Websites of leading managed security service providers show far fewer services historically compared with today's dozens, reflecting significant service proliferation. Many providers now pursue broad portfolios, sometimes adding services that undermine the quality of their original offerings. Businesses that focus on one service are increasingly bolting on lower-standard, supplementary offerings that can conflict with core capabilities. Cyber security needs are complex and demand specialist expertise rather than generalist promises. Commercial motives, such as growing annual recurring revenue, often drive expansion, while customers seek fewer vendors to reduce complexity and procurement burden. Industry trends and consolidation further encourage service growth.
If you crank up the Wayback Machine and load the websites of today's biggest managed security service providers (MSSPs), you'll get a neat reminder of a time before the huge proliferation in services that we see today. Most providers offered only a handful of services then, compared to the dozens they do now. If that sounds like progress, I'm not so sure.
In my view, the ambition of some managed service providers to be everything for everyone has watered down the overall quality of security services on the market. Not only is this bad for customers; it's detrimental to the entire sector. Businesses that have built their reputation on delivering one particular service are now bolting on "supplementary" services that aren't of the same high standard.
A common rationale from providers to explain service expansion is that joined up services can be more efficient and lead to better outcomes for customers. Whilst this can be true, the main driver is often a commercial need to grow annual recurring revenues. From the customer side, working with fewer providers is often seen as a way to reduce complexity and avoid lengthy procurement cycles.
Collection
[
|
...
]