Ovum Decision Matrix: Selecting a Global Telco Managed Security Services Provider

Ovum Decision Matrix: Selecting a Global Telco Managed Security Services Provider (TE007-000800) 17 Sep 2014

© Ovum. Unauthorized reproduction prohibited

Ovum Decision Matrix: Selecting

a Global Telco Managed

Security Services Provider

Moving from network-centric security to the broader IT security

suite

Reference Code: TE007-000800

Publication Date: 17 Sep 2014

Author: Mike Sapien

SUMMARY

Catalyst

The major systems integrators (SIs), IT providers, and carriers have dramatically increased their

investment and interest in managed security services, and security vendors are rapidly introducing new

products to arm these providers. There is growing demand for such services from enterprise customers

that are struggling with growing security threats and breaches, and overall risk. Ovum has reviewed six

carriers' global managed security services portfolios with the aim of providing insight into managed

security services trends, focusing on telco-led managed security service provider (MSSP) challenges and

opportunities.

Ovum view

Global carriers have been offering managed security services for many years; historically these services

have been very network-centric. Carriers started with security services by way of the network (e.g., WAN

and Internet service security), and then added more security services as they became significant Internet

service providers (ISPs). Managed security services have expanded into many of the carriers' different

service areas, including private network, Internet, mobile, and web services, and are now expanding into

many of their new cloud-based and IT services. Carriers can now also leverage their cloud, internal IT,

and network assets to expand their services and skills as global MSSPs. All the carriers Ovum analyzed

for this report stated that they will continue to make investments, recruit outside talent, and rely on

strategic partnerships to develop their managed security services portfolios and security expertise.

Security now cuts across many different enterprise services, going well beyond the network and defend-

the-edge (perimeter) approaches. Owning the network and having visibility of network traffic provides a

distinct advantage for telco MSSPs. With the ongoing digitization of consumer and corporate life and



functions, ever more people and devices will depend on connectivity, which will make network ownership

and related traffic visibility an even more compelling advantage. Managed security services have

become a major opportunity, with the prospect of double-digit growth in revenues. After all, security is a

required element of every enterprise service. Ovum's global service contracts analysis shows that

managed security services are approaching 10% of the total value of the large global deals signed

recently.

There is increasing demand for managed security services, and we expect further growth in demand

from enterprise customers that are frustrated with the increasing cost and complexity of securing IT and

networks. Enterprise customers need help with responding to new threats, managing multiple security

solutions, and analyzing disparate security information that still keeps them open to breaches. Threat

management, cybersecurity, and analytics are now being added into the solution mix so that enterprises

can attain the appropriate security level, and MSSPs need to strengthen their capabilities in these areas.

It is still early days, but enterprises are starting to supplement historical defensive security measures with

new preventative, real-time, automated measures to defend against, predict, and remediate security

incidents faster and with more accuracy. Carriers are already in the game, but will need to make the right

investments, pick the right partners, speed internal development, and integrate new security services to

stay relevant and become trusted advisors and successful MSSPs.

Key findings

Telcos are global ISPs and IP backbone providers. They already see and manage high

volumes of security incidents, breaches, malware, and hackers.

Managed security services is already a large services revenue stream for telco-led MSSPs.

MSSPs addressing the enterprise market have high potential for growth.

Security is and will remain one of the critical requirements for enterprise customers of all sizes,

and must be an integral part of any managed network and IT service now.

Managed security services are extending beyond perimeter solutions to include more complex

core solutions that lend themselves to both network- and cloud-based platforms.

New security solutions are emerging that will supplement but not necessarily replace perimeter

solutions.

The increasing complexity and breadth of security services beyond devices means that number

of managed devices, total revenues, and total number of customers are no longer good metrics

for judging MSSPs’ capabilities, qualifications, or skills.

Owning the network is strategically important, but carriers need to parlay this ownership into

security tactics, services, and management that demonstrate and validate its importance.

Enterprise customers need to see that network ownership leads to security solutions that are

more relevant than those of MSSPs that do not own the network.

Security is going through a wave of change. Many legacy vendors are being challenged by new

architectures and emerging players, and by the move to cloud-based offers, centralized

solutions, and more proactive security techniques.



Recommendations for telco-led MSSPs

Consolidate and integrate managed security services efforts and resources to maximize

investment, encourage collaboration across the different internal work groups, and create the

most comprehensive offer.

Leverage the security tactics, security knowledgebase, and expertise inherent in being a tier-1

ISP.

Integrate mobile security as part of the larger managed security services portfolio.

Promote existing large security contracts, including government security contracts that can be

leveraged with commercial offerings.

Make internal IT security investments part of commercial managed security services offers.

Ensure you operate at the CIO or chief information security officer (CISO) level for any

engagement on managed security services.

Utilize your strategic security vendors for sales, promotions, and market development activities,

as well as product development.

Make managed security services a top priority for investment; focus on outside hiring and

internal skills development in addition to strategic vendor partnerships and alliances.

Recommendations for enterprise customers

Ensure that you have your security service inventory, access, and requirements well

documented prior to engaging with third parties or MSSPs.

Verify your current spend and planned budget for security services today and for the next three

years.

Prioritize your current security service requirements, with a strong focus on the business impact

and infrastructure that you believe is the most vulnerable.

Assess your interest in and need for cybersecurity and threat management; these have become

critical new areas for security within the enterprise.

Identify security service gaps and corporate willingness to jointly source (internal staff with

external MSSP resources) or collaborate on security infrastructure.

VENDOR SOLUTION SELECTION

Inclusion criteria

Ovum chose the service providers profiled here because they are the leading global telco-led MSSPs.

They have significant installed bases of MNC, large enterprise, or government customers, and offer

managed security services with global coverage. The service providers chosen are:

AT&T

BT

Orange Business Services (Orange)



Telefonica

T-Systems

Verizon Enterprise Services (Verizon).

Exclusion criteria

Several telco service providers have strong managed security service offerings but not the total MSSP

portfolio or global reach. For example, CenturyLink/Savvis has strong capabilities but does not have the

global coverage or full MSSP portfolio. Others that have been excluded may still have a significant

installed base of customers in a few regions, including strong capabilities in their home markets, but no

significant global coverage.

SIs and IT-based MSSPs were excluded from this report, but will feature in a future Ovum study.

