Marketscope for Managed Security Services in Europe
Marketscope for Managed Security Services in Europe
Marketscope for Managed Security Services in Europe
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
MarketScope <strong>for</strong> <strong>Managed</strong> <strong>Security</strong> <strong>Services</strong> <strong>in</strong><br />
<strong>Europe</strong><br />
Published: 24 October 2011<br />
Analyst(s): Carsten Casper<br />
G00219325<br />
The market <strong>for</strong> managed security services <strong>in</strong> <strong>Europe</strong> is mature and changes<br />
slowly. IT <strong>in</strong>frastructure and communications service providers dom<strong>in</strong>ate,<br />
security specialists fill a niche, and growth cont<strong>in</strong>ues.<br />
What You Need to Know<br />
This document was revised on 27 October 2011. The document you are view<strong>in</strong>g is the<br />
corrected version. For more <strong>in</strong><strong>for</strong>mation, see the Corrections page on gartner.com.<br />
<strong>Managed</strong> security services (MSSs) <strong>in</strong> <strong>Europe</strong> show all the signs of a mature market, which<br />
cont<strong>in</strong>ues to justify a Gartner MarketScope as the survey methodology.<br />
Dur<strong>in</strong>g the past 12 months, the <strong>Europe</strong>an MSS market grew as anticipated, and will probably reach<br />
$2.5 billion by year-end 2011. We expect growth to cont<strong>in</strong>ue, with a compound annual growth rate<br />
of 14% from 2011 to 2015. IT management is not the largest, but is still the fastest-grow<strong>in</strong>g<br />
segment of the security services market.<br />
Vendors Added or Dropped<br />
We review and adjust our <strong>in</strong>clusion criteria <strong>for</strong> Magic Quadrants and MarketScopes as markets<br />
change. As a result of these adjustments, the mix of vendors <strong>in</strong> any Magic Quadrant or<br />
MarketScope may change over time. A vendor appear<strong>in</strong>g <strong>in</strong> a Magic Quadrant or MarketScope one<br />
year and not the next does not necessarily <strong>in</strong>dicate that we have changed our op<strong>in</strong>ion of that<br />
vendor. This may be a reflection of a change <strong>in</strong> the market and, there<strong>for</strong>e, changed evaluation<br />
criteria, or a change of focus by a vendor.<br />
Our "MarketScope <strong>for</strong> <strong>Managed</strong> <strong>Security</strong> <strong>Services</strong> <strong>in</strong> <strong>Europe</strong>" <strong>in</strong> May 2010 surveyed 16 <strong>Europe</strong>an<br />
managed security service providers (MSSPs). For 2011, 17 MSSPs met our <strong>in</strong>clusion criteria and did<br />
not meet our exclusion criteria. Table 1 shows which providers we surveyed dur<strong>in</strong>g the past four<br />
years. In 2011, Telefonica returned, T-Systems was dropped, and Open Systems was added <strong>for</strong> the<br />
first time. Dell acquired SecureWorks, and the company appears at a different position <strong>in</strong> the list.<br />
Apart from these changes, the provider landscape has been fairly stable.
Table 1. MSSPs Surveyed <strong>in</strong> MarketScopes 2008-2011<br />
May 2008 September 2009 September 2010 October 2011<br />
AT&T AT&T AT&T AT&T<br />
Atos Orig<strong>in</strong> Atos Orig<strong>in</strong> Atos<br />
BT Global <strong>Services</strong> BT Global <strong>Services</strong> BT Global <strong>Services</strong> BT Global <strong>Services</strong><br />
Getronics<br />
Cable & Wireless<br />
Computacenter Computacenter Computacenter<br />
CSC CSC<br />
Dell (SecureWorks)<br />
HCL Technologies HCL Technologies HCL Technologies HCL Technologies<br />
EDS, an HP Company HP HP<br />
IBM Internet <strong>Security</strong> Systems (ISS) IBM ISS IBM Global Technology <strong>Services</strong> IBM <strong>Security</strong> <strong>Services</strong><br />
Integralis Integralis Integralis Integralis<br />
Open Systems<br />
Orange Bus<strong>in</strong>ess <strong>Services</strong> Orange Bus<strong>in</strong>ess <strong>Services</strong> Orange Bus<strong>in</strong>ess <strong>Services</strong> Orange Bus<strong>in</strong>ess <strong>Services</strong><br />
SecureWorks<br />
Symantec Symantec Symantec Symantec<br />
Page 2 of 28 Gartner, Inc. | G00219325
May 2008 September 2009 September 2010 October 2011<br />
Tata Communications Tata Communications<br />
Telefonica Telefonica<br />
T-Systems T-Systems T-Systems<br />
VeriSign VeriSign<br />
Verizon Bus<strong>in</strong>ess Verizon Bus<strong>in</strong>ess Verizon Bus<strong>in</strong>ess Verizon<br />
Wipro Technologies Wipro Technologies Wipro Technologies Wipro Technologies<br />
Source: Gartner (October 2011)<br />
Gartner, Inc. | G00219325 Page 3 of 28
Geographic Scope, Inclusion and Exclusion Criteria<br />
Although the market grew <strong>in</strong> volume, we did not revise our <strong>in</strong>clusion criteria regard<strong>in</strong>g the m<strong>in</strong>imum<br />
number of managed devices (700 firewalls and <strong>in</strong>trusion detection system [IDS]/<strong>in</strong>trusion prevention<br />
system [IPS]) and the m<strong>in</strong>imum number of customers <strong>in</strong> <strong>Europe</strong> <strong>in</strong> 2011 (50 external customers; <strong>for</strong><br />
the complete <strong>in</strong>clusion criteria, see the Inclusion and Exclusion Criteria section). We did, however,<br />
amend the exclusion criteria <strong>in</strong> order to focus this market analysis on truly regional providers. As a<br />
result, Savvis (with a U.S. focus), SSP <strong>Europe</strong> and T-Systems (with a Germany focus) meet the<br />
exclusion criteria and have not been <strong>in</strong>cluded <strong>in</strong> this research.<br />
