-
Forrester Research, Inc., 60 Acorn Park Drive, cambridge, MA
02140 USA
Tel: +1 617.613.6000 | Fax: +1 617.613.5000 |
www.forrester.com
The Forrester Wave: Managed Security Services: North America, Q1
2012by Ed Ferrara, March 26, 2012
FOR: Security & Risk Professionals
key TakeaWays
Mssps dont simply Cut Costs, They Can enhance your security
CapabilitiesTodays economic environment and mutating threat
landscape are forcing CISOs to consider alternatives to simply
insourcing information security. MSSPs leverage impressive
economies of scale to off er clients an enhanced security
environment, cost-eff ective security, and a scalable and fl exible
security platform capable of handling future expansion.
The Mssp Market grows at Rapid pace as Cisos Look For Trusted
partnersTh e MSS market is growing rapidly because more CISOs see
MSS as a way to address top operational challenges. Forrester
estimates growth in this space to be between 30% and 40% per year.
Th is market growth is in large part due to the fact that CISOs
increasingly trust MSSPs to advise them in top security decisions
and act as strategic partners.
Threat intelligence and event Correlation are key
differentiatorsAs signature-based technology becomes less eff
ective against security threats, improved behavioral and
heuristic-based detection techniques will dictate which providers
are ahead of the pack. MSSPs that collect large data sets across
their client base and advanced analytics position themselves to
provide more proactive threat intelligence.
-
2012, Forrester Research, Inc. All rights reserved. Unauthorized
reproduction is strictly prohibited. Information is based on best
available resources. Opinions reflect judgment at the time and are
subject to change. Forrester, Technographics, Forrester Wave,
RoleView, TechRadar, and Total Economic Impact are trademarks of
Forrester Research, Inc. All other trademarks are the property of
their respective companies. To purchase reprints of this document,
please email [email protected]. For additional
information, go to www.forrester.com.
FOR SEcURITy & RISk PROFESSIOnAlS
Why Read This RepoRT
In Forresters 60-criteria evaluation of the North American
managed security services market, we identified the nine
significant service providers in this category AT&T, CSC, Dell
SecureWorks, HP, IBM, Symantec, Trustwave, Verizon, and Wipro and
researched, analyzed, and scored them. This report details our
findings about how each service provider measures up and plots
where they stand in relation to each other, to help security and
risk (S&R) professionals select the right partner for their
managed security services.
Table Of contents
Cisos Need support From Third parties
The Market Landscape
Managed security services: North america evaluation overview
Evaluation Focused On Breadth Of capabilities, Flexibility, And
customer Satisfaction
Evaluated Vendors Offer A Full Suite Of Managed Security
Services
evaluation analysis
Vendor profiles
leaders
Strong Performers
supplemental Material
notes & Resources
Forrester conducted services evaluations in October 2011 and
interviewed nine MSSPs: AT&T, cSc, Dell SecureWorks,
Hewlett-Packard, IBM, Symantec, Trustwave, Verizon, and Wipro.
Related Research Documents
navigate The Future Of The Security OrganizationFebruary 14,
2012
2012 Budget And Planning Guide For cISOsDecember 15, 2011
Updated Q4 2011: The new Threat landscape Proceed With
cautionnovember 1, 2011
The Forrester Wave: Managed Security Services, Q3 2010August 4,
2010
The Forrester Wave: Managed security services: North america, Q1
2012The nine Service Providers That Matter Most And How They Stack
Upby Ed Ferrarawith nicholas Hayes and Stephanie Balaouras
2
3
4
6
8
10
MARcH 26, 2012
-
FOR SEcURITy & RISk PROFESSIOnAlS
The Forrester Wave: Managed Security Services: north America, Q1
2012 2
2012, Forrester Research, Inc. Reproduction Prohibited March 26,
2012
Cisos Need suppoRT FRoM ThiRd paRTies
Information security is changing as a discipline. Security is no
longer that critical function that must remain in-house. Just a
year and a half ago Forrester reported that only one in four
security organizations outsourced their email filtering.1 Today,
more than half of security organizations outsource email
filtering.2 An increasing number of CISOs now view security
outsourcing as a viable method for reducing costs and improving
their security capabilities. And with security budgets stagnant and
business alignment a top priority for the CISO, MSS adoption is
rising rapidly.3 Forrester estimates growth in this space to be
between 30% and 40% per year.