Methodology

Portfolio assessment

This assessment dimension covers the features and functionality that differentiate the leading solutions

in the marketplace. The criteria for managed security services are:

Breadth: the complete range of services in the managed security services portfolio that

addresses global large enterprise needs.

Integration: how well the various elements of the managed security services portfolio are

aligned and integrated within the overall telco MSSP offer.

Partners: the number of major partnerships with security vendors to support and expand the

managed security services portfolio.

Road map: the robustness of the managed security services portfolio road map and its

alignment with each MSSP’s current portfolio.

Vision

This dimension covers the capability of the solution across the following key areas:

Strategy: the strength and completeness of the MSSP’s strategy at a company level and its

alignment across all global managed enterprise services.

Road map: the alignment of the road map with the MSSP’s stated vision and the related long-

term investment in and commitment to new security services, alliances, and service innovation.

Vendor involvement: the level of engagement with security vendors and consortia relationships

that go beyond the resale of security products and services; this includes joint development,

creating security standards, or security collaboration efforts (e.g., cybersecurity).

Execution

This dimension reviews the capability of the solution across the following key areas:



Customers: the existing total number of customers, the number of significant large enterprise

customers, and the range of global enterprise customers beyond the telco MSSP’s home

territory.

Revenues: an estimate of the total annual revenue amount and a breakdown of revenues from

the five major global regions.

Growth: the estimated current annual growth and shared growth objective for the carriers’

managed security services.

Coverage: the ability to provide global managed security services with regional staff to support

customer requirements (sales, professional services, and operations) in all major region of the

world.

Ovum ratings

Market leader: The service providers in this category are those that we believe are worthy of a

place on most MSSP selection shortlists. They have established commanding market positions

with products and solutions that are widely accepted as best-of-breed and that have been

deployed globally.

Market challenger: Service providers in this category have good market positions and are

selling and marketing their solutions and services globally. They offer competitive managed

security offers and have limited global coverage with strong pan-regional support. These

providers should be considered in specific regions.

Emerging provider: Service providers in this category typically aim to meet the requirements

of particular types of customer or have strengths and coverage in some, but not all, major

global regions. As tier-1 providers they should be considered as part of any selection.

MARKET AND SOLUTION ANALYSIS

The telco as MSSP

The history of WAN

For years, carriers have provided managed security services with a network-centric approach and with a

“protect the edge” strategy. This approach, which incorporates firewalls and intrusion detection services

(IPS), was very common among MSSPs – the perimeter defense approach was historically successful in

protecting the various sites and private networks within the enterprise. Security for Internet, web, and

email services was added to this perimeter approach, typically by including another security appliance for

each new service.

Carriers have a large base of security customers using a network-centric service model. Managing

additional appliances was a natural extension to managing the WAN services of corporate private data

networks. Telco MSSPs now need to move beyond the network-centric, perimeter approach and

supplement their managed security services portfolio with security services that are centralized (within

the enterprise core infrastructure). Centralized services can be provided using hosting and cloud

platforms, which are now part of most carriers' infrastructure.



Positioning and strategic fit for the telco as an MSSP

Telcos' current position and fit

Carriers have increased their security offerings as they have expanded from the private networks and

basic layer-1 network services to higher-layer services (Internet and Ethernet) and advanced managed

services (web hosting, email, business applications). Carriers now have the opportunity to provide

additional managed security services for private, hybrid, or public cloud services. Network services will

continue to be part of the solution stack for different cloud deployment models, and security will be an

integral part of connecting cloud services.

Telcos are not known for IT services such as infrastructure management, business process outsourcing,

or application development. However, given their strong experience in network security and as global IP

providers and large ISP players, many enterprise customers will have some confidence in telco MSSP

offers. Investment in staffing, strategic partnerships, internal development, and planning will be required

to broaden the managed security services portfolio and increase customer confidence. If carriers can

speed the development of security expertise and managed security services while centralizing and

consolidating their security investments they have a strong chance of becoming trusted security advisors

to the MNC and large-enterprise market.

The opportunity comes with challenges

Telcos do have some hurdles to overcome. Recent Ovum enterprise research suggests that carriers are

not the first option for customers seeking security services or advanced threat protection. IT vendors,

SIs, IT value-added resellers, and security tools vendors are the providers that enterprise customers

usually mention with regard to managed security services. In addition, carriers' traditional customer

contacts are not the CIOs or CISOs of large enterprises. Telcos have made some progress on the

strength of providing security for global networks, complex managed hosting, and growing cloud

services. Nevertheless, they have work to do in getting brand and industry recognition as qualified

MSSPs and security experts.

The move beyond network- and perimeter-based security

Most telcos started their managed security services with protecting the network and defending the edge

of the network. This was a great approach 10 years ago; early security services were heavily dependent

on defending the edge and protecting access to the corporation's remote sites. Typical early managed

security service offers were aligned with router vendors such as Cisco and Juniper for customers

connected to the telco's own network. The solutions were subsequently enhanced with security

appliances to handle new functions (email filtering, Internet access, web traffic), which increased the

security at the perimeter and also increased carriers' share of wallet. Then vendors such as Riverbed

Technologies were added to provide enhanced features, including WAN optimization with centralized

management, and additional services beyond security.

Now carriers need to move beyond the edge and appliance approaches to include broader managed

security services for enterprise IT core resources, including data center and enterprise applications.

Cloud security is another emerging opportunity as telcos become both cloud service providers and



network brokers for cloud services. Mobile security is another growing opportunity, with the use of mobile

operators' internal capabilities combined with cloud services.

Distinct opportunities in the large enterprise and SME markets

Large enterprises with global needs

For this report, Ovum asked key carriers to provide details of their managed security services for MNCs

and large enterprises with global requirements. Telco MSSPs are currently making major investments to

address the needs of this segment. Growth in managed security services appears to be very high

(double-digit).

The SME security market is a unique and separate opportunity

Although this report focuses on the large enterprise and MNC segment, many carriers and security

vendors mentioned that they also intend to move down-market with some or all of their managed security

service offers. With the increasing use of cloud both as a security platform and a delivery mechanism for

security tools and services, carriers are looking to add security options within managed SME service

bundles.

Ovum believes that telcos can address the SME market with managed security services. They could

easily offer SME bundles with optional security services on a trial basis, for example, to drive a high

adoption rate with very cost-effective infrastructure. Managed security services and security resources

from the large enterprise efforts can also enable sales down market. The SME and mid-market segments

may eventually be a larger market opportunity for telco MSSPs than the Fortune 1000 enterprise market.