Several other providers have a subregional focus <strong>in</strong> <strong>Europe</strong>: Atos <strong>in</strong> Benelux/France,<br />
Computacenter <strong>in</strong> the U.K./Germany, Open Systems <strong>in</strong> Germany/Austria/Switzerland, Orange<br />
Bus<strong>in</strong>ess Systems <strong>in</strong> Benelux/France/U.K., and Telefonica <strong>in</strong> Southern <strong>Europe</strong>. They have not been<br />
excluded, because they have significantly more than 10% of their bus<strong>in</strong>ess outside their <strong>Europe</strong>an<br />
home countries. They have sales staff <strong>in</strong> several <strong>Europe</strong>an countries and can support clients with<br />
regional (rather than local) requirements. This MarketScope has a strong focus on <strong>Europe</strong>an clients,<br />
but these clients have operations all over the world. While 100% of them demand coverage <strong>in</strong><br />
<strong>Europe</strong>, 40% also ask their provider to manage devices <strong>in</strong> Asia/Pacific, and 30% want their provider<br />
to cover devices <strong>in</strong> North America.<br />
Overall, we track around 100 MSSPs worldwide, with about one-third of them <strong>in</strong> <strong>Europe</strong>. The ones<br />
that do not appear operate mostly <strong>in</strong> one country (<strong>for</strong> example, S12sec <strong>in</strong> Spa<strong>in</strong>), provide a very<br />
specialized security service (such as Qualys <strong>for</strong> vulnerability scann<strong>in</strong>g) or do not provide standalone<br />
security services (<strong>for</strong> example, Unisys). For example, the follow<strong>in</strong>g providers were considered,<br />
but not <strong>in</strong>cluded: Box<strong>in</strong>g Orange, CGI Group, CompuCom, Dimension Data, KPN/Getronics,<br />
Outpost24, Retarus, S21sec, S2 Grupo, Savvis, SecureIT, Sentor, SSP <strong>Europe</strong>, Tel<strong>in</strong>dus,<br />
Trustwave, T-Systems, United Service Providers and Unisys.<br />
Landscape of Different Types of Providers Rema<strong>in</strong>s Relatively Stable<br />
The market <strong>for</strong> managed and related security services cont<strong>in</strong>ues to evolve, but the types of players<br />
are still the same. There are few stand-alone security players left <strong>in</strong> the Pan-<strong>Europe</strong>an market. Most<br />
providers sell security services bundled with <strong>in</strong>frastructure management and outsourc<strong>in</strong>g (<strong>for</strong><br />
example, Atos, Computacenter, CSC, Dell, IBM <strong>Security</strong> <strong>Services</strong>, HCL Technologies, HP and<br />
Wipro Technologies) or bundled with communications services (<strong>for</strong> example, AT&T, BT Global<br />
<strong>Services</strong>, Orange Bus<strong>in</strong>ess <strong>Services</strong>, Tata Communications, Telefonica and Verizon). Only a few<br />
<strong>Europe</strong>an providers focus on IT security (<strong>for</strong> example, Integralis [now part of NTT Communications],<br />
Open Systems and Symantec). All providers <strong>in</strong> this MarketScope offer MSS as a discrete service.<br />
<strong>Europe</strong>an security providers service approximately 6,500 clients <strong>in</strong> <strong>Europe</strong>, and operate about<br />
28,000 firewall and unified threat management (UTM) devices, 5,500 network IPS/IDS and 14,000<br />
server IPS/IDS as well as 2,400 secure message and Web gateways. They also manage or monitor<br />
hundreds of Web application firewalls and customer-owned security <strong>in</strong><strong>for</strong>mation and event<br />
management (SIEM)/log management products. The large <strong>Europe</strong>an players serve the U.K. and<br />
Ireland; Benelux; Germany, Austria and Switzerland (DACH); France; and Southern and Eastern<br />
<strong>Europe</strong> <strong>in</strong> fairly equal proportions to the population and gross domestic products of those countries.<br />
Page 4 of 28 Gartner, Inc. | G00219325
Methodology<br />
We conducted our survey of MSSPs simultaneously <strong>in</strong> North America, <strong>Europe</strong> and Asia/Pacific. We<br />
contacted about 100 providers of MSS <strong>in</strong> these regions. Of them, 46 replied to our worldwide<br />
scop<strong>in</strong>g questionnaire. They <strong>in</strong>cluded <strong>in</strong><strong>for</strong>mation about all the regions <strong>in</strong> which they operate. Based<br />
on this <strong>in</strong><strong>for</strong>mation, we selected a subset of providers per region that met our <strong>in</strong>clusion criteria.<br />
These providers had to answer a more detailed questionnaire and provide references. The<br />
questionnaire was the same <strong>in</strong> all regions. In <strong>Europe</strong>, 17 providers met our <strong>Europe</strong>an <strong>in</strong>clusion<br />
criteria.<br />
We also contacted reference clients and conducted phone <strong>in</strong>terviews, as well as onl<strong>in</strong>e surveys.<br />
Reference clients were not only asked <strong>for</strong> <strong>in</strong><strong>for</strong>mation about their providers, but also questioned<br />
about other providers on their shortlists.<br />
The assessment <strong>in</strong> this MarketScope was per<strong>for</strong>med on the basis of survey data collected <strong>in</strong> May<br />
and June 2011, and client reference <strong>in</strong><strong>for</strong>mation collected <strong>in</strong> June, July and August 2011.<br />
Strategic Plann<strong>in</strong>g Assumption<br />
By 2015, 30% of enterprises that use public cloud <strong>in</strong>frastructure as a service will also use MSSPs<br />
<strong>for</strong> security monitor<strong>in</strong>g.<br />