Cost management is certainly one factor contributing to the fast
adoption of managed security services (MSS), but more importantly,
security organizations need the bandwidth and talent that top MSS
providers (MSSPs) can offer. Large corporations susceptible to
significant cyberrisks and compliance requirements need to enhance
and invest in information security. With information security
budgets static, the need to look to third parties to provide
quality security services and drive economies of scale will shape
security purchasing decisions during the next two to three years.
Forrester sees the high growth in MSS occurring for three primary
reasons:
MSSPs offer better resources, scalability, and talent all for a
cheaper price. Business and technical alignment are important
factors for the selection of an MSSP. CISOs looking to security
services cite cost reduction as a top factor, with 62% of CISOs
listing this as an important or very important reason.4 Yet, while
cost is a top issue and may be the initial catalyst for CISOs to
seek the help of an MSSP, other more important issues, such as
flexibility, expertise, and advanced technology, quickly enter the
conversation. Leveraging impressive economies of scale, MSSPs can
offer better returns on investment for CISOs in a number of areas
and can ultimately offer an enhanced, more secure IT
environment.
CISOs want trusted, strategic partners. Information security is
an activity built on trust. MSSPs that understand this develop
strong supporting partnerships with their clients and help them
overcome their biggest security challenges. As one CEO of a
technology product company explained: When I switched vendors, I
was looking for a vendor in it for the long haul; one that would
work with me over time. In return, MSSPs see strong endorsements
from their clients and better contract renewal rates. Forrester
believes that the relationship between CISOs and MSSPs will
continue to deepen. As the MSSP demonstrates competency and even
proficiency in certain areas, the partnership will quickly develop
from an ad hoc relationship to a fully managed security IT
environment (see Figure 1).
Advanced technologies, such as threat intelligence and
correlation, drive future demand. Threat intelligence and
correlation are not necessarily new ideas for CISOs. What is new is
sophistication of new threat intelligence technology to detect
intrusions. With a rapidly changing threat landscape and advanced
persistent threats (APTs) now the norm, CISOs need solutions
capable of detecting suspicious activity and need to receive alerts
in near real time.5
-
FOR SEcURITy & RISk PROFESSIOnAlS
The Forrester Wave: Managed Security Services: north America, Q1
2012 3
2012, Forrester Research, Inc. Reproduction Prohibited March 26,
2012
MSSPs providing this capability will offer a level of protection
that many security organizations desperately want and need. While
not all MSSPs will be able to do this with the same level of
success, Forrester believes those MSSPs that get this right will
have a huge advantage in the market during the next two to five
years.
The MaRkeT LaNdsCape
The MSSP market is divided into two major groups. The first
group is the large enterprise class providers. These are MSSPs that
offer multiple security operations centers (SOCs) in multiple
geographies. These firms also have from 100 to more than 1,500
engineers and from one to seven SOCs. The second group are the
midsize MSSPs that serve similar size companies, although some of
these MSSPs have some very large marquee clients. These companies
have from 25 to 150 engineers and usually one or two SOCs.
The focus of this Forrester Wave is the large enterprise
providers that serve the North American market. MSS revenue for
these providers ranges from an estimated $60 million to more than
$500 million. Some of these providers are divisions of much larger
companies, with corporate revenue estimated to be between $60
million and $130 billion.