Many SME solutions or security features within service bundles will likely be simplified or downgraded

large-enterprise security solutions.

Managed security services trends

Enterprise customers are overwhelmed

Enterprise customers are increasingly seeking external help in addressing their security requirements.

Customers may differ in their specific needs, but they all confirm that security is rising in importance and

that it is becoming harder to attain the necessary security staffing and skills for their businesses. They

need threat management (including remediation) services, security operations center (SOC) support, and

security intelligence (analytics) to develop proactive security tactics.

Customers are also looking for guidance on new attacks and preventative measures. Demand for

managed security services is growing, complexity is increasing, and enterprise customers are looking

outside for professional, experienced assistance. This demand is not usually for total outsourcing or

security information and event management (SIEM) platforms, but rather for a form of joint or co-sourcing

to enhance what the customer is doing today.



From reactive to proactive approaches

Gone are the days of providing managed security services that were limited to reacting to security

violations and breaches. And just establishing an SIEM platform for a customer is not enough to qualify

as an MSSP. Customers are now demanding new security methods that go beyond just reactive

remediation services based on security violations. Most are in a position to manage reactive security

programs – they are looking for managed services, expertise, and intelligence that starts to overlay or

complement security programs with proactive and predictive actions, automatic policies, and

recommended actions based on specific criteria, behaviors, or known patterns.

Defending the edge plus core infrastructure techniques

Perimeter security has historically been critical to corporate security – and it remains so. However,

security services need to be enhanced and supplemented with additional security methods, including

tools within the corporate core IT and network infrastructure. It is not a case of one model replacing the

other; rather, both models are required to attain the best security position.

Moving to new technology: cloud, network, and IT infrastructure

Two dimensions of cloud

Ovum found that that cloud services were a major topic for discussion during the recent US RSA security

conference, in MSSP interviews and at multiple security vendor briefings. And in most of these

discussions, cloud services were discussed from two different perspectives. First, MSSPs and security

vendors were developing new security offerings, enhancing existing security offers or migrating legacy

security solutions to cloud-based platforms for delivery "as a service."

The other aspect of cloud services was the addition of new security services to managed security

services portfolios. These are intended to provide the required security for enterprise customers planning

to use cloud services. As IT service consumption moves to the cloud and providers start to deploy new

cloud services, it is a natural extension to add the security services that are required for the use of cloud

services. The challenge becomes more complex as customers demand a mix of private, public, and

hybrid implementations between different vendors of software, network, and cloud resources.

Maintaining and improving security during corporate infrastructure transitions

As enterprise customers transform their IT and network infrastructure, they need to address concerns

around security. The transformations go beyond moving to cloud services, replacing network providers,

or replacing IT hardware vendors. Whenever customers make plans to replace or refresh major

components of their corporate infrastructure, maintaining and improving security is central to making the

transition smoothly and successfully.

Cybersecurity with analytics and intelligence

Managed security services are now expanding to include cybersecurity services that cut across and

impact the entire security service portfolio. Cybersecurity is developing into a new service module within

managed security services and will quickly become a horizontal capability deployed across each MSSP’s



full service model. Such services will have to go beyond security breach verification and identification.

MSSPs will be required to advise customers on security attacks and add some degree of analysis (to

create predictive modeling) or policy (to prevent future attacks). Big Data is a subject in its own right, but

the early indications are that cybersecurity investment and related service development will feed into

security best practices, analytics across the managed security services portfolio, and intelligence. This

will create security policies that quickly and automatically isolate and remediate security outbreaks.

Strategic partnerships: new players, fewer partners, joint development

Major MSSPs and security vendors are increasing their use of strategic partnerships, leading to longer-

term commitments and investments in joint development. In some cases, MSSPs are reassessing their

security vendor line up and starting to prioritize strategic relationships and reduce the number of

standard vendor relationships. All MSSPs have some relationship with a major SIEM vendor, and usually

some experience with a number of them in providing legacy security services.

At the same time, new and different security vendors (e.g., FireEye, Bit9, CipherCloud) are emerging as

next-generation security vendors, many leveraging cloud platforms or security analytics. For example,

AT&T recently announced partnerships with IBM to enhance its threat-management portfolio; it

separately announced a new service based on Blue Coat’s cloud security offering. Such strategic

partnerships, along with joint developments, internal developments, and the overall increasing use of

security analytics should provide differentiation among the various MSSPs going after the large

enterprise market.

Threat management's “three Rs” – readiness, response, remediation

Remediation has been added to the “two Rs,” with a dash of analytics. Threat management has been

part of many MSSP service portfolios, but the new part of the service is the addition of remediation,

which is a critical part of a comprehensive threat management service in a managed security services

portfolio. Remediation goes beyond just the identification and isolation of a security threat; it includes

creating preventative measures and tactics to stop future similar threats. Many security vendors and

MSSPs have added or plan to add major investments to provide remediation services as extensions of

their existing threat management services. Again, cybersecurity is an integral part of the new threat

management services, but analytics is the new ingredient. Cybersecurity efforts that provide security

analytics are now part of the supply chain, providing the intelligence required for proper threat

management and remediation.



Ovum Decision Matrix: telco managed security services

Figure 1: Ovum's view of telcos as global MSSPs

Source: Ovum

Table 1: Ovum Decision Matrix: telco managed security services

Market leaders Market challengers Emerging provider

AT&T

BT

Verizon

Orange

T-Systems

Telefonica

Source: Ovum

Telco MSSP comparison

Overview

When assessing these telcos’ managed security services portfolios, Ovum took into consideration the

global capability, current success (revenues and customers), vision, and strategies of each carrier as a

global MSSP. AT&T, BT, and Verizon are clear market leaders as global MSSPs. T-Systems is a market

challenger, with a smaller base of managed security services business and a strong focus on Europe as



its primary region. Orange Business Services is also a market challenger, with a strong base of

customers, an expanding product portfolio, and some limitations in its global coverage. Telefonica is an

emerging provider, with some product gaps, geographic gaps in coverage, and a developing vision as a

global MSSP. It is strong in Europe and Latin America, but lacks coverage and support in North America

and Asia-Pacific.

All six carriers have global capabilities and customers, but they vary in the overall maturity and breadth of

their product portfolios, the size of their customer bases, the scale of their revenues, and the extent of

their global capabilities. All have room for improvement; all of their future services and road map items

are still works in progress, and many are based on recent announcements and partnerships that still

need to bear fruit.