MarketScope<br />
This survey focuses on these security services (<strong>in</strong>clud<strong>in</strong>g managed customer premises equipment<br />
[CPE]), provider-hosted devices and cloud delivery. They are listed <strong>in</strong> order of popularity to<br />
<strong>Europe</strong>an clients. Devices near the top of the list are managed and monitored most often, accord<strong>in</strong>g<br />
to the reference clients contacted dur<strong>in</strong>g this market analysis:<br />
■ Firewall<br />
■ Network IDS/IPS (see Note 1)<br />
■ Web application firewall<br />
■ Secure Web gateway devices (see Note 2)<br />
■ Vulnerability scan devices<br />
■ Secure message gateway devices (see Note 2)<br />
■ Server/directory/application/database management system log sources<br />
■ Server IDS/IPS<br />
■ Desktop/endpo<strong>in</strong>t security client<br />
Gartner, Inc. | G00219325 Page 5 of 28
■ Multifunction firewall/UTM device<br />
■ Customer-owned SIEM/log management products<br />
■ Data loss prevention (DLP) devices<br />
Firewall management and monitor<strong>in</strong>g are still the most widely consumed security services.<br />
However, the use of Web application firewalls, secure Web and email gateway devices, vulnerability<br />
scann<strong>in</strong>g, and log management has <strong>in</strong>creased significantly — now be<strong>in</strong>g consumed by roughly 30%<br />
to 40% of <strong>Europe</strong>an clients. On the other hand, fewer organizations rely on network-based IDS/IPS<br />
services (only about half of them do, compared with 70% <strong>in</strong> 2010). Consumption of desktop/<br />
endpo<strong>in</strong>t security and SIEM management has <strong>in</strong>creased only slightly. DLP still closes the list.<br />
<strong>Europe</strong>an clients are not pressured to deploy DLP, and most discussions evolve around policy<br />
design and implementation, not the management of DLP devices.<br />
In addition to these <strong>in</strong>frastructure-based security services, most <strong>Europe</strong>an providers offer<br />
complementary security services. The ones that are consumed most often are near the top of the<br />
list:<br />
■ On-site technical support <strong>for</strong> security products<br />
■ <strong>Security</strong> consult<strong>in</strong>g (policy, organizations and architecture)<br />
■ <strong>Security</strong> system <strong>in</strong>tegration<br />
■ Threat <strong>in</strong>telligence <strong>in</strong><strong>for</strong>mation (vulnerability research)<br />
■ Application security (security test<strong>in</strong>g and code review)<br />
Note: Identity-related services (authentication and token management) are not covered <strong>in</strong> this<br />
research.<br />
Pric<strong>in</strong>g and Service-Level Agreements<br />
Pric<strong>in</strong>g is difficult to compare from provider to provider and from year to year, because each client<br />
has different requirements regard<strong>in</strong>g types of services (firewall, IPS, email/Web and so on), volume<br />
(from one firewall to several thousand firewalls), delivery model (CPE-based, hosted and cloud),<br />
geographic coverage, level of engagement (monitor<strong>in</strong>g/management), <strong>in</strong>tegration (with IT<br />
<strong>in</strong>frastructure management or with communication services), service quality, response times,<br />
service-level agreements (SLAs) and language support. Price is a key factor <strong>in</strong> most purchase<br />
decisions, but comparisons are difficult outside of a specific RFP.<br />
Our observations on pric<strong>in</strong>g <strong>for</strong> management and monitor<strong>in</strong>g of virtualized security devices rema<strong>in</strong><br />
unchanged. There is still not best practice. Here are some approaches we encountered <strong>in</strong> <strong>Europe</strong>:<br />
■ The provider says that it will pass on benefits of virtualized <strong>in</strong>frastructure to the client, but no<br />
pric<strong>in</strong>g details are revealed.<br />
■ The monitor<strong>in</strong>g price <strong>for</strong> a virtualized device is the same as the monitor<strong>in</strong>g price <strong>for</strong> a CPE<br />
device, but the management price <strong>for</strong> a virtualized device is less than the management price <strong>for</strong><br />
a CPE device.<br />
Page 6 of 28 Gartner, Inc. | G00219325
■ Pric<strong>in</strong>g <strong>for</strong> virtualized <strong>in</strong>frastructure is split <strong>in</strong>to a device monitor<strong>in</strong>g part (fixed fee) and virtual<br />
firewall monitor<strong>in</strong>g part (digressive fee <strong>for</strong> each virtual firewall). The same applies to<br />
management of virtualized <strong>in</strong>frastructure.<br />
SLAs have not changed significantly. Most providers offer 15 m<strong>in</strong>utes or 30 m<strong>in</strong>utes as the fastest<br />
possible response times (sometimes <strong>in</strong> the standard, sometimes only <strong>in</strong> the "premium" package).<br />
However, this only relates to the notification of the client. Resolution times vary widely, and<br />
obviously depend on the nature of the issue. A few providers even display an <strong>in</strong>cident immediately<br />
on the customer portal, giv<strong>in</strong>g customers <strong>in</strong><strong>for</strong>mation <strong>in</strong> real time.<br />
Some providers make an attempt to <strong>in</strong>novate with SLAs and pric<strong>in</strong>g. Below are some examples:<br />
■ Firewall pric<strong>in</strong>g depends on bandwidth commitments (not consumption).<br />
■ No m<strong>in</strong>imal fixed cost <strong>for</strong> usage-based pric<strong>in</strong>g (<strong>for</strong> example, vulnerability scans).<br />
