Security Service Providers Misaligned with Customer Needs

Written by

Asked where managed security offerings should improve, IT departments are most keen to see better email security; better web protection; and better antivirus. Managed security providers on the other hand are planning on prioritizing security consultancy and offering more proactive system updates and patching—indicative of the misalignment in the relationship.

Indeed, IT departments ranked both of these improvements to the managed security offering towards the bottom of their priorities.

That’s according to LogicNow and its annual health-check of the global IT service management market. Rather than find harmony between IT service providers and their customers, the ‘compare and contrast’ survey found a concerning level of discord between what customers need and expect, and what IT service providers are delivering.

When IT departments were asked, “how do you want managed security offerings to evolve?” the No. 1 response was improved email security. That contrasts sharply with vendor roadmaps, which prioritize security consultancy work—probably because it offers a new revenue stream.

“Pushing strategic consultancy too early in the relationship gives an impression of under-valuing the immediate concern weighing heaviest on the customer’s mind,” said Alistair Forbes, general manager at LogicNow, in a statement. “IT departments engage with service providers because they have a particular problem that needs solving. This must be addressed first to earn the opportunity of a strategic engagement later on.”

IT departments from there said that they are focused, in order, on the following: improved web protection; improved anti-virus; tighter endpoint security; provision of security education for employees; security consultancy; more proactive patching and system updates; and improved mobile device security.

That’s compared to the managed security companies’ priority list, which reads: More proactive patching and system updates; improved web protection; improved anti-virus; improved mobile device security; improved email security; tighter endpoint security; and provision of security education for employees.

The report also uncovered a raft of unfriendly pricing structures: 84% of IT departments (76% globally) want to pay for managed security services with a single invoice on either a monthly, quarterly or annual basis that encompass all the charges for all their IT security needs—technology licenses and associated services combined. Concerningly, 47% of IT service providers (49% globally) are invoicing in exactly the wrong way, by invoicing for every technology individually, or on an ad-hoc basis. Even worse, 76% (66% globally) are deliberately not planning to change their invoicing processes in the next 12 months.

“At LogicNow, we champion the managed service provider model,” Forbes said. “IT departments benefit most from proactive support rather than service providers simply reacting when things go wrong. And at the same time, it’s a more profitable business model for service providers. However, our [report] clearly shows that IT service providers need to be patient in their pursuit of this model, and choose their timing carefully.”

What’s hot on Infosecurity Magazine?