Figure 1 MSSPs Try To Become Trusted Partners To Their
Clients
Source: Forrester Research, Inc.57682
Level of strategicpartnership
Fully managedsecurity/IT environment
Network securityservices
Security servicesbundle
Ad hoc securityservices
-
FOR SEcURITy & RISk PROFESSIOnAlS
The Forrester Wave: Managed Security Services: north America, Q1
2012 4
2012, Forrester Research, Inc. Reproduction Prohibited March 26,
2012
MaNaged seCuRiTy seRViCes: NoRTh aMeRiCa eVaLuaTioN oVeRVieW
To assess the state of the North American managed security
services market and see how the vendors stack up against each
other, Forrester evaluated the strengths and weaknesses of top
MSSPs with a substantial client base in the North American
region.
evaluation Focused on Breadth of Capabilities, Flexibility, and
Customer satisfaction
After examining past research, user need assessments, and vendor
and expert interviews, we developed a comprehensive set of
evaluation criteria. We evaluated vendors against 60 criteria,
which we grouped into three high-level categories:
Current offering. Each vendors position on the vertical axis of
the Forrester Wave graphic indicates the strength of its current
MSS product offering. The sets of capabilities evaluated in this
category are: value proposition, customer satisfaction, delivery
capabilities, cloud and hosted services, infrastructure and
perimeter, value-added services, content and application security,
and staff dedicated to MSS.
Strategy. A vendors position on the horizontal axis indicates
the strength of its MSS strategy, specifically focused on
innovation and thought leadership, and company growth plans.
Market presence. The size of the vendors bubble on the chart
indicates its market presence, which Forrester measured based on
the companys overall presence in the marketplace, its North
American market presence, and its overall and MSS-specific
financials.
evaluated Vendors offer a Full suite of Managed security
services
Forrester included nine vendors in the assessment: AT&T,
CSC, Dell SecureWorks, Hewlett-Packard, IBM, Symantec, Trustwave,
Verizon, and Wipro. Each of these vendors has (see Figure 2):
A complete suite of managed security services. We looked for
providers that offered a complete suite of managed security
services.
A strong MSS presence in North America. A significant portion of
their managed security service revenue had to come from their
clients in North America.
Significant interest from Forrester customers. Forrester
considered the level of interest from our clients based on our
various interactions, including inquiries, advisories, and
consulting engagements.
A large number of SOCs. Forrester considered the number of SOCs
that each provider had globally.
-
FOR SEcURITy & RISk PROFESSIOnAlS
The Forrester Wave: Managed Security Services: north America, Q1
2012 5
2012, Forrester Research, Inc. Reproduction Prohibited March 26,
2012
Substantial annual MSS revenues. The annual revenue from their
total managed security services was a large part of their
business.
A high total number of locations and/or IP addresses managed.
Forrester considered the number of locations, and in some cases,
the number of IP addresses, the provider managed.
A host of dedicated SOC analysts. The provider had a sizable
number of analysts or engineers that spent at least 80% of their
time dedicated to the providers managed security services.
Figure 2 Evaluated Vendors: Vendor Information And Selection
Criteria
Source: Forrester Research, Inc.
Vendor
AT&T
CSC
Dell SecureWorks
Hewlett-Packard
IBM
Symantec
Trustwave
Verizon
Wipro
No. ofSOCs SOC locations
5
5
7
5
10
4
3
7
8
No. of largeMSS clients
(deal size $50k+)Portal
version
N/A
v3.0
N/A
v3.0
v7.64645
v5.0
N/A
v11.4
v1.3
AT&T Security Center
Pulse
Dell SecureWorks Customer Portal
HP MSSPortal.net
IBM Virtual Security Operations Center
Symantec Internet Interface (SII)
TrustKeeper
MSS Security Dashboard
Managed Security Services Customer Portal
Forrester estimate: 1,200+
Forrester estimate: 30+
Forrester estimate: 800+
Forrester estimate: 500+
Forrester estimate: 2,000+
Forrester estimate: 2,000+
Forrester estimate: 35+
Forrester estimate: 2,000+
Forrester estimate: 150+
N.J., US; N.C., US; Va., US; Bangalore, IN; MY
AU; IN; MY; UK; US
Atlanta, Ga., US; Chicago, Ill., US; Myrtle Beach, S.C., US;
Plano, Texas, US; Providence, R.I., US; Edinburgh, UK; Noida,
IN
US; UK; MY
Atlanta, Ga., US; Boulder, Colo., US; Southeld, MI., US;
Toronto, CA; Brussels, BE; Hortolandia, BR; Wroclaw, PL; Bangalore,
IN; Tokyo, JP; Brisbane, AU
Herndon, Va., US; Reading, UK; Chennai, IN; Sydney, AU
Chicago, Ill., US; Denver, Colo., US; Warsaw, PO
Ashburn, Va., US; Carey, N.C., US; Miami, Fla., US; Leuven, BE;
Luxembourg, LU; Canberra, AU; Chennai, IN
Atlanta, Ga., US; Bangalore, IN; Chennai, IN (2); Greater Noida,
IN; Mysore, IN; Pune, IN; Bucharest, RO
Portalevaluated
-
FOR SEcURITy & RISk PROFESSIOnAlS
The Forrester Wave: Managed Security Services: north America, Q1
2012 6
2012, Forrester Research, Inc. Reproduction Prohibited March 26,
2012
Figure 2 Evaluated Vendors: Vendor Information And Selection
Criteria (Cont.)