■ Reduced pric<strong>in</strong>g <strong>for</strong> permission to offshore security operations.<br />
■ Customers who br<strong>in</strong>g new clients can benefit from a discount on the comb<strong>in</strong>ed service volume.<br />
■ Client satisfaction is measured after each <strong>in</strong>teraction as a key per<strong>for</strong>mance <strong>in</strong>dicator.<br />
■ Outsourcer commits to a price decrease per year (such as 5%) rather than an upfront payment.<br />
In general, contracts have become more specific and concrete. Some providers have <strong>in</strong>dicated that<br />
they now move from service-level objectives to service-level agreements. Clients that have been<br />
disappo<strong>in</strong>ted by a previous provider's per<strong>for</strong>mance push hard to <strong>in</strong>clude penalties <strong>in</strong> new contracts.<br />
Such a penalty typically amounts to a percentage of the monthly charge up to a maximum of one<br />
monthly charge of the service cost and is paid as a credit or an immediate payout (potentially with<br />
an "earn-back" clause <strong>for</strong> subsequent SLA compliance).<br />
Types of <strong>Services</strong> Offered<br />
Delivery models cont<strong>in</strong>ue to change, and the topics "cloud comput<strong>in</strong>g" and "virtualization"<br />
dom<strong>in</strong>ate many discussions with <strong>Europe</strong>an clients. However, the change is not massive; rather, it<br />
develops at vary<strong>in</strong>g speeds, depend<strong>in</strong>g on the service <strong>in</strong> question. Up to 5% of revenue is shift<strong>in</strong>g<br />
from CPE to non-CPE delivered services every year, and non-CPE-based delivery is at<br />
approximately 10% <strong>for</strong> firewalls, UTMs and network IDS/IPS; more than 15% <strong>for</strong> Web application<br />
firewalls; and up to 35% <strong>for</strong> secure messag<strong>in</strong>g. SIEM management, log sources and server IDS/IPS<br />
are still predom<strong>in</strong>antly operated on customer premises. Vulnerability scann<strong>in</strong>g is often executed<br />
remotely, but usually with the help of some additional devices <strong>in</strong>stalled on customers' premises.<br />
Virtualization also plays an <strong>in</strong>creas<strong>in</strong>g role. A concern raised by some clients is that monitor<strong>in</strong>g<br />
capabilities <strong>for</strong> virtualized <strong>in</strong>frastructure are not as detailed as the ones <strong>for</strong> on-premises equipment.<br />
Moreover, a report might be available only on request, rather than through the portal. This will be<br />
acceptable <strong>for</strong> some clients, but impossible <strong>for</strong> others. This is similar to different customers'<br />
attitudes to determ<strong>in</strong><strong>in</strong>g the security product vendor. While some customers explicitly require that<br />
the provider takes over the management of their exist<strong>in</strong>g <strong>in</strong>frastructures (<strong>in</strong>to which they <strong>in</strong>vested<br />
Gartner, Inc. | G00219325 Page 7 of 28
heavily), others accept whatever product the provider suggests and are also more open to<br />
virtualized versions of these products.<br />
Relationships Between Providers and Customers<br />
White-label<strong>in</strong>g of services (that is, offer<strong>in</strong>g security services under the brand name of another<br />
provider) seemed a trend <strong>in</strong> 2010, but did not ga<strong>in</strong> <strong>in</strong> importance <strong>in</strong> 2011. The only exception<br />
cont<strong>in</strong>ues to be vulnerability scann<strong>in</strong>g where most <strong>Europe</strong>an providers collaborate with Qualys (12<br />
out of 17). In the area of threat <strong>in</strong>telligence and vulnerability notification services, the picture is less<br />
consistent, and <strong>Europe</strong>an MSSPs collaborate with up to seven partners to provide this <strong>in</strong><strong>for</strong>mation.<br />
Integration of network/IT services and security services also deserves particular attention. Client<br />
satisfaction can go both ways. Some clients said that they only consume the security services of<br />
this provider, because it's part of a larger outsourc<strong>in</strong>g deal, and they did not have any choice but to<br />
<strong>in</strong>clude security. Other clients also criticize such an <strong>in</strong>tegrated approach, but <strong>in</strong> fact, they are<br />
happier with the security services than with the ma<strong>in</strong> part of the outsourc<strong>in</strong>g deal.<br />
Clients also need to exercise caution regard<strong>in</strong>g new types of security services. Some providers will<br />
fill the gap with third-party service offer<strong>in</strong>gs — which is certa<strong>in</strong>ly acceptable — but contract<br />
management can become an issue if the client is locked <strong>in</strong>to a contract with the third party, rather<br />
than its own security provider. Once the <strong>in</strong>cumbent provider starts offer<strong>in</strong>g the same service, the<br />
client must be allowed to quit the third-party contract and transition back to the legacy providers,<br />
which does not always seem to be the case.<br />
Some clients appreciate a clear segregation of duties, but few actually phrase it as a requirement.<br />
Overall, there are basically three types of security services:<br />
1. Management of security <strong>in</strong>frastructure, <strong>in</strong>clud<strong>in</strong>g hosted or cloud-based security <strong>in</strong>frastructure.<br />
In-house <strong>in</strong>frastructure is still sometimes managed by an <strong>in</strong>ternal team, often by network<br />
