Reseller News

How do Kiwi businesses select managed security service providers?

Biggest market growth will be driven by app security testing

Having an established relationship ranks as the top criterion for businesses selecting managed security service providers (MSSP) in New Zealand, as customers continue to place trust in the channel.

With organisations preferring to extend existing agreements, rather than seek new outsourcing providers, the onus is now on partners to capitalise on increased security investment across the country.

According to IDC findings, global coverage (10.3 per cent) ranks as the second top attraction for customers choosing MSSPs locally, followed by the ability to provide a one-stop shop through a “comprehensive portfolio” (9.7 per cent).

Delving deeper, in-country security operations centres (8.8 per cent) and a strong local presence (8.3 per cent) round out the top five criteria, followed by commercial and technical flexibilities (eight per cent).

Meanwhile, competitive pricing ranks lower (7.5 per cent), only ahead of brand reputation (6.3 per cent), 24x7 support (6.3 per cent) and solid customer knowledge (6.3 per cent).

“Cyber security risks are business risks,” IDC New Zealand research director, Louise Francis, said. “CEO’s and CIO’s are becoming acutely aware that they will be challenged to maintain their enterprise’s digital vision, while also addressing increasing security concerns.”

Locally speaking, Francis said security and business risk concerns are now seen as the biggest barriers for organisations seeking to benefit from digital transformation.

“IDC expects this to remain a top area of focus for the foreseeable future,” Francis added. “But it is important to remember: security is never about the technology. It is an organisational mindset.”

The criteria for security expertise in the channel follows the release of the IDC Security Heatmap, which reveals the challenges that Kiwi organisations face when investing in security.

IDC New Zealand
IDC New Zealand

Specifically, top roadblocks centre around budget plans; investment intent, and sentiment around overall engagement with security service providers.

“The fast pace of technological disruption is necessitating a tremendous amount of work across all levels of New Zealand organisations to manage the accompanying security risks,” Francis added.

“Two years ago, New Zealand organisations were focused on security at the perimeter, and end-point connections. Now there is a much greater understanding that security must be embedded within all technology deployments and solutions, right from the concept stage.

“There is also much greater awareness that employees can provide one of the most significant security vulnerabilities to an organisation."

As outlined by Francis, within the mobility threat landscape 70 per cent of the threats can be traced back to user related factors: uninformed and malicious users, unsecured devices and unsecured applications.

Specifically, almost a quarter of New Zealand organisations have experienced downtime due to human error, with 19 per cent experiencing downtime due to data security breaches within the last year.

As a result, 65 per cent of local businesses prefer to partly or entirely outsource security services, and over a third (37 per cent) are planning to renew or expand existing engagements, to ensure relevance in the next 12-24 months.

Of note to the channel, 28 per cent of businesses are increasing security services budgets in 2018, but nine per cent are decreasing spend in parallel.

While network and content security continue to be the most outsourced security elements, the biggest growth will be driven by app security testing and mitigation of denial of service (DDoS) type of attacks as organisations aim to address the security threats to the organisation.