Source: Forrester Research, Inc.
Vendor selection criteria
Complete suite of managed security services. We looked for
providers that oered a complete suite of managed security
services.
Strong MSS presence in North America. A signicant portion of
their managed security service revenue had to come from their
clients in North America.
Signicant interest from Forrester customers. Forrester
considered the level of interest from our clients based on our
various interactions, including: inquiries, advisories, and
RFP.
Large number of SOCs and their location. Forrester considered
the number of SOCs providers had globally.
Substantial annual MSS revenues. The annual revenue from their
total managed security services must have been a large part of
their business.
Total number of locations and/or IP addresses managed. Forrester
considered the number of locations, and, in some cases, the number
of IP addresses the provider managed.
A host of dedicated SOC analysts. The number of analysts or
engineers that spent at least 80% of their time dedicated to the
providers managed security services.
eVaLuaTioN aNaLysis
All of the MSSPs reviewed for this research have the
capabilities to become a strategic partner for their clients;
however, some were quite simply better at execution. The Leaders
were notably close in their scoring. We interpret this to mean that
the Leaders understand equally what it means to be a successful
MSSP and execute on that vision. The Strong Performers also had
their list of strengths but did not rate as well in key areas such
as client business alignment, advanced threat intelligence, and
execution on client SLAs. In order to be a true partner, Forrester
believes strong client business alignment, forward-thinking threat
management, and excellent execution determine the ability of the
MSSP to meet current and future demands that clients will ask of
these service providers.
The evaluation uncovered a market in which (see Figure 3):
IBM, Dell SecureWorks, Symantec, Verizon, Trustwave, CSC, and
AT&T are Leaders. These vendors demonstrated both breadth and
depth in the services they offered. They offered different delivery
models and a robust set of capabilities across the board and plan
to heavily invest in their MSS offerings to make sure they remain
competitive and advance in the marketplace.
HP and Wipro are Strong Performers. The Strong Performers all
offer solid security services and are able to compete through
content expertise and price. While not all of the features they
-
FOR SEcURITy & RISk PROFESSIOnAlS
The Forrester Wave: Managed Security Services: north America, Q1
2012 7
2012, Forrester Research, Inc. Reproduction Prohibited March 26,
2012
provide are at the level of the Leaders, clients looking to
outsource and reduce their total cost of ownership should be sure
to consider both of these companies.
This evaluation of the North American managed security services
market is intended to be a starting point only. We encourage
readers to view detailed product evaluations and adapt the criteria
weightings to fit their individual needs through the Forrester Wave
Excel-based vendor comparison tool.
Figure 3 Forrester Wave: Managed Security Services: North
America, Q1 2012
Source: Forrester Research, Inc.
Go online to download
the Forrester Wave tool
for more detailed product
evaluations, feature
comparisons, and
customizable rankings.
Risky Bets Contenders Leaders
Strong Performers
Strategy Weak Strong
Currentoering
Weak
Strong
Market presence
Full vendor participation
AT&T
CSC
Dell SecureWorks
HP
IBM
Symantec
Trustwave
Verizon
Wipro
-
FOR SEcURITy & RISk PROFESSIOnAlS
The Forrester Wave: Managed Security Services: north America, Q1
2012 8
2012, Forrester Research, Inc. Reproduction Prohibited March 26,
2012
Figure 3 Forrester Wave: Managed Security Services: North
America, Q1 2012 (Cont.)