operations.<br />
2. Monitor<strong>in</strong>g of security <strong>in</strong>frastructure, <strong>in</strong>clud<strong>in</strong>g log management, correlation, SIEM and<br />
advanced portal capabilities. Especially <strong>in</strong> large contracts, there is a tendency to let the MSSP<br />
do the monitor<strong>in</strong>g while <strong>in</strong>-house staff or another partner (such as a telecommunication provider<br />
or an IT outsourcer) is manag<strong>in</strong>g the <strong>in</strong>frastructure.<br />
3. Vulnerability scann<strong>in</strong>g services. These are often provided by Qualys, sometimes by other<br />
vendors or the MSSP itself, and usually <strong>in</strong> a comb<strong>in</strong>ation of all of the previous.<br />
In summary, clients engage up to three different providers <strong>for</strong> the different tasks. Alternatively, an <strong>in</strong>house<br />
team takes care of these tasks. This is often the case <strong>for</strong> <strong>in</strong>frastructure management,<br />
sometimes <strong>for</strong> monitor<strong>in</strong>g and rarely <strong>for</strong> vulnerability scann<strong>in</strong>g.<br />
Operational Concerns<br />
There are some <strong>in</strong>dications that the follow-the-sun approach with which several providers operate is<br />
not always the best solution. Clients mentioned the follow<strong>in</strong>g issues:<br />
Page 8 of 28 Gartner, Inc. | G00219325
■ There is the danger that difficult customer issues are passed from security operations center<br />
(SOC) to SOC like a hot potato. While the local SOC focuses on the immediate needs of local<br />
clients, the needs of remote clients receive a lower priority. Clients have expla<strong>in</strong>ed that their<br />
<strong>Europe</strong>an SOC serves them very well, while the North American SOC does more harm than<br />
good.<br />
■ Given the <strong>in</strong>creas<strong>in</strong>g need to store data <strong>in</strong> the country (or at least the region) of orig<strong>in</strong>, clients<br />
are concerned that sensitive data is sent to countries with less protection. This can already be a<br />
problem regard<strong>in</strong>g backup data centers <strong>in</strong> other regions, but it is an immediate issue when data<br />
is passed around on a daily basis. Fortunately, this is critical <strong>for</strong> only very few clients, and while<br />
some might br<strong>in</strong>g up this concern dur<strong>in</strong>g contract negotiations, very few will actually make SOC<br />
location an exclusion criterion.<br />
Related to the location of the primary data center is another concern: cultural differences. Staff from<br />
other countries or even from other regions of the world may not only speak with a strong accent,<br />
but also have a different attitude toward service delivery and customer satisfaction. However, these<br />
differences are decreas<strong>in</strong>g year over year. As one reference client expressed it: If you're go<strong>in</strong>g<br />
offshore, then you should plan <strong>for</strong> cultural adjustments. You can't expect everybody else to adapt to<br />
you — you have to adapt as well.<br />
Decision Criteria<br />
The ma<strong>in</strong> drivers to engage an MSSP are still to reduce costs, to reduce capital expenditures, and<br />
to supplement or replace <strong>in</strong>-house expertise and <strong>in</strong>-house resources. In <strong>Europe</strong>, regulatory<br />
compliance plays less of a role than <strong>in</strong> the U.S.<br />
More specifically, we asked our <strong>Europe</strong>an reference clients <strong>for</strong> their ma<strong>in</strong> reasons <strong>for</strong> choos<strong>in</strong>g their<br />
service provider. Unlike last year, view<strong>in</strong>g the provider as a strategic partner is not as important a<br />
decision factor as <strong>in</strong> 2010 (28% <strong>in</strong> 2011 versus 52% <strong>in</strong> 2010). The enumeration below shows the<br />
decision factors <strong>in</strong> decreas<strong>in</strong>g order of importance:<br />
■ <strong>Security</strong> expertise<br />
■ Pric<strong>in</strong>g (total cost of contracted services)<br />
■ Understand<strong>in</strong>g of bus<strong>in</strong>ess needs<br />
■ Industry experience<br />
■ Quality of response to RFP or presentation of capabilities<br />
■ View as a strategic partner<br />
■ Perceived viability and/or f<strong>in</strong>ancial strength<br />
■ Positive experience with provider<br />
■ Good feedback from references<br />
■ Project implementation methodology<br />
Gartner, Inc. | G00219325 Page 9 of 28
These priorities favor the specialist provider, the one that can show security, bus<strong>in</strong>ess and <strong>in</strong>dustry<br />
expertise, not the large <strong>in</strong>cumbent provider of IT or network operations who likes to be preselected<br />
as a strategic partner. This is emphasized by the fact that the reason quoted most often <strong>for</strong> reject<strong>in</strong>g<br />
a provider's offer is "did not demonstrate understand<strong>in</strong>g of bus<strong>in</strong>ess needs."<br />
Few providers know how to differentiate themselves from the competition. Many claim to be<br />
"trusted advisors" and to have "global coverage." Feedback from reference clients is different.<br />
Pric<strong>in</strong>g, service quality and lack of SLAs are often reasons <strong>for</strong> dissatisfaction. Sometimes, mistakes<br />
are covered up, and documentation is bad. Clients often use two or more security providers (one <strong>for</strong><br />
email security and one <strong>for</strong> firewall management). They also compare the per<strong>for</strong>mance of the<br />
