspecificlistofspecificservicesweincludedaspartofmanagedservices.


ThemovetoOneOfficeoperationsplacesatremendousstrainonsecurityoperationsteams.Theshiftinstrategyanddailyoperationswillpushmanyorganizationstolookforoutsidehelp.Clientswilllookforprovidersthatcanoperatesecurityeffectivelywhileputtingsecurityinacustomer-centriccontextandhelpinginternalsecurityteamscommunicatebetterwiththebusiness.Somewaystoidentifyleading-edgeproviders:

Managed Security Services in the OneOffice Context

■ Mappingspecificservicesintothebiggerpicture.Youaren’tgoingtogooutandaskfor“OneOfficesecurity”or“digitaltrust.”You’remorelikelytoaskaproviderforthreatintelligenceservicesorapplicationsecurityservices.However,focusingonthosepointsolutionswillsuboptimizeyourefforts.Leadingprovidersarebridgingthegapbyshowingprospectiveclientshowthesepointsolutionsfitintobroadereffortsandsupportoverallsecurityprograms.

■ Demonstratedpassionforlearningandinnovation.Everyprovidersaysit’sinnovativeandhasapproachestostaycurrentindynamicenvironments.Butweallknowthatoncecostpressurehitsandnegotiationsbegintodrag,it’seasytoletgoofbigpictureidealslikeinnovationtofocusondailynitpickydetails.Leadingproviderswillbeabletoshowyoutheirchangemanagementprocesses,designthinkingcapabilities,andreferencesfromlong-termclientsthatdetailhowtheproviderbringsinnovationandchangeintotheengagement.

■ Commitmenttobusinessstakeholders.Securityisverytechnical,andsmartproviderscanshowyouhowtheyavoidthejargonandunnecessarydetailstotellasecuritystorythatseniorexecutiveswillunderstandandvalue.Someverystrategicproviderscanhelpyoubuildaninvestmentandreturnmodelthatyou’llbeabletousetojustifyspendandgaincredibilitywithbusinessowners.

Research Methodology


Research MethodologyDataSummaryn DatawascollectedinQ42017 andQ12017,from

buyersandserviceprovidersofManagedSecurityServices

ParticipatingServiceProviders

§ TalesfromtheTrenches:Interviewswithbuyerswhohaveevaluatedserviceprovidersandexperiencedtheirservices.Somecontactswereprovidedbyserviceproviders,andotherswereinterviewsconductedwithHfSExecutiveCouncilmembersandparticipantsinourextensivemarketresearch.

§ Sell-SideExecutiveBriefings:Structureddiscussionswithserviceprovidersregardingtheirvision,strategy,capability,andexamplesofinnovationandexecution.

§ PubliclyAvailableInformation:Thoughtleadership,investoranalystmaterials,websiteinformation,presentationsgivenbyseniorexecutives,industryevents,etc.

ThisReportIsBasedOn:


HfS Blueprint Scoring for Managed Security Services 2017EXECUTION 100%Scopeofservicesacrossthevaluechain 25%

Depthandqualityofservices(includinggeographiccoverage) 25%

Automationandanalyticsembeddedincurrentengagements 20%

Pricingflexibility 10%

Clientreferences (numbergiven,numberresponding,satisfactionofrespondents) 20%

INNOVATION 100%Visionforsecuritywithintheenterprise 20%

Industryexpertisebeingusedtoaddcontextandvaluebeyondstandards 20%

Predictiveanalyticsandremediation 20%

Talentstrategy 15%

Differentiatedthoughtleadership 25%

©2017HfSResearchLtd©2017HfSResearchLtd.ExcerptforCapgemini Proprietary│Page22

Execution Definitions

EXECUTION Howwelldoestheserviceproviderexecuteonitscontractualagreement,andhowwelldoestheprovidermanagetheclient/providerrelationship?

Scopeofservices Acrossthevaluechainofservices weincludedintheevaluation,howmanydoestheprovideroffer?(Seetheofferingsgridintheproviderprofilesectionforspecificsofeachprovider.)

Depthandqualityofservices(includinggeographiccoverage)

How welldoestheproviderdelivertheservicesitoffers?Doestheproviderhavedeepofferingsdeliveredwithhighquality?Doestheproviderofferglobalcapabilitiesinitsofferings?

