• The market for managed security services is set to grow sixfold in the next five years, according to a new forecast from Appledore Research
• CSPs are well placed to become the dominant providers of such services in the coming years, but they will need to get smart with their bundling and provisioning
• The Appledore team believes complete automation and tying security to connectivity services will be key to CSP success

The market for managed security services is set to grow at a rapid pace over the next five years. It is expected to be worth $17.6bn by 2027 compared with just $2.3bn in 2022, according to the analyst team at Appledore Research. The team also believes that communications service providers (CSPs) are very well placed to grow their collective share of the total market and dominate the sector. (And that’s without the potential associated professional services revenues on offer, which Appledore sizes at $10.1bn by 2027). 

But, as you’d expect, it’s not as simple as sitting back and watching the business roll in.

According to the Appledore team, CSPs command just 15% of the market for managed end-to-end security services right now. That market comprises a range of services, including: Managed software-defined WAN (SD-WAN); security orchestration; next-generation firewalls-as-a-service; native cloud security-as-a-service; distributed denial of service (DDoS) protection and mitigation-as-a-service; and automated extended detection and response (XDR)-as-a-service. 

But as the market grows in the coming year – by more than sixfold, if the Appledore crystal ball is accurate – so CSPs have the potential to grow their share of the market to an impressive 48% and become the dominant suppliers in the market. 

They are well placed because enterprises are having to change the way they interact and operate with their customers, partners and employees, all while cybersecurity threats continue to grow. These factors mean enterprises, government bodies and other organisations now increasingly need managed, flexible security services that meet their needs within and beyond their physical premises and, with their history of providing the connectivity services between multiple locations, CSPs have a slam-dunk opportunity to win a lot of business and then build on that business with associated and additional services.    

But that potential is dependent on two important factors, notes Appledore principal analyst Grant Lenahan in his report Automated, Managed Security Market Forecast. Lenahan describes this market as a “must win” for CSPs, but notes that manual processes are not sufficient to deal with the complexity of emerging managed security service demands. And that’s a challenge because, while everyone in the industry is talking about automated processes, they are still few and far between in reality. 

The bottom line here from the Appledore team is that the potential growth staring CSPs in the face is “conditional on their ability to bundle services with transport connectivity, and to automate the entire offering,” and without specific focus on automating the provision of bundled connectivity and managed security services, “the opportunity for telcos will be lost to other kinds of providers,” notes the Appledore team. 

In this blog, Lenahan makes a great point about the market dynamics in play: The total cost of cybercrime is set to be a staggering $27,000bn by 2027, so investing in services that can lower cybersecurity risks looks like a no-brainer for all involved. 

The question, as ever, is whether the CSP community has the focus, resources and collective will to capitalise on what looks like a fantastic opportunity. 

There are certainly signs that telcos are ramping up their security service offerings. With its recent investment in Palo Alto, California-based cybersecurity specialist Safe Security, the developer of Security Assessment Framework for Enterprises (SAFE), BT Enterprise is pushing its managed security services as part of its re-energised focus on business customers under the leadership of Rob Shuter, as well as pushing the boundaries with the development of its quantum-secure network. Telefónica Tech has been building its security service capabilities for the past two years through organic development, acquisitions and partnerships, such as the one announced this week with Netskope. Verizon Business is pushing a security expertise story as part of its international expansion, supported by the insights from its Data Breach Investigations report. And Orange Business Services recently unveiled Service Manage-Watch, a global supervision solution for network services and applications, and teamed up with Fortinet for a secure access service edge (SASE) pitch to the enterprise customer market. And these are just a few examples.

But will this lead to the automated provisioning and service bundling that Appledore regards as key to CSP success in the managed security services market? We’ll trust them to monitor developments and let us know in due course…

- Ray Le Maistre, editorial director, TelecomTV