network provider aga<strong>in</strong>st the per<strong>for</strong>mance of the security <strong>in</strong>frastructure monitor<strong>in</strong>g provider. For<br />
example, a firewall and a router, both managed by different providers, are connected. In case of an<br />
outage, the client sees and compares the reaction time of both companies. One client said: "Our<br />
network provider <strong>in</strong><strong>for</strong>med us that the router was down, and our firewall provider did not even<br />
notice. It also happened that penetration test<strong>in</strong>g by a different provider has revealed that ports were<br />
not monitored." This has surfaced <strong>in</strong> 2010 and now aga<strong>in</strong> <strong>in</strong> 2011. Several reference clients were<br />
not will<strong>in</strong>g to take this any longer and gave "fair" to "poor" rat<strong>in</strong>gs, although most clients are still<br />
happy with their provider, and one-quarter rated them as "excellent."<br />
Purchas<strong>in</strong>g Behavior<br />
The bulk of the contracts <strong>for</strong> MSS <strong>in</strong> the <strong>Europe</strong>an region are valued from $150,000 to $750,000 per<br />
year (67% of contracts), while 11% of contracts are below the range, and 18% are above that<br />
range. The number of midsize contracts (versus large or small contracts) has <strong>in</strong>creased compared<br />
with 2010.<br />
The typical contract size <strong>in</strong> <strong>Europe</strong> is still much greater than <strong>in</strong> Asia/Pacific, where 60% of the<br />
contracts have a value of less than $150,000 per year. On the other hand, the typical contract size<br />
<strong>in</strong> <strong>Europe</strong> is similar to the typical contract size <strong>in</strong> the U.S., where 11% of the contracts are more<br />
than $1.5 million <strong>in</strong> annual value.<br />
Only one-quarter of the <strong>Europe</strong>an reference clients has been customers of their providers <strong>for</strong> less<br />
than one year; three-quarters have had their contracts <strong>for</strong> more than one year. The typical contract<br />
duration is still three years, but occasionally clients do not conduct a full tender with a detailed<br />
request <strong>for</strong> proposal when the contract expires after three years. If there are no major concerns,<br />
then they prefer to extend the contract <strong>for</strong> another three years, after which they would do a fullscale<br />
market analysis aga<strong>in</strong>.<br />
The question of whether it is a good or a bad th<strong>in</strong>g to outsource security services to non-<strong>Europe</strong>an<br />
providers came up less often <strong>in</strong> discussions with reference clients than last year. Gartner's clients<br />
are <strong>in</strong>creas<strong>in</strong>gly look<strong>in</strong>g <strong>for</strong> advice on how to secure and control such offshor<strong>in</strong>g, not whether this is<br />
the right option at all.<br />
<strong>Security</strong> Market<strong>in</strong>g<br />
The market<strong>in</strong>g message of a <strong>Europe</strong>an MSSP often reflects the providers' attitude to service<br />
delivery. Some providers focus on technical details, <strong>in</strong>sights about the chang<strong>in</strong>g threat landscape<br />
Page 10 of 28 Gartner, Inc. | G00219325
and security product <strong>in</strong>novations that cater to the needs of "lean <strong>in</strong>" customers — that is,<br />
customers who want to get the maximum out of the security services <strong>for</strong> which they believe they<br />
pay a premium. Other providers market to the needs of the "lean back" customer — that is, a<br />
customer who has very different core competencies (that is, not IT security) and simply wants the<br />
assurance that security has been taken care of. Such a provider emphasizes simplicity, costeffectiveness,<br />
global operations with local adjustments and <strong>in</strong>tegration (of networks and security or<br />
IT operations and security). Enterprise clients need to look beyond these market<strong>in</strong>g messages,<br />
because some providers cater to both types of audiences. Although there is no right or wrong, it is<br />
important that client expectations and provider capabilities match.<br />
Outlook<br />
The market <strong>for</strong> MSS is chang<strong>in</strong>g <strong>in</strong> various ways, <strong>in</strong>clud<strong>in</strong>g cloud delivery and virtualization. In 2012,<br />
the market <strong>for</strong> MSS <strong>in</strong> <strong>Europe</strong> will cont<strong>in</strong>ue to grow significantly <strong>in</strong> volume and also <strong>in</strong> terms of<br />
breadth of features and services. New or enhanced services will <strong>in</strong>clude distributed denial of service<br />
(DDoS) detection and mitigation, malware/botnet detection, fraud detection, DLP selection and<br />
implementation, reputation-based services, tokenization, and mobile security. These services will<br />
cont<strong>in</strong>ue to be complemented on occasion with various identity and access management (IAM)<br />
services (role management, authentication and privileged user monitor<strong>in</strong>g), VPN services and more<br />
powerful log management services. Management of customer premises security devices will still be<br />
the dom<strong>in</strong>ant delivery model, but the percentage of hosted, security-as-a-service (SecaaS) and <strong>in</strong>the-cloud<br />
security services will <strong>in</strong>crease steadily.<br />
There is still no widely accepted standard <strong>for</strong> the pric<strong>in</strong>g of monitor<strong>in</strong>g and the management of<br />