Automationandanalyticsembeddedincurrentengagements

Towhatextent doestheproviderincludeautomationaspartofitsservicedelivery?Arethesecapabilitiesembeddedinengagementsautomatically,ormusttheclientaskexplicitlyforthem?

Pricingflexibility Doestheprovideroffermultipleengagementpricingmodels,suchasfixedprice, outcome-based,etc.,basedonclientneedsandscope/requirements?

Clientreferences (numbergiven,numberresponding,satisfactionofrespondents)

Howmanyclient referencesdidtheprovideroffer?Howresponsivewerethosereferences?Howmanywereweabletointerviewintheresearchcycle?Howsatisfiedwerethereferenceswithservicedelivery,accountmanagement,innovation,automation,andanalytics,amongothercriteria?


Innovation Definitions

INNOVATION Innovationisthecombinationofimprovingservicesandbusinessoutcomes.

Visionforsecuritywithintheenterprise

Doestheproviderofferavisionforsecurity’srolewithintheenterprisethat’s compelling,showsbusinessvalue,anddemonstratesanunderstandingofissuesfacingclients’organizations?

Industryexpertisebeingusedtoaddcontextandvaluebeyondstandards

Doestheproviderdemonstrate industry-specificunderstandingofsecurityregulationsandclientsecuritypostures?Doestheproviderofferindustry-basedbusinessinsightandplacesecurityinthecontextofbusinessimpactbasedonindustryknowledge?

Predictiveanalyticsandremediation

What istheprovider’sstrategyforincorporatingpredictiveanalyticsintoclientengagementstohelpclientsbecomemorestrategicaboutdiscoveringandremediatingthreats?Whatinvestmentsistheprovidermakinginpredictiveanalytics?

Talentstrategy Whatistheproviderdoingtoensureitwinsthewar fortalent?Howistheprovideradaptingitstraininganddevelopmenttobringinawiderpooloftalentandretainhigh-valueemployees?

Differentiatedthoughtleadership How istheproviderdifferentiatingitselfinthemarket?Whatintellectualpropertyistheproviderdevelopingthatsetsitapartfromotherproviders?Whatvaluedoesthisthoughtleadershipaddtothesecurityindustryoverall?


Maturity of OneOffice Vision Within Managed Security Services Inadditiontotheformalcriteriaweusedduringtheevaluation,wealsonotedhowmaturewebelieveeachprovider’sManagedSecurityServicesmapintotheHfSvisionforsecurityinOneOfficeoperations.Weratedprovidersasstrong,medium,orweakonthethreemaindimensions.

SecurityforOneOfficeOperations

OneOffice


Digital Trust

GradingScale

Strong Medium Weak

Service Provider Grid


TodistinguishserviceprovidersthatshowcompetitivedifferentiationinaparticularlineofdeliverywithprogressinrealizingtheAs-a-ServiceEconomyofbusinessoutcome–oriented,on-demandtalentandtechnologyservices,HfSawardstheseprovidersthe“As-a-ServiceWinner’sCircle”designation.

EXECUTION INNOVATION

As-a-ServiceWinner’s Circleshowexcellencerecognizedbyclientsinthe8Idealsin executionandinnovation

Collaborativerelationshipswithclients,servicesexecutedwithacombinationoftalentandtechnology asappropriate,andflexiblearrangements.

Articulatevisionanda“newwayofthinking,”haverecognizableinvestmentsinfuturecapabilities,strongclientfeedback,and aredrivingnewinsights andmodels.

HighPerformersdemonstratestrongcapabilitiesbutlackaninnovativevisionormomentuminexecutionofthevision

Executesomeofthefollowingareaswithexcellence:worthwhilerelationshipswithclients,servicesexecutedwith“greenlights,”andflexibilitywhenmeetingclients’needs.

Typically, describeavisionandplanstoinvestinfuturecapabilitiesandpartnershipsforAs-a-Service,andillustratean abilitytoleveragedigitaltechnologiesand/ordevelop newinsightswithclients.

High Potentialsdemonstratevisionandstrategybuthaveyettogainmomentuminexecutionofit

Earlyresultsandproof pointsfromexamplesinnewserviceareasorinnovativeservicemodels,butlackscale,broadimpact,andmomentuminthecapabilityunderreview.