Source: Forrester Research, Inc.
AT&
T
CSC
Del
l Sec
ureW
orks
HP
IBM
Sym
ante
c
Trus
twav
e
Veriz
on
CURRENT OFFERING Value proposition Customer satisfaction
Delivery capabilities Cloud and hosted services Infrastructure and
perimeter Value-added services Content and application security Sta
dedicated to MSS
STRATEGY Innovation and thought leadership Growth plans MARKET
PRESENCE Presence in the marketplace North American market presence
Financials
3.823.003.403.653.854.004.903.504.50
3.883.754.00
4.705.004.704.40
Forr
este
rsW
eigh
ting
50%10%25%15%10%10%10%
5%15%
50%50%50%
0%20%60%20%
3.783.004.203.453.654.104.454.003.30
4.134.254.00
2.343.001.703.60
4.124.603.604.103.904.055.003.504.50
4.505.004.00
4.465.004.703.20
3.153.002.902.903.303.103.804.003.10
3.253.503.00
4.283.804.404.40
4.174.603.804.654.554.054.954.003.35
4.505.004.00
4.705.004.704.40
4.083.603.503.804.854.254.755.004.25
4.505.004.00
4.225.004.702.00
3.644.603.003.904.303.404.753.502.85
4.254.504.00
2.403.002.800.60
4.004.202.604.554.753.804.903.005.00
4.384.754.00
4.343.804.703.80
Wip
ro
3.303.002.403.703.853.352.754.504.15
2.582.252.90
2.143.001.702.60
All scores are based on a scale of 0 (weak) to 5 (strong).
VeNdoR pRoFiLes
Leaders
IBM. IBM continues its reign as a top Leader in the MSS market.
IBM assists clients at all spectrums of MSS maturity ranging from
helping security leaders make that initial pitch to upper
executives with its Total Cost of Ownership tool to advanced
analysis and correlation capabilities in near real time through its
proprietary analytic engine. IBM provides flexible delivery
capabilities and tight integration with client systems through a
well-defined set of APIs and offers a greatly improved customer
portal. Look to IBM for significant depth of technical expertise
and broad SOC coverage.
Dell SecureWorks. SecureWorks remains a top player in the very
competitive MSS market. Dell SecureWorks strongest asset is the
quality of its analysts. SecureWorks correlation and logic
-
FOR SEcURITy & RISk PROFESSIOnAlS
The Forrester Wave: Managed Security Services: north America, Q1
2012 9
2012, Forrester Research, Inc. Reproduction Prohibited March 26,
2012
engine technology, as well as its Counter Threat Unit, provide
clients with the latest emerging threats and ensure that suspicious
activity is detected and reported immediately. Customers felt
monitoring services were excellent; however, they identified a dip
in customer support after the Dell acquisition. Dell is investing
in the business, and in the right areas, to ensure it offers
top-tier security services.
Symantec. Symantec remains a key player in the MSS market,
offering excellent capabilities, especially in the fields of
content and application security. Customers identified Symantecs
customer-centric focus and correlation features as positive
attributes; they pointed to better communication between top
management and line management as areas of improvement. Customers
seeking strong technical expertise, solid correlation capabilities,
and flexible product offerings should look closely at Symantec.
Verizon. Verizon is a top telecommunications provider with a
very large North American presence, with more than 2,000 unique
clients in the region. Verizon emphasizes the business value and
cost-controlling aspects that it delivers through managed security
services and helps clients allocate resources to the most critical
assets through its enhanced risk-based correlation engine. Verizon
employs one of the largest security teams in the market with an
aggressive recruiting strategy. Companies searching for a full host
of services with a focus on cost should strongly consider
Verizon.
Trustwave. Trustwave is one of the lesser-known MSSPs in this
Forrester Wave. The company continues to improve its services to
remain a strong competitor in this market. Trustwave leverages its
PCI expertise and strong monitoring capabilities to attract larger,
enterprise customers. Trustwave has had some growing pains,
however, especially in the areas of onboarding, but it has one of
the best customer retention rates of all the providers, with more
than 98% of clients renewing or extending their agreements. Those
looking for a strong technical team and customizable services
should be sure to consider Trustwave.