virtualized security <strong>in</strong>frastructure, and given the variety of options, it may never come. However,<br />
clients should ask <strong>for</strong> a significant advantage over premises-based services and should keep<br />
push<strong>in</strong>g <strong>for</strong> lower price po<strong>in</strong>ts. Pric<strong>in</strong>g <strong>for</strong> the hardware and pric<strong>in</strong>g <strong>for</strong> the logical service have to be<br />
separated and priced <strong>in</strong>dividually, whether or not management and monitor<strong>in</strong>g are addressed<br />
together.<br />
The split of the MSS market <strong>in</strong>to IT outsourcers that offer security services, network providers that<br />
offer security services, and security specialists has stabilized, and the market will cont<strong>in</strong>ue this way<br />
<strong>in</strong> 2012. Pure-play security providers will cont<strong>in</strong>ue to have their place and new players (<strong>for</strong> example,<br />
from <strong>Europe</strong> or India) will <strong>in</strong>crease <strong>in</strong> size and reach, and enter the regional <strong>Europe</strong>an market, try<strong>in</strong>g<br />
to differentiate themselves with <strong>in</strong>novative technology and a flexible portfolio of supported products.<br />
Market/Market Segment Description<br />
For the purposes of this research, Gartner def<strong>in</strong>es "managed security services" as the remote<br />
management or monitor<strong>in</strong>g of IT security functions delivered via remote security operations centers,<br />
not through personnel on-site. MSS does not, there<strong>for</strong>e, <strong>in</strong>clude staff augmentation or any<br />
consult<strong>in</strong>g, development and <strong>in</strong>tegration services.<br />
MSS <strong>in</strong>cludes:<br />
■ Monitored or managed firewall or IPSs<br />
Gartner, Inc. | G00219325 Page 11 of 28
■ Monitored or managed IPSs<br />
■ DDoS protection<br />
■ <strong>Managed</strong> secure messag<strong>in</strong>g gateway<br />
■ <strong>Managed</strong> secure Web gateway<br />
■ <strong>Security</strong> <strong>in</strong><strong>for</strong>mation management<br />
■ <strong>Security</strong> event management<br />
■ <strong>Managed</strong> vulnerability scann<strong>in</strong>g of networks, servers, databases or applications<br />
■ <strong>Security</strong> vulnerability or threat notification services<br />
■ Log management and analysis<br />
■ Report<strong>in</strong>g associated with monitored/managed devices and <strong>in</strong>cident response<br />
This MarketScope evaluates service providers that offer monitored/managed firewall and <strong>in</strong>trusion<br />
detection/prevention functions, rather than those whose ma<strong>in</strong> focus is on other elements of the<br />
services listed.<br />
Inclusion and Exclusion Criteria<br />
Inclusion Criteria<br />
To be <strong>in</strong>cluded <strong>in</strong> this MarketScope, an MSSP must have these qualifications:<br />
■ The ability to remotely monitor and/or manage firewalls and <strong>in</strong>trusion detection/prevention (IDP)<br />
devices from multiple vendors via discrete service offer<strong>in</strong>gs<br />
■ At least 700 firewall/IDP devices under remote management or monitor<strong>in</strong>g <strong>for</strong> external<br />
customers <strong>in</strong> <strong>Europe</strong><br />
■ At least 50 external customers <strong>in</strong> <strong>Europe</strong> with those devices under management or monitor<strong>in</strong>g<br />
■ Reference accounts <strong>in</strong> <strong>Europe</strong> relevant to Gartner customers<br />
Exclusion Criteria<br />
Providers were excluded from this MarketScope of regional providers if they:<br />
■ Have more than 90% of their <strong>Europe</strong>an customers and more than 90% of their devices <strong>in</strong>stalled<br />
<strong>in</strong> <strong>Europe</strong> <strong>in</strong> only one country<br />
■ Offer MSS only to end users that buy other, non-MSS services<br />
■ Offer services that monitor or manage only the service provider's own technology<br />
For example, vendors that have only MSS offer<strong>in</strong>gs, such as DDoS protection or vulnerability<br />
scann<strong>in</strong>g, but not device monitor<strong>in</strong>g and management, are not <strong>in</strong>cluded. Providers of primarily Web<br />
Page 12 of 28 Gartner, Inc. | G00219325
and email hygiene and trust services (<strong>for</strong> example, certificate authorities) are not <strong>in</strong>cluded. Other<br />
vendors offer MSS primarily to host<strong>in</strong>g customers, with limited offer<strong>in</strong>gs to others. As these<br />
providers expand the scope of their MSS offer<strong>in</strong>gs, they may be <strong>in</strong>cluded <strong>in</strong> future MarketScopes.<br />
Rat<strong>in</strong>g <strong>for</strong> Overall Market/Market Segment<br />
Overall Market Rat<strong>in</strong>g: Positive<br />
With a portfolio of mature basic services and an array of <strong>in</strong>novative options, the MSS market <strong>in</strong><br />
<strong>Europe</strong> is mature, with a solid growth perspective, despite — or to some extent because of — a<br />
cont<strong>in</strong>uously difficult global economic climate. Secure <strong>in</strong>frastructure management is a prerequisite<br />
<strong>for</strong> bus<strong>in</strong>esses that have to cut costs and operate under regulatory scrut<strong>in</strong>y and tight competition.<br />
Outsourc<strong>in</strong>g of security to nearshore or offshore countries has become a normal bus<strong>in</strong>ess option <strong>for</strong><br />