Well-plotted strategyandthoughtleadership,showcaseduseofnewertechnologiesand/orroadmap,andtalentdevelopmentplans.

ExecutionPowerhousesdemonstratesolid,reliableexecutionbuthaveyettoshowsignificantinnovationorvision

Evidence ofoperationalexcellence;however,stillmoreofadirectiveengagementbetweenaserviceprovideranditsclients.

Lack ofevidentvisionandinvestmentinfuture-orientedcapability,suchasskillsdevelopment,“intelligentoperations,”ordigitaltechnologies.

Guide to the Blueprint Grid


HfS Blueprint Grid: Managed Security Services 2017INNOVA

TION

EXECUTION

ExcellentatInnovationandExecutionInvestinginInnovationtoChange

BuildingAllCapabilities ExecutionIsAheadofInnovation

AS-A-SERVICEWINNER’SCIRCLE

EXECUTIONPOWERHOUSES

HIGHPOTENTIALS

HIGHPERFORMERS

Accenture

IBM

EYUnisys

Luxoft

WiproSecureWorks

TechMahindra

CSSCorpTCS

InfosysCognizant

Capgemini


Major Service Provider Dynamics – HighlightsEXECUTION

• ScopeofServices:Weevaluated21services(seethechartintheServiceProviderProfilessection).Accenture,Capgemini,Infosys,TCS,andWipro hadthemostcompleteportfolios.Physicalsecurityandvirtualdesktopswerethetwoservicesmorelikelytobemissingfromproviderofferings.

• DepthandQualityofServices:Accenture,Unisys,Wipro,andInfosys alldemonstratedgoodreferenceshere.Luxoft alsodemonstratedgooddepthwithclientreferencesintheprovider’snarrowerportfolio.

• AutomationandAnalyticsEmbeddedinCurrentEngagements:Allprovidersofferdataanalyticsasanoffering,andourresearchshowsit’scriticaltohavingasuccessfulprogram.SecureWorks’Counterthreatplatformisanexampleofanalyticsusedindailyclientengagements.Cognizant andInfosys alsodemonstratedstronginvestments.Automation,althoughlessproductizedthananalytics,alsoisshowingupinengagements.TechMahindraandCSSCorpshowedspecificwaystheyareautomatingthreatdetectionandquarantinetechniques.

• PricingFlexibility:CCSCorpandCapgemini offertieredservicesoptionstofitmultipleclientneedsandpricingstructures.Infosys alsoofferedavarietyofpricingoptions,includingfixed,outcome-based,andhybrid.

• ClientReferences: Luxoft’sclientmentionedtheprovider’sworkbeingpraisedbyexternalauditors.Accentureand EYwerepraisedfortheirbusinessacumeninadditiontosecurity.

INNOVATION

• VisionforSecurityintheEnterprise:Unisysexplainssecurityastooltoensureacompany’sgrowth.Luxoftexplicitlyworkswithclientstoshowhowsecurityhasanimpactonclients’customers.Thesearewaysprovidershelpstakeholdersunderstandtheimportanceofsecurity.Severalprovidersalsodevelopedpointsofviewonsharedresponsibilitiesamongtradingpartners,typicallydescribedasexpandingsecuritybeyondtheperimeter.

• IndustryExpertiseBeingUsedtoAddContextandValueBeyondStandards:Accenturehasbeenfocusingheavilyonintegratingavertical-industrybusinessstorywithitssecuritypracticetoincreasetherelevanceofitsofferings.Unisysalsodevelopedindustrypointsofviewbeyondindustry-specificregulatorystandards.EY alsoinvestshere.

• PredictiveAnalyticsandRemediation:Alloftheprovidersaredevelopingfurtherpredictiveanalyticscapabilities,withAccenture andSecureWorksshowingspecifictechniquesthatarealreadycomingtofruition.

• TalentStrategy:Mostprovidershavewell-developedtalentstrategies,althoughUnisys didagoodjobofexplainingthatitalsorecruitswithitsvisionofsecurity’sroleintheworld,notjustontraditionalhiringtactics.