CSC. During the past couple of years, CSC has demonstrated a
renewed commitment to its MSS offerings. CSC primarily focuses on
existing IT customers and leverages its large consulting practice
to identify suitable candidates for a managed model. CSC uses
cost-benefit models to demonstrate the return on investment in its
services, and it has one of the better portals in terms of
flexibility and features that we tested. Customers identified its
well-run SOCs and responsiveness as positive attributes for CSC.
They pointed to log management and poorly defined SLAs as areas of
improvement. CSC continues to invest heavily in its MSS offerings
and will focus its resources on global threat intelligence.
AT&T. As a large, North American telecommunications
provider, AT&T has one of the largest customer bases, with more
than 1,200 unique customers in the region. AT&T has an
aggressive threat intelligence program and scans more than 25
petabytes of data travelling over
-
FOR SEcURITy & RISk PROFESSIOnAlS
The Forrester Wave: Managed Security Services: north America, Q1
2012 10
2012, Forrester Research, Inc. Reproduction Prohibited March 26,
2012
its networks daily. AT&T focuses on threat detection with
strong network infrastructure and perimeter defense offerings,
including robust log monitoring and analysis features. Areas of
improvement were its customer portal and reporting features.
Customers identified the size of its network and corresponding
security capabilities as strong positives.
strong performers
Hewlett-Packard. HP remains one of the largest players in the
MSS market, in large part due to its ability to offer large,
complete IT services packages as a managed offering. As a part of
its IT services bundles, HP manages entire IT security environments
and provides great economies of scale. HP excels in the areas of
application security and value-added features, but other features
such as next-generation firewalls and advanced analytics lag behind
other providers. Rigid contracts are an improvement area. Strengths
are strong data centers and account management.
Wipro. Wipros focus on its offshore delivery model enables it to
offer a solid set of security services at a very competitive price
point. It has a broad list of security capabilities, and it helps
clients outsource some key operational aspects of security. In some
of the technical areas, such as content and application security,
Wipro offers some of the better services we evaluated. Customer
references identified flexible resources and cost-effectiveness as
positive attributes for Wipro, but highlighted its tendency to
over-commit and over-promise as an area for improvement. Some of
its services are less advanced, but Wipro remains a great option
for companies looking to reduce operational costs.
suppLeMeNTaL MaTeRiaL
online Resource
The online version of Figure 3 is an Excel-based vendor
comparison tool that provides detailed product evaluations and
customizable rankings.
data sources used in This Forrester Wave
Forrester used a combination of three data sources to assess the
strengths and weaknesses of each solution:
Vendor surveys. Forrester surveyed vendors on their capabilities
as they relate to the evaluation criteria. Once we analyzed the
completed vendor surveys, we conducted vendor calls where necessary
to gather details of vendor qualifications.
Portal demos. We asked vendors to conduct demonstrations of
their portals functionality. We used findings from these product
demos to validate details of each vendors product capabilities.
-
FOR SEcURITy & RISk PROFESSIOnAlS
The Forrester Wave: Managed Security Services: north America, Q1
2012 11
2012, Forrester Research, Inc. Reproduction Prohibited March 26,
2012
Customer reference calls. To validate product and vendor
qualifications, Forrester also conducted reference calls with two
of each vendors current customers.
The Forrester Wave Methodology
We conduct primary research to develop a list of vendors that
meet our criteria to be evaluated in this market. From that initial
pool of vendors, we then narrow our final list. We choose these
vendors based on: 1) product fit; 2) customer success; and 3)
Forrester client demand. We eliminate vendors that have limited
customer references and products that dont fit the scope of our
evaluation.
After examining past research, user need assessments, and vendor
and expert interviews, we develop the initial evaluation criteria.
To evaluate the vendors and their products against our set of
criteria, we gather details of product qualifications through a
combination of lab evaluations, questionnaires, demos, and/or
discussions with client references. We send evaluations to the
vendors for their review, and we adjust the evaluations to provide
the most accurate view of vendor offerings and strategies.