Portfolio

Figure 2 shows Ovum's view of the managed security service reference portfolio. It is based on our

findings from discussions with security vendors, our ongoing research on MSSPs in general, and the

research completed specifically for this report. The portfolio represents the broad set of services that

MSSPs are attempting to offer to large enterprise customers.

Ovum used this framework to gauge the breadth of the carriers' portfolios. Our assessment also included

a review of the integration of each carrier’s security service pillars, security vendor relationships, security

industry involvement, and road map. None of the carriers had all elements of the portfolio, and some

service elements were either road map items or in development.

Figure 2: Ovum's managed security services reference portfolio

Source: Ovum



Figure 3: Portfolio assessment

Source: Ovum

Vision

Ovum assessed each telco’s strategy and vision for managed security services. We also researched

overall trends and the direction taken by key security vendors to validate our view on the appropriate

strategic direction and vision for MSSPs in today's market. We took into account the carriers’ involvement

with security industry vendors and related forums. This analysis formed the basis of our assessment of

each carrier's current strategy and future vision, including their road maps and work-in-progress items.



Figure 4: Vision assessment

Source: Ovum

Execution

Each carrier provided detail about its current managed security services, existing customers, current

revenues (or estimated ranges), and expected growth. Some of this information was provided to Ovum

under non-disclosure agreements and cannot be published, but we were able to assess their existing

revenues, their estimated number of customers, the level of their business, and their scale as a global

MSSP. We also considered global capability under this category.



Figure 5: Execution assessment

Source: Ovum

A note on global capability

Every carrier included in this report has some degree of global coverage in terms of managed security

services for large enterprise customers. Just as the carriers have been able to provide WAN services to

these customers globally, so they can include additional security services. But providing global managed

security services support for MNC and large-enterprise customers includes offering pre-sale, sales, and

technical support, as well as post-sale, account management, and ongoing maintenance support – and

doing so across all the major regions of the world. Offering comprehensive global support means having

SOCs in major regions and making regional and professional services staff available for managed

security services. Ovum used the survey responses and interviews with the carriers to determine the

carriers’ levels of global capability and support.

Shortlisting providers: a view from the enterprise

Geographic/regional guidance

All six carriers in this report provide some degree of global coverage, but all have particular strengths in

their home regions and countries. AT&T and Verizon are strong in the US; BT and T-Systems are strong

in Europe. Orange is strong in EMEA; Telefonica is strong in Europe and Latin America. Customers need

to consider these regional strengths when assessing MSSP vendors.

Procurement, responsibility, and scope guidance

Managed security services are becoming more critical for all MNC and large enterprise customers. They

need additional support due to the growing level of threat, the complexity of intrusions, and the

increasing sophistication of breeches. CISOs will be required to balance their fixed budgets with this



increased level of risk, while also balancing internal and third-party resources to ensure sufficient security

measures and policies are in place.

Security will always be critical – customers must place a high priority on protecting their IT assets and

also the corporate brand. MSSPs provide additional support, knowledge, resources, and skills, but the

CISO is ultimately responsible. Ovum therefore does not believe that security can be completely

outsourced. Customers will need to have the primary responsibility, but they can lean on security

vendors such as MSSPs for complementary services and expertise. Each customer will need to

determine the balance of internal and external resource that is appropriate for them.

SERVICE PROVIDER ANALYSIS

AT&T

Figure 6: AT&T’s global managed security services portfolio

Source: AT&T

Managed security services overview

AT&T's managed services portfolio includes five main pillars, with consulting as an overlay to them all.

Although much of its security services have historically been network-centric and premise-based, AT&T

is expanding into cloud-based offers and adding more services to its security portfolio. Managed security

services form a major element of AT&T's enterprise services portfolio. Its revenues, customer base,

growth rate, investment, global expansion, and current customer demand are all sizable. Earlier in 2014



the carrier announced an alliance with IBM that will focus on joint development around threat

management and analytics.

Threat management

AT&T’s Security Event and Threat Analysis, Internet Protect, DDoS Defense, and Private Intranet Protect

services are all part of the threat management service pillar of its managed security services portfolio.

Today the carrier’s threat management is very network-centric, but its road map suggests that this

service will become a core, centralized offer. It will cover corporate data center infrastructure and IT

elements within the enterprise. With its IBM alliance centered on threat management and analysis,

AT&T's capabilities in this area should expand to include cybersecurity features and analytics that can

feed into other parts of its managed security service portfolio.

Mobile security

AT&T's position in global mobile services and enterprise mobility programs means that mobile security is

a natural extension to its managed security services. Device management with antivirus/malware

protection, network security options, and SSL services are included in mobile security. AT&T's mobile

device management programs have these mobile security elements as standard options for its

customers and include support for cross-carrier environments beyond AT&T's own mobile network. AT&T

is also integrating managed security into its Toggle enterprise mobility program.

Network-based security

Secure network gateways, network-based firewalls, secure email gateways, and web security are all part

of AT&T's network-based security services pillar. AT&T has provided these services for many years, and

provides such support for many of its large enterprise customers. Customers have a confidence in

AT&T's ability to offer and support these security services.

Identity management

AT&T offers its enterprise customers many identity management options, including multi-factor

authentication and single-sign-on solutions.

Premise-based security

In addition to network-based security, AT&T has for many years offered premise-based firewall, intrusion

detection system (IDS), and application security options to its customers as part of its managed security

services portfolio.

Consulting

Along with general security assessments, AT&T offers support for governance, risk, compliance, and

payment card industry (PCI) assessments, as well as cloud and mobility security consulting.



Go-to-market approach and positioning

AT&T’s position as a global security provider is based on its network-enabled services, secure mobile

business services, cloud-based services, and threat management offering. It is a US-centric security

player with a strong focus on serving those of its domestic MNC customers that require global reach. It

competes with the large MSSPs, including both IT and telecoms vendors.

AT&T’s position as one of the largest global ISPs, broadband providers, and IP network operators gives

it credibility in delivering managed security services. It gains first-hand insight and visibility into the many

security attacks, malware attacks, and breaches that occur within its customer base over these networks.

Strategic security assets – staff, partnerships, alliances, and acquisitions

AT&T’s partnerships with IBM and Blue Coat are recent examples of its investment in its managed

security services portfolio. The carrier will support joint development that will enhance this portfolio, and it

is also adding to its internal skills and resources.