• DifferentiatedThoughtLeadership:Wipro’s outlineofaclearvisionforsecurityasacustomer-experiencecomponentandAccenture’s focusondataethicsasthenextstepinsecuritybestpracticeswereparticularlyunique.

Service Provider Profile


Managed Security Services Offerings (green means offered)

BehavioralTracking

Clou

d-basedSecurity

DataAnalyticsforSecurity

DataAno

nymiza

tion

DataIntegrity

and

DLP

Encryptio

n

Firewalls

Iden

tity&AccessM

anagem

ent

Incide

ntRespo

nse

IoTsecuritymanagem

ent

Mob

ileApp

licationSecurity

Accenture

Capgemini

Cognizant

CSSCorp.

EY

Luxoft

IBM*

Infosys

SecureWorks

TCS

TechMahindra

Unisys

Wipro

*IBMdidnotparticipateintheblueprintresearchprocess.HfS usedpublicinformation,insightsfromotherproviderreferences,andourownassessmentofthefirm’sperformance.


Managed Security Services Offerings, Continued (green means offered)

PhysicalSecurity

(Access

Control,Ge

olocation

Awaren

ess)

SecurityArchite

cture&

Planning

SecurityTo

olsU

tilizing

Autono

mics&

RPA

SecurityTo

olsU

tilizing

Cognitive/AI

Segm

entatio

n/Micro-

segm

entatio

n

Threat/B

reachDe

tection

UserEdu

catio

n/Awaren

ess

Campaigns

VirtualD

esktop

s

VPNs

VulnerabilityAssessm

ent

Accenture

Capgemini

Cognizant

CSSCorp.

EY

Luxoft

IBM*

Infosys

SecureWorks

TCS

TechMahindra

Unisys

Wipro

*IBMdidnotparticipateintheblueprintresearchprocess.HfS usedpublicinformation,insightsfromotherproviderreferences,andourownassessmentofthefirm’sperformance.


Capgemini

RelevantAcquisitions/Partnerships ClientProfile ServiceDeliveryOperations ProprietaryTechnologies

Acquisitions:• Euriware (2014)Partnerships:• SIEM:IBM,Huntsman• APP:HPE• Database:Oracle,IBM• Encryption:Gemalto• Endpoint:TrendMicro• Firewall:Fortinet,PaloAlto• Vulnerabilitymanagement:NessusandQualys• Malwareanalysis:FireEye• IAM:RSA,ForgerockandCyberArk• CloudAccess• SecurityBroker:Microsoft• SOC:RSA,IBM

Morethan100MSSclients,including:• RenaultGroup• Alstomlink• Areva• FrenchBank• CréditAgricoleS.A.• Publicsectoragencies• Multipleglobalfinancialinstitutions• Globalprofessionalservicesfirm• LargerEuropeaninsurer• LargeUS-basedcruiseline• AGermanRetailer• AGermanUtilitycompany• UK-basedEnergycompany• Majorinvestmentbank• AnAustralianoilcompany

• TotalMSSEmployees:~3000

• DeliveryPersonnelinSOCs:~600

Deliveryfrom10SOCsin:• Indianapolis• Inverness• Derby• Luxembourg• Toulouse• Brussels• Asturias• Mumbai(2)• Bengaluru

• Capgeminipreferstouseexistingtechnologies,regularlyreviewingthemarkettoensurethemostrelevantsolutionsforclients

Capgemini’smulti-tieredSOCstrategyisadifferentiatorinthismarket

Strengths Challenges

• Integrationofsecurityintobroaderinfrastructureservices:Capgeminihasmanysecurityengagementsembeddedinlargercontracts,allowingthefirmtohavebroadervisibilityintopotentialthreatsandknowledgeofpotentialpreferredremediationsteps.

• Securitybeyondtheperimeter:Theprovider’sviewofsecurityistechnical,withastrongunderstandingofhowtraditionalapproachesto“protecttheperimeter”arelesseffectiveinconnectedenvironments.

• Productizedmulti-tieredSOCdeliveryandservicemodels:CapgeminihasproductizedeasytounderstandBronze-,Silver-,orGold-tieredSOCmodels,dependentonclients’servicerequirementsandbudget.