We set default weightings to reflect our analysis of the needs
of large user companies and/or other scenarios as outlined in the
Forrester Wave document and then score the vendors based on a
clearly defined scale. These default weightings are intended only
as a starting point, and we encourage readers to adapt the
weightings to fit their individual needs through the Excel-based
tool. The final scores generate the graphical depiction of the
market based on current offering, strategy, and market presence.
Forrester intends to update vendor evaluations regularly as product
capabilities and vendor strategies evolve.
eNdNoTes1 Forrester discussed the growing managed security
services (MSS) market in Q1 2010 and highlighted
that one in four security organizations outsourced their email
filtering. See the March 10, 2010, Market Overview: Managed
Security Services report.
2 Source: Forrsights Security Survey, Q2 2011.
3 Todays chief information security officers (CISOs) continue to
concentrate too much on tactical activities and day-to-day security
operations, unable to escape the reactionary hamster wheel.
Additionally, businesses and other parts of IT routinely circumvent
todays security organization in order to innovate and avoid hearing
the predicted no response. So despite all the sensational headlines
about major security breaches, many CISOs find themselves
marginalized by their business colleagues. In this report,
Forrester details what CISOs can do to realign with their
businesses and transform themselves into chief business security
officers, reasserting their position with management, the board,
and the company as a whole. See the February 14, 2012, Navigate The
Future Of The Security Organization report. Additionally, the
global downturn has negatively affected security budgets for
several years now, and chief information security
-
FOR SEcURITy & RISk PROFESSIOnAlS
The Forrester Wave: Managed Security Services: north America, Q1
2012 12
2012, Forrester Research, Inc. Reproduction Prohibited March 26,
2012
officers (CISOs) have become accustomed to accommodating
increasing responsibilities with minimal change to resource levels.
See the December 15, 2011, 2012 Budget And Planning Guide For CISOs
report.
4 Source: Forrsights Security Survey, Q2 2011.
5 The information security threat landscape is changing rapidly,
and many security organizations are struggling to keep up with the
changing nature, complexity, and scale of attacks. This dynamic
landscape will not stabilize. As security managers struggle to keep
up with this changing landscape and develop capabilities for
handling new attacks, the attacks themselves will adapt to bypass
new controls. The attacks of 2011 teach us that the threat
landscape is not evolving but rapidly mutating as attackers find
ever-more devious ways of bypassing security controls. See the
November 1, 2011, Updated Q4 2011: The New Threat Landscape Proceed
With Caution report.
-
Forrester Research, Inc. (nasdaq: FORR) is an independent
research company that provides pragmatic and forward-thinking
advice to global leaders in business and technology. Forrester
works with professionals in 19 key roles at major companies
providing proprietary research, customer insight, consulting,
events, and peer-to-peer executive programs. For more than 28
years, Forrester has been making IT, marketing, and technology
industry leaders successful every day. For more information, visit
www.forrester.com. 57682
Forrester Focuses OnSecurity & Risk Professionals
To help your firm capitalize on new business opportunities
safely,
you must ensure proper governance oversight to manage risk
while
optimizing security processes and technologies for future
flexibility.
Forresters subject-matter expertise and deep understanding of
your
role will help you create forward-thinking strategies; weigh
opportunity
against risk; justify decisions; and optimize your individual,
team, and
corporate performance.
Sean RhodeS, client persona representing Security & Risk
Professionals
About ForresterA global research and advisory firm, Forrester
inspires leaders,
informs better decisions, and helps the worlds top companies
turn
the complexity of change into business advantage. Our
research-
based insight and objective advice enable IT professionals
to
lead more successfully within IT and extend their impact
beyond
the traditional IT organization. Tailored to your individual
role, our
resources allow you to focus on important business issues
margin, speed, growth first, technology second.
foR moRe infoRmation
To find out how Forrester Research can help you be successful
every day, please contact the office nearest you, or visit us at
www.forrester.com, For a complete list of worldwide locations,
visit www.forrester.com/about.
Client SuppoRt
For information on hard-copy or electronic reprints, please
contact Client Support at +1 866.367.7378, +1 617.613.5730, or
[email protected]. We offer quantity discounts and
special pricing for academic and nonprofit institutions.