RSA, IBM, Arbor Networks, Cisco, Juniper, and Riverbed are among the strategic vendors of AT&T's

managed security services portfolio. Akamai (with Kona Security Services) is another strategic vendor

that provides support for AT&T's DDoS and web security service offers.

Road map

AT&T recently announced the Blue Coat security service offering in the US; it plans to expand this cloud-

based security service globally in the latter part of 2014. Another major road map item for AT&T will be

extended threat management, with its recently announced alliance with IBM. These initiatives are

examples of the type of major investments that AT&T is making to provide more robust security offerings

and global availability. The carrier is also making the transition to cloud-based security services, and will

leverage its internal cloud infrastructure to support these new offerings.

Ovum assessment

AT&T is a major global player in security services and is making significant investments to broaden its

managed security services portfolio. It already has a number of contracts in place with large MNC

customers in this area. Global reach is one key goal, with global service expansion on the cards. With

the exception of Latin America, it already covers the major regions, but the focus of its security support is

on US customers. Ovum expects the carrier to continue investing in its security services, with major

expansion in the EMEA and Asia-Pacific regions. It may also expand into Latin America in the near

future.

AT&T's partnership strategy for security services aligns with its overall strategy to expand its enterprise

portfolio. It plans to partner with fewer, larger strategic vendors rather than have many smaller vendors

with smaller scale impact. It does not directly define cybersecurity as part of its security service portfolio,

but this service will become part of the output from its investment in threat management, especially with

the recently announced IBM alliance. AT&T offers managed DDoS and web security services and will

continue to extend further into the IT application stack and IT infrastructure, but it will likely acquire these

capabilities from its strategic partnerships with SIs and IT security vendors.



BT

Figure 7: BT’s managed security services global portfolio – Assure

Source: BT

Managed security services overview – BT Assure

BT has been investing in managed security services for many years now. It recently rebranded many of

its managed services, including its managed security services portfolio; BT Assure is now the brand for

its managed security services portfolio, as depicted in Figure 7. The telco has reorganized its security

resources into one central group and is now led by its former CSO. BT has also aligned its security

assets and with its regional teams. Although BT's security resources are concentrated in Europe, it has

extensive resources in Asia-Pacific and the Americas.

BT Assure Intelligence

Threat monitoring, vulnerability scanning, and analytics are the key elements of the Assure Intelligence

services. They provide customers with a comprehensive view of and defense against malicious attacks

and security violations. BT Assure Intelligence includes the management of the customer's SIEM on-

premise or within BT's security centers or SOCs.

BT Assure Continuity

Assure Continuity provides high availability of the customer's networked IT infrastructure and business

continuity management framework. It is focused on network connectivity within the customer's IT

infrastructure, and includes DoS services.



BT Assure Identity

Authentication, identity verification, encrypted email, digital signatures, and public key infrastructure are

the key parts of Assure Identity services. BT provides identity and online fraud services to many of its

MNC customers globally. It has key accounts in the UK, Australia, and Latin America. URU (you are you)

is also part of this service pillar and is offered to reduce fraud.

BT Assure Managed

Most of the traditional network-centric security offers – managed firewall, managed web, IPS, message

(email) scanning – are included in Assure Managed. It also has cloud versions of some of these services,

plus DDoS services.

BT Assure Secure Remote Access

BT offers solutions for remote and mobile access. It supports IPsec and SSL VPNs with multi-factor

authentication to provide secure access to corporate resources for “any device, any time” customer

requirements.

BT Assure Cyber

Assure Cyber is an overlay service that includes a security assessment and a fully managed security

service that incorporates the oversight and management of customers' entire security programs and

policies. Cybersecurity services and professional security consulting are part of this premium service.

BT Advise Assure

Professional services, security consulting, and assessment are all part of BT's Advise Assure program.

This is not meant to be stand-alone offer so much as a professional service aligned with BT’s security

service portfolio for its MNC customer base.


BT focuses on MNCs and larger enterprise customers with global requirements in all the major regions of

the world. Its offer is meant for sophisticated enterprise customers that are looking for help getting ahead

of the threat curve and managing their growing security threats and issues. BT's goal is to provide an

end-to-end service through its consulting capabilities, which are all tied to its WAN and LAN solutions.

The integration of security solutions is also part of BT's value proposition. BT has a number of large

government contracts (not just in the UK) and large MNC customers, and it can take on most MSSP

competitors – even going beyond just the telco-led ones. BT has a strong set of security assets, including

skilled staff, global SOCs, and a large MNC customer base. It also has strong vendor relationships.

These qualities position BT as one of the major global MSSPs.

Strategic security assets – partnerships, alliances and acquisitions

BT made one of the first strategic security vendor acquisitions by a telco when it purchased Counterpane

in 2006; it now has partnerships with more than 60 security vendors. Many of these vendors are

deployed within BT's own infrastructure, which emphasizes how the carrier is leveraging its internal IT



and network experience for its commercial security offer. BT utilizes the traditional vendors (Cisco,

Juniper, and Checkpoint), but is also active with new, niche security vendors such as FireEye, Lumeta,

and Skybox. BT has its own SIEM platform, Socrates, but also supports other SIEM platforms based on

customer demand. The carrier has demonstrated interest and made investments in many emerging

security technologies and vendors, a trend that Ovum expects to continue.

Road map

BT’s new managed security services include web security, mobile device management, cybersecurity

and threat management offerings, along with the related professional services. The carrier is adding

more cloud-based, hosted, and assessment options to its overall product line for most of its security

portfolio pillars. Assure eValuator is an example of BT’s enhanced security assessment offer, whereby it

provides security readiness and a 24-month plan. The telco is also developing analytics enhancements

to help correlate and analyze disparate security events and provide proactive security recommendations

and policies. It is engaged in the prioritization and consolidation of its security partnerships line up, which

should result in fewer, stronger relationships that provide increasing integration, lower costs, and faster

time to market for many of its security offers.

Ovum assessment

BT has a pedigree as one of the major MSSPs for MNC customers and has invested in expanding its

security services to include IT infrastructure. It also has the most complete global reach, with strategic

security staffing and infrastructure in all the major regions of the world. Its MNC and large enterprise

security customer base is global, with customers in key verticals such as public sector, healthcare, and

financial services. BT's recent investment in expanding its threat monitoring services in Brazil is yet

another example of the priority it gives security portfolio build-out and global presence.