• Missingthebroaderbusinesscontext(andclientaudience):CapgeminitendstohaveitsaudienceinITsecurityandatlowerlevelsthantheCIOorCISO.Thecompanyneedstomoveitsmessagingtoamorebusiness-orientedstorytoresonatemorestronglywithseniorexecutives.

• Lackofuniquebusinessdifferentiator:Capgemini’sofferingissolid;thecompanyisintheWinner’sCircle.Butitlackssomethinguniqueordifferentenoughinitsbusinessstorycomparedtocompetitors.Thefirmneedstospendmoretimethinkingabouthowitssecurityofferingfitsintothebiggerbusinesspictureandpresentingavisionforsecuritythatprospectiveclientscandistinguishfromtheotherofferingsavailable.

BlueprintLeadingHighlights

• Scopeofservices• Pricingflexibility

Alignment with OneOffice

OneOffice


DigitalTrust

As-a-Service Winner’s Circle

Buyer and Provider Recommendations


Buyer Recommendations: Sourcing Managed Security Services

Keyactionsandconsiderationsmovingforward

n Askmanyquestionsaboutautomation.Inwhatcontextwilltheprovideruseautomation,e.g.,formonitoring,laboraugmentation?Willtheautomationbeapplieddirectlyatthebeginningoracrossthespanoftheengagement?

n Spendalotoftimeonthedetailsofhowtheproviderwillensureyoustayprotectedasyoursecurityposturechanges.Thismayincluderegular,formalre-assessments.Itshoulddefinitelyincludeclearstepsontheprovider’sparttoalertyouofnewthreats.Getintodetailssuchas,Doyouflagnewthreatsafterthefirstevidence,ordoyouwaitforapatterntoemergebeforenotifying?Howdoyoudefinenewthreatscomparedtoexistingthreatsthatmayjusthaveevolved?

n Focusrelentlesslyonremediation.Monitoringissimple.Takingactiononincidentsisn’t.Andyourpossibleactionsareoftendeterminedbywhenthethreatisdetectedandhowmuchtimeyouhavetorespond.Youalsoneedtounderstandhowmuchadviceyourproviderwillgiveinremediation.Isitgeneralbestpractices?Specificadvicebasedonyourenvironment?Somecombination?

n Evaluatepredictiveanalytics.Mostoftheprovidersweevaluatedusedanalyticstoprovidekeyprocessimprovementslikereducingthenumberoffalsepositivesandfindinginternalemployeebehaviorchangesfaster.However,ifyou’relookingtogetaheadofthecurveandimplementpredictiveanalytics,makesureyouhaveseveraldeepandcriticalconversationsaboutwhenandhowyoumighttakeactiononthreatsthatappearlikelytohappenbuthaven’thappenedyet.


Buyer Recommendations: Sourcing Managed Security Services, Continued


n Reviewdataintegrityresponsibilities.Protectingdataisonlypartofthestory.Securityalgorithmsandpredictiveanalyticscan’thelpifyouhaven’tfocusedondataquality.Theaccuracyandintegrityofdataareasimportantasthestepsyoutaketoprotectdata.Makedataintegrityakeydiscussionpointduringnegotiations.Evenifit’soutofscope,it’simportanttoknowtheprovider’sviewonitsroleinthisimportantactivity.

n Consideralternativepricingoptions.Although providersdidn’toffermanyexamplesofoutcome-basedpricing,it’sclearthatthemarketismovinginthatdirection.Asyoulookforbusiness-basedsecurityservices,don’tforgettomatchyourpricingmodeltoyourgoals.Forexample,althoughflat-feemanagedservicesmaysoundpracticalandattractive,theymayincentyourprovidertomaintainthestatusquoratherthaninnovatingonyourbehalf.

n Askhowtheprovidercanhelpyoutalktobusinessstakeholders.Thislikelywillbebeyondthecapabilitiesofyourdailyteam.Soyou’llneedtoensurethatyouhaveaccesstoseniorsecurityexpertsintheproviderorganizationthatcanhelpyouprepareboardpresentations,createbusinesscasesfornewsecurityinvestment,andeducatenon-technicalstakeholdersontheirroleinprotectingthecompany’sassets.