Orange

Figure 8: Orange’s managed security services portfolio

Source: Orange


Orange delivers its managed security services portfolio in three major components: managed security

solutions, consulting, and cyberdefense. These are the major ingredients for its offer to the MNC and

large enterprise market globally. These service components are delivered in a combination of three

different delivery models – custom solutions, managed services, and cloud based.

Managed security solutions

Management and governance, trusted work environment, and trusted infrastructure are the three pillars

of Orange's managed security solutions. Management and governance consists of CyberSOC, cyber risk

and compliance intelligence, and security event intelligence; trusted work environment includes security

integrated services, flexible and mobile SSL, mobile security, and flexible identity in providing security for

access, terminal/devices, and identity management; and trusted infrastructure includes DDoS and unified

defense (e.g., firewall, web filtering). These services form the core of Orange's managed security

services portfolio.



Consulting, including implementation

Orange's consulting services are the professional services overlay to its managed security services

portfolio. They include comprehensive assessments, PCI DSS support, audits, pentesting, engineering,

and recommendations for enterprise security infrastructure, programs, and policies. Orange has a range

of consulting to address the full security lifecycle.

Cyberdefense

Orange leverages its CyberSOCs, security personnel, managed solutions platforms, and its recent

acquisition of Atheos to offer an additional layer of service, providing a plan for cybersecurity strategy

that monitors, responds to, and remediates security events. The correlation and patterns of security

activity, along with the correlation and analytics, allow Orange to provide this additional premium security

service to its customers. Orange offers cybersecurity assessment and recommendation as part of its

security consulting services. This is a new area for the carrier, and Ovum expects more announcements

and enhancements in this domain.


Orange offers its managed security services individually, but positions itself as full service MSSP and

provides global, unified security management. It can take over the management of devices and network

and IT infrastructure for its MNC and large enterprise customers. The telco has a strong global support

structure for security services, with a particular concentration in EMEA, and also has security resources

in the Americas and Asia-Pacific. Orange caters to MNC and government accounts that are based in

France and other parts of Europe and that have global requirements.

Strategic security assets – partnerships, alliances, and acquisitions

Orange has partnerships with more than 50 vendors, including many of the network, Internet, and web-

centric vendors used by most telco-led MSSPs. The carrier also has strong relationships with security

vendors such as HP, Qualys, Zscaler, Blue Coat, SafeNet, and Varonis and is working with many of

these vendors in transitioning to more cloud- and network-based security solutions. It has obtained

various security certifications, is working on collaborative cybersecurity efforts, and is participating in

security industry forums. Orange’s recent acquisition of Atheos will add to its security expertise,

experience, and knowledge.

Road map

Orange is investing in network- and cloud-based security solutions, making improvements to its DDoS

and identity management services, and enhancing its cloud security support. It is also investing in

cybersecurity services; Ovum expects more announcements about the carrier’s cyberdefense offer and

the progress it is making with integrating its new acquisition, Atheos. Orange remains active with the

security vendor community, so we expect to see further enhancements in its analytics and threat

management.



Ovum assessment

Orange is a strong player in managed security services in EMEA, with the common telco alignment with

its network roots and services. It offers these services as a complement to its other network, IT, and

managed services. The telco is leveraging its internal IT security resources and experience to create its

security offers and increase customer credibility. It predominately works with its existing MNC and large

enterprise customers that need help with security. Customer adoption shows that Orange has become a

trusted advisor based on its customer base and security assets. Orange can also assist its larger

enterprise customers in the Americas and Asia-Pacific.

Telefonica

Figure 9: Telefonica’s managed security services portfolio overview

Source: Telefonica


Telefonica has been providing managed security services to its large enterprise customers for many

years. With its global services push, the carrier has been investing in providing global security resources

and technology to MNC and large enterprise customers.

Network-based services

The major elements of Telefonica’s network-based services pillar are its clean pipes, web security, email

filtering, and anti-DDoS services. Clean-pipes services include many security features that are aligned

with the carrier’s network and Internet services.



Managed services

Mobile device management, WAN device management, and security monitoring are the major elements

of Telefonica’s managed services pillar. Mobility and device management at the perimeter are included in

its managed services for both fixed and mobile networks.

Cybersecurity

Threat and vulnerability detection are the key elements of Telefonica's cybersecurity offer. This appears

to be one of the newer elements of the carrier’s managed security services portfolio, and is also one of

its areas of current and planned investment.

Global services, security-as-a-service, and 24/7 service management

The horizontal service overlays to the three major pillars of Telefonica's managed security portfolio are

expanding security services from local coverage to global coverage, moving managed security services

to cloud-based platforms, and providing complete 24/7 security service management. Telefonica's web

security and email filtering services are examples of where its security service is offered in a security-as-

a-service model. The carrier has security consulting services available across its managed security

services portfolio.


Telefonica focuses its managed security services customer acquisition on Europe and Latin America,

and has security assets and capabilities in North America. The carrier can provide global services, but its

strongest offering for MNC and large enterprise customers is in these three regions. It promotes its

internal development and external vendor products to offer reactive, proactive, and preventative

managed security service management approach.


Telefonica works with many network security vendors, including Cisco, Juniper, and Arbor, as well as

many IT security vendors, including AlienVault, Fortinet, HP, McAfee, RSA, and Symantec. FireEye,

Rapid7, and Palo Alto Networks are also part of the telco’s multi-vendor security mix, and it is using

AirWatch for mobile device management. Telefonica also has security platforms developed by its own

staff that are part of its proprietary mix of managed security services. The carrier has made some

investments in security technology start-ups such as ElevenPaths (a fully-owned subsidiary set up as a

100% product company) and Blueliv (a cybersecurity technology company), has launched Sinfonier (a

collaborative security knowledge and intelligence community for developers and researchers), works with

various security consortiums and standards (ISO), and has its own proprietary developments (e.g.,

Saqqara, its security monitoring automation solution). Cybersecurity and threat management are

Telefonica’s key investment areas.

Road map

The major road map items for Telefonica are making additional SOC investments in its major regions

(Latin America and Europe), expanding its geographic coverage (to include managed security services in



the UK, for example), and continuing to invest in threat management and cybersecurity. Ovum expects to

see more investment in analytics and advanced persistent threat and behavioral modeling within the

carrier’s cybersecurity offer.

Ovum assessment

Telefonica's recent managed security service launches, its planned and announced geographic

expansion, and its investments in managed security services are boosting its position as a global MSSP.

The carrier’s MNC and large enterprise potential lies mainly in Europe and Latin America; North America

is one secondary region where it has increased its managed security resources. It has potential for

market expansion, especially among US-based customers with growing Latin America or European

presences. Ovum expects to see further investment from Telefonica; this, followed by customer adoption

and service expansion, will position it as one of the major telco-led MSSPs within two years.

Telefonica has global capabilities and a broad base of customers; these can provide the basis for

competing to win global customers. It is most likely to succeed when MNC requirements lie in Europe,

Latin America, and North America – it has some work to do on building a comprehensive MSSP service

portfolio. Ovum expects Telefonica to refine its managed security services portfolio as that portfolio

matures and it develops its cybersecurity capabilities further, and we believe that the telco should

highlight and provide more detail on its security consulting capabilities.

T-Systems

Figure 10: T-Systems’ managed security services portfolio

Source: T-Systems




T-Systems offers its managed security services with four different pillars and two service overlays:

advanced cyberdefense services and security consulting. The major pillars are enterprise security

management, identity and access management, ICT infrastructure security, and clean pipe services. The

carrier’s managed security services come under ICT infrastructure security services, as does mobile

security, although it is not shown in Figure 10. T-Systems' mobile security portfolio addresses the mobile

interactions within the enterprise and can be added in a modular way to the managed security services

portfolio.

Enterprise security management

T-Systems offers comprehensive security management of ICT infrastructure; this includes governance,

risk, and compliance systems. Design and integration of security processes, architectures, and

implementation for ICT systems are part of this service pillar, as are audit and penetration services,

security products, and system evaluations.

Identity and access management

Management of digital identities, trust center solutions, and smart cards are all included in T-Systems’

identity and access management service pillar. Authentication services, PKI-based solutions, and cloud-

based identity management services fit into this service group.

ICT infrastructure security

Dedicated security solutions (firewalls, VPN, IDS/IDP, antivirus, and filtering solutions) are part of this

service pillar. This includes content, web, email, and network security services.

Advanced cyberdefense services

Advanced cybersecurity management services that provide detection, response, and recommendations

for security threats and incidents are part of this existing managed security services overlay. The newly

announced RSA and T-Systems alliance mentions enhancements for advanced cyberdefense SOC

support, security tools, and enhanced malware support. Managed SIEM services have been running for

several years and are an integrated element of this service.

Security consulting

T-Systems provides complete consulting services as an overlay to its managed security services

portfolio. It offers consulting for the many different elements of its service portfolio and is working on

customized support and sharing vendor expertise.

Mobile security portfolio

T-Systems offers mobile security, but classes it separately from its managed security services portfolio.

Its security offers are divided into five categories: Dynamic Net-centric Sourcing (Cloud), Collaboration,

Mobile Enterprise, Security and Governance, and Sustainability and Corporate Responsibility. Mobile

security services are positioned as safeguarding mobile interactions across the enterprise and include



options for traditional mobile device management. One interesting aspect of T-Systems’ mobile security

offer is how it is built around different threat scenarios, with contrasting approaches for when the attacker

is and is not in possession of the device. In addition, the carrier has a mobile encryption program.


T-Systems positions itself as “the 360-degree MSSP” and the only MSSP that can provide the full

balance of IT and network security. It highlights its Deutsche Telekom (DT) heritage and claims to

provide a unique combination of IT security and telecoms security as core competencies. It also

highlights its end-to-end capabilities and cyber defense offering. In this context the provider builds on

four fundamental principles to structure its cyber security development: transparency, simplicity,

expertise and co-operation. The carrier’s efforts in managed security services have a primary regional

focus on the EU, with global expansion driven by its European (primarily German) MNC customers.


T-Systems has a strong set of security vendor partners, including HP, RSA, McAfee, Juniper,

Checkpoint, and newer vendors such as FireEye. The carrier recently announced a cyber security

partnership with global insurance company Allianz. It is also investing in certain vendors (e.g.,

CipherCloud) and is cooperating with a number of security start-ups. Like the other MSSPs in this report,

T-Systems emphasizes its carrier heritage as part of its experience in security, based on its roles as ISP,

global IP backbone provider, and manager of DT's internal infrastructure.

Road map

The major elements of T-Systems' road map for its managed security services are cybersecurity,

expanded DDoS protection, and identity management. With its RSA alliance T-Systems will offer

analysis of individual cyber risks for companies, advising them on cybersecurity strategies and

architectures and delivering advanced cybersecurity services. Next-generation security operation centers

will combine the latest technology with the expertise of cyberdefense specialists fromT-Systemsand RSA

and other vendors such as FireEye (for advanced malware detection, for example). The carrier has also

announced a new relationship with CipherCloud for cloud security, including an encryption solution for

enterprise customers using Salesforce.com services. It is working with global insurance company Allianz

to develop integrated solutions for damage prevention, network security, and risk management. T-

Systems will also continue to hire more security professionals; its managed security services and these

new alliances require additional staffing.

Clean pipes services are a set of bundled security services (e.g., email, web, firewall) for the various

segments of the enterprise market, with a strong focus on German enterprise customers. T-Systems will

leverage its cloud-based and network services to provide standard bundles with integrated security

services to its largest enterprise and SME customers. This is a planned offering that will be based on T-

Systems managed security investments.



Ovum assessment

T-Systems has one of the most IT-centric managed security services portfolios of all the MSSPs in this

report. Its legacy as the IT provider born out of the DT family means it has additional IT expertise that

has an impact on its position as an MSSP. Although the carrier does have global capabilities, the EU is

the primary focus of its managed security services. T-Systems will have strong appeal among EU-based

MNC and large enterprise customers. It recently announced new alliances with security vendors, and it

continues to invest in new security technology that will give it a strong position as it increases its

capabilities and expands in Europe. Mobile security is treated as a separate but integrated service based

on T-Systems’ five product categories. Ovum would expect this to result in growth in T-Systems’

European managed security business and for an increasing percentage of its large global deals to

include managed security services.

Verizon

Figure 11: Verizon’s managed security services portfolio overview

Source: Verizon


Verizon's managed security services started with a significant staff and geographic boost based on its

acquisition of Cybertrust in 2007. The carrier has developed its managed security portfolio over several

years and recently reorganized it, with a new focus on cybersecurity.