Buyer Recommendations: Ensuring Your Engagement Keeps Up with the Changing Threat Environment


n First,monitornewsandtrendsinsecurityandthreatintelligence. Don’twaitforyourprovidertoflagnewthreattypestoyou.Yes,asmentionedabove,youwantyourprovidertoproactivelyalertyoutopotentialnewthreats.Butdon’tletthatstopyoufromprotectingyourself.Youstillneedownershipofyoursecurityinsights.

n Beproactiveinaskingquestionsaboutchangesandnewthreats. Sometimes,evenaquickemailaskingtheprovideraboutanewransomwaretechniquethatyoureadaboutwillspurdiscussionaboutmakingchangestotheservicescopeorapproach.

n Includesecuritymarketchangesandnewsaspartofmonthlymeetings.Makeitanagendaitemtodiscusswhat’shappeninginthemarket.Andbuildintotheprovider’smindsetnottowaitfortheregularmeetingstobringupnewevents.

n Expandthescopeofyourengagementtoincluderegularsecurityposturere-assessments. Thiscandependonyourindustryandotherfactors,butitmightbequarterly,semi-annual,orannual.

n Includeanewengagementmetricontheprovider’sabilitytofindandaddressnewthreats.Theprovider’sabilitytokeepyourdataandorganizationprotectedfromthreatsevenasthosethreatschangeneedstobepartoftheprovider’ssuccessmetricsifitisn’talready.


Provider Recommendations


n Helpsecuritybuyerswinovertheirbusinessstakeholders. Yourdirectbuyersmaybetechnicalanddeeplyknowledgeableaboutsecurity,buttheircolleaguesarenot.Helpyourbuyersbesuccessfulbygivingtheminsightsintosecuritythreatsandthepotentialimpactthatareanchoredintheirorganizations’businesscontext.Whenyourbuyerstellthesecuritystoryinbusinesslanguage,they’llbebetterabletogetbuy-inandfundappropriatenewefforts.

n Makeyourautomationmessagingstrongerandclearer. Automatingsecurityhasclearbenefitsforyouandyourclients– fewerfalsepositives,fasterdetectionofnewthreats,andbetterremediationresults,amongothers.Andgiventhetalentshortageinsecurity,makingthedailyjobsofsecuritystafflesstediousishighonorganizations’listsoftodo’s.Butdon’tassumeprospectiveclientsknowyourautomationapproach.Tellclientsupfrontyourstrategytoautomatesecurityandhowthatstrategywillgetdemonstratedduringanengagement.

n Rethinktalentstrategytocastawidernet. There’snoevidencethatthesecuritytalentwarswillgetlessintenseinthenextfewyears.It’simportanttobreakoutofstandardbestpracticesandthinkmoreabouthowtobringinnontraditionaltalent.Whatwouldittaketobringinsociologymajorsandtrainthem,asanexample?Whataboutothernon-technicalrolesthatmighthavesomeaffinityforsecuritywork?Workwithyourinternaltalentteamstoredesignhiringandretentiontofocusonhowtosuccessfullybringinnewtypesofpeoplesoyou’renotalwaysfightingforthesamepeopleasyourcompetitors.


Provider Recommendations, Continued


n Collaboratemoreproactivelywithclientsonemergingthreats. Toofewoftheprovidersevaluatedhaveclear,step-by-stepprocessestomakesuretheystaycurrentwithclients’changingsecuritypostures.Andkeepinmindthatyoumayhavetotaketheleadinhelpingtheclientknowthatitssecurityposturechanged.Createbetterapproachesforevolvingengagementscopetokeepupwithchangesandtheneducateclientsonthoseapproaches.

n Spendmoretimeansweringthedifferentiationissue.Ontheonehand,ManagedSecurityServicescanseemcommoditized.Butthat’strueonlyifyoudon’tclearlyarticulatewhatmakesyoudifferent.Andit’softennotatechnicalcapabilityordeliverymethodologythatwillshowprospectiveclientswhatmakesyourofferingunique.Youneedtospendmoretimetellingprospectsyourvisionforsecurityintheenterprise,howsecuritydonewellchangestheclient’sbusiness,andwhatkindsofsecurityinnovationsyou’reinvestinginoverthenextfewyears.

About The Author


Christine Ferrusi RossResearchVicePresident,Security,andBlockchain,HfSResearch– MA,UnitedStates

Overview• ChristineFerrusi Rossfocusesonhelpingfirmssolvecomplexclientproblemsbydevelopingnew

serviceofferingsandproductstomeetnewmarketdemands.She’scurrentlyfocusedonbuildingHfS’ practicesinblockchain andsecurity.

• ChristineisaveteranoftheITservicesindustryandtheanalystcommunity.Shepioneeredsomeoftheindustry’sfirstresearchintovendormanagementandsupplierrisk,aswellasbuildingblockbustersourcingconferencesandpeercommunities.Christinehashelpedsomeofthelargestcompaniesintheworldoperationalizetheirsourcingstrategiesandsupplierriskefforts.

• Fromadomainperspective,Christine’spassionateabouthowblockchain willchangeeconomies,businessmodels,andsupplychains.She’salsofocusedonelevatingsecurityfromasiloedtechnologydiscussiontoabusinessconversationthatspansenterprises.Shealsostayscurrentonsupplierandsupplychainrisk,InternetofThings,democratizingbigdata,andanalytics.

• She’sbeenquotedintheWallStreetJournal,onCNBC,andothernationalmediaregardingITservices,vendormanagement,supplierrisk,outsourcing,andglobalization.

Previous Experience• ChristineledproductstrategyatNeoGroup,focusingonthecompany’ssupplierriskproduct

beforecomingtoHfS.PriortoNeoGroup,ChristinehadseveralseniorrolesatForresterResearch,whereshecreatedtheSourcing&VendorManagementpractice,aswellasleadingthecompany’swidelypraisedSourcingpeercouncil.

Education• ChristineholdsadualdegreefromBostonUniversity:aBAinInternationalRelationsandaBSin

MassCommunications.

[email protected]

@ferrusi


About HfS ResearchHfS ResearchisTheServicesResearchCompany™—theleadinganalystauthorityandglobalcommunityforbusinessoperationsandITservices.Thefirmhelpsorganizationsvalidateandimprovetheirglobaloperationswithworld-classresearch,benchmarkingandpeernetworking. HfS Researchwasnamed"IndependentAnalystFirmoftheYearfor2016"bytheInstituteofIndustryAnalystRelationswhichvotedon170otherleadinganalysts.HfS ChiefAnalyst,PhilFersht,wasnamedAnalystoftheYearin2016forthethirdtime.

HfS coinedtheterms"TheAs-a-ServiceEconomy"and"OneOffice™",whichdescribeHfS Research'svisionforthefutureofglobaloperationsandtheimpactofcognitiveautomationanddigitaltechnologies.HfS' visioniscenteredoncreatingthedigitalcustomerexperienceandanintelligent,singleofficetoenableandsupportit.HfS’ coremissionisabouthelpingclientsachieveanintegratedsupportoperationthathasthedigitalprowesstoenableitsorganizationtomeetcustomerdemand- asandwhenthatdemandhappens.WithspecificpracticeareasfocusedontheDigitizationofbusinessprocessesandDesignThinking,IntelligentAutomationandOutsourcing,HfS analystsapplyindustryknowledgeinhealthcare,lifesciences,retail,manufacturing,energy,utilities,telecommunicationsandfinancialservicestoformarealviewpointofthefutureofbusinessoperations.

HfS facilitatesathrivinganddynamicglobalcommunitywhichcontributestoitsresearchandstagesseveralOneOffice™Summits eachyear,bringingtogetherseniorservicebuyers,advisors,providersandtechnologysuppliersinanintimateforumtodevelopcollectiverecommendationsfortheindustryandadddepthtothefirm’sresearchpublicationsandanalystofferings.

Nowinitstenthyearofpublication,HfS Research’sacclaimedblogHorsesforSources isthemostwidelyreadandtrusteddestinationforunfetteredcollectiveinsight,researchandopendebateaboutsourcingindustryissuesanddevelopments.

HfS wasnamedAnalystFirmoftheYearfor2016,alongsideGartnerandForrester,byleadinganalystobserverInfluencerRelations.

HfS Research Blueprint Report - Capgemini€¦ · HfS Research Blueprint Report Managed Security Services Excerpt for Capgemini ... clients now expect stronger industry knowledge

Documents