Asset and exposure management

Vulnerability management, application security and exposure management, data security for mobile, and

M2M professional services are all included in this service pillar, which is part of Verizon’s professional

services.



Security monitoring and analytics

Verizon offers different service models that provide security monitoring and analytics with standard SIEM

platforms (RSA and HP ArcSight). Advanced threat intelligence and monitoring is another premium

option that provides support beyond standard managed security monitoring services. Managed SIEM is

another option for enterprise customers that want Verizon to manage their SIEM on a dedicated basis.

The carrier recently announced support for RSA Security Analytics based on RSA's NetWitness platform.

Incident response and forensics

In this service pillar Verizon uses investigative incident responses and research to provide analysis and

response measures for security practices.

Security enforcement and protection

DDoS, IPS, and firewall are the major elements of Verizon's security enforcement and protection

services, with premise-based and cloud-based service varieties. Managed enterprise gateway services

and professional services are also included in this service pillar.

Identity and access management

Universal identity services, managed certificate services, and professional services related to identity

management are included in this service pillar.

Risk and compliance management

Verizon's Security Management Program includes assessments, audits, tactical recommendations, and

guidelines. Risk and compliance professional services and PCI certification are additional elements of

this service pillar.

Professional security consulting services

Verizon's global consulting and integration services organization covers services across its managed

security portfolio, including mobile security. Security consultants are disbursed globally but predominately

located in Europe, North America, and Asia-Pacific.

Mobile security

Verizon offers mobile security as part of its enterprise mobility program, which is separate from its formal

managed security services portfolio. The carrier’s enterprise-mobility-as-a-service includes secure

remote access, PC security, and updates for corporate devices. Its managed mobility service supports

managing, deploying, and supporting global mobile enterprise assets and workforces, including security

features.


Verizon's efforts in managed security services are a key part of its global go-to-market strategy for its

MNC and large enterprise customers. Verizon's annual Data Breach Investigations Report (DBIR) is also

one of the key activities that opens doors and creates credibility for the telco’s managed security



services. The DBIR stimulates discussion, and sometimes demand from enterprise customers and also,

from a PR perspective, helps Verizon to position itself at the center of the security industry, alongside

many international security players. The carrier positions its network and its Cybertrust acquisition as the

key anchors of its credibility as a trusted advisor on managed security services.

Verizon focuses on the US market, plus major MNCs and large corporate enterprises in Europe, Asia-

Pacific, and Latin America. Its security coverage in Latin America has been strengthened by its

acquisition of Terremark, which also had managed security services in the region.


Verizon's past acquisitions include Cybertrust, Terremark, and UUNet; incorporating these organizations

has created a strong base of security expertise and staff. CyberTrust had global capabilities and a

methodology that provided a strong base for security services, and included ICSA Labs, another security

asset. Verizon Cyber Intelligence Center (VCIC), established in April 2014, is a new business unit that

consolidates and centralizes the telco’s cybersecurity resources. VCIC will leverage these assets for

internal and external managed security efforts and will include participation with third parties to provide

an improved service for its customers. Verizon now also supports advanced persistent threat

technologies such as FireEye and Palo Alto WildFire in order to address the needs of the public and

private sectors.

Road map

Verizon will continue to partner with third parties and invest internally to increase its security incident

database. It will continue to boost its cybersecurity focus through its newly consolidated group. The

carrier plans to invest in analytics to provide correlation of security information for improved identification,

response, and remediation across its various managed security services clients and platforms. Verizon

has plans for enhancing its network DDoS service with a managed on-premise version to complement its

network-based service. There are also plans for a new security portal interface for customers and for

further expansion in Asia-Pacific.

Ovum assessment

Verizon is one of the stronger telco-led MSSPs, with a solid track record based on its telecoms heritage

and Cybertrust acquisition. Its global reach is very strong, covering North America, Europe, Asia-Pacific,

and Latin America. The carrier’s professional services and SOC coverage is one of its strengths. Verizon

has also worked extensively and deeply with security industry vendors and third parties since its

Cybertrust acquisition, and is engaged with many of the new start-ups that are providing security

services and cybersecurity intelligence.

APPENDIX

Methodology

This report is based on interviews with, briefings from, and surveys of the managed services divisions of

AT&T, BT, Orange, Telefonica, T-Systems, and Verizon. All the carriers provided responses to Ovum's



survey on managed security services portfolios, including their recent announcements and future road

maps, with some information provided under NDA. The author also drew on other Ovum enterprise

research and surveys, and collaborated with Ovum's IT Services and Security teams for review and

additional insight and analysis.

Further reading

The Competitive Landscape for DDoS Protection, IT0022-000086 (June 2014)

2014 Trends to Watch: Security, IT017-004199 (September 2013)

“Gemalto to facilitate telcos’ identity management services offerings,” IT0024-000081 (June 2014)

Author

Mike Sapien, Principal Analyst, Enterprise

[email protected]

Ovum Consulting

We hope that this analysis will help you make informed and imaginative business decisions. If you have

further requirements, Ovum’s consulting team may be able to help you. For more information about

Ovum’s consulting capabilities, please contact us directly at [email protected].

Copyright notice and disclaimer

The contents of this product are protected by international copyright laws, database rights and other

intellectual property rights. The owner of these rights is Informa Telecoms and Media Limited, our

affiliates or other third party licensors. All product and company names and logos contained within or

appearing on this product are the trademarks, service marks or trading names of their respective owners,

including Informa Telecoms and Media Limited. This product may not be copied, reproduced, distributed

or transmitted in any form or by any means without the prior permission of Informa Telecoms and Media

Limited.

Whilst reasonable efforts have been made to ensure that the information and content of this product was

correct as at the date of first publication, neither Informa Telecoms and Media Limited nor any person

engaged or employed by Informa Telecoms and Media Limited accepts any liability for any errors,

omissions or other inaccuracies. Readers should independently verify any facts and figures as no liability

can be accepted in this regard - readers assume full responsibility and risk accordingly for their use of

such information and content.

Any views and/or opinions expressed in this product by individual authors or contributors are their

personal views and/or opinions and do not necessarily reflect the views and/or opinions of Informa

Telecoms and Media Limited.

mailto:[email protected]

mailto:[email protected]

Ovum Decision Matrix: Selecting a Global Telco Managed Security Services Provider

Technology

Transcript of Ovum Decision Matrix: Selecting a Global Telco Managed Security Services Provider