most organizations. Where security concerns rema<strong>in</strong>, physical operations <strong>in</strong> <strong>Europe</strong> are an option<br />
<strong>for</strong> most providers <strong>in</strong> this MarketScope. MSS customers usually extend their outsourc<strong>in</strong>g contracts<br />
and occasionally change providers, but they rarely move services back <strong>in</strong>-house, which is still<br />
considered the more costly option.<br />
These factors have resulted <strong>in</strong> the MSS market <strong>in</strong> <strong>Europe</strong> be<strong>in</strong>g <strong>for</strong>ecast to grow at a 14%<br />
compound annual growth rate from 2011 to 2015 (with the market size <strong>for</strong> 2011 <strong>for</strong>ecast at $2.5<br />
billion), which means it is still one of the growth sectors <strong>in</strong> the IT <strong>in</strong>dustry.<br />
Gartner, Inc. | G00219325 Page 13 of 28
Evaluation Criteria<br />
Table 2. Evaluation Criteria<br />
Evaluation Criteria Comment Weight<strong>in</strong>g<br />
Overall Viability<br />
(Bus<strong>in</strong>ess Unit,<br />
F<strong>in</strong>ancial, Strategy,<br />
Organization)<br />
Geographic<br />
Strategy<br />
Viability <strong>in</strong>cludes an assessment of the provider's f<strong>in</strong>ancial health, the<br />
f<strong>in</strong>ancial and practical success of the MSS unit, and the likelihood that<br />
the MSS unit will cont<strong>in</strong>ue <strong>in</strong>vest<strong>in</strong>g <strong>in</strong> managed security services, and<br />
research<strong>in</strong>g and develop<strong>in</strong>g <strong>in</strong>novative security services. Additional<br />
areas assessed <strong>in</strong>clude management experience, the number of<br />
customers <strong>in</strong> <strong>Europe</strong>, <strong>in</strong>vestment <strong>in</strong> R&D, and understand<strong>in</strong>g of<br />
bus<strong>in</strong>ess and technology trends.<br />
This <strong>in</strong>cludes the provider's strategy to direct resources, skills and<br />
offer<strong>in</strong>gs to meet the specific needs of regions outside the native<br />
area, directly or through partners, channels and subsidiaries, as<br />
appropriate <strong>for</strong> the region and market. We considered the vendor's<br />
ability to articulate the differences between the U.S. and <strong>Europe</strong>an<br />
MSS markets, as well as differences with<strong>in</strong> <strong>Europe</strong>.<br />
Product/ Service This is the provider's approach to service development and delivery,<br />
which emphasizes differentiation, functionality, methodology and<br />
feature sets as they map to current and future requirements. We<br />
considered the number of target plat<strong>for</strong>ms vendors can manage.<br />
Market<strong>in</strong>g Strategy This is a clear, differentiated set of messages, consistently<br />
communicated throughout the organization and externalized through<br />
the website, advertis<strong>in</strong>g, customer programs and position<strong>in</strong>g<br />
statements. In addition, we considered how providers measure the<br />
effectiveness of market<strong>in</strong>g programs.<br />
Customer<br />
Experience<br />
This <strong>in</strong>cludes the ways customers receive technical and account<br />
support. These can <strong>in</strong>clude ancillary tools, customer support<br />
programs (and the quality thereof) and the availability of user groups,<br />
SLAs and so on. We also assessed providers' implementation<br />
processes and system <strong>in</strong>tegration and consult<strong>in</strong>g capabilities.<br />
Reference client feedback was particularly important <strong>in</strong> the rat<strong>in</strong>g <strong>for</strong><br />
this criterion.<br />
Innovation This takes <strong>in</strong>to account capital and human resource <strong>in</strong>vestments, and<br />
the development of new services as displayed <strong>in</strong> the security service<br />
strategy and the road map.<br />
Market<br />
Responsiveness<br />
and Track Record<br />
Source: Gartner (October 2011)<br />
Ability to understand bus<strong>in</strong>ess and security technology trends and<br />
assess competitors. This <strong>in</strong>cludes the ability to respond, change<br />
direction, be flexible and achieve competitive success as new<br />
opportunities develop, competitors act, customer needs evolve and<br />
market dynamics change.<br />
High<br />
Standard<br />
Standard<br />
High<br />
High<br />
Standard<br />
Standard<br />
Page 14 of 28 Gartner, Inc. | G00219325
Figure 1. MarketScope <strong>for</strong> <strong>Managed</strong> <strong>Security</strong> <strong>Services</strong> <strong>in</strong> <strong>Europe</strong><br />
AT&T<br />
Atos<br />
BT Global <strong>Services</strong><br />
Computacenter<br />
CSC<br />
Dell (SecureWorks)<br />
HCL Technologies<br />
HP<br />
IBM <strong>Security</strong> <strong>Services</strong><br />
Integralis<br />
Open Systems<br />
Orange Bus<strong>in</strong>ess <strong>Services</strong><br />
Symantec<br />
Tata Communications<br />
Telefonica<br />
Verizon<br />
Wipro Technologies<br />
As of 26 October 2011<br />
Source: Gartner (October 2011)<br />
Strong<br />
Negative<br />
Vendor Product/Service Analysis<br />
AT&T<br />
RATING<br />
Caution Promis<strong>in</strong>g Positive<br />
x<br />
x<br />
x<br />
x<br />
x<br />
x<br />
x<br />
x<br />
x<br />
x<br />
x<br />
x<br />
x<br />
x<br />
Strong<br />
Positive<br />
AT&T is a venerable network service provider that tends to emphasize its global approach (it is<br />
present <strong>in</strong> more than 200 countries), rather than regional differentiation. It offers MSS to <strong>Europe</strong>an<br />
mult<strong>in</strong>ational companies via SOCs <strong>in</strong> the U.S. and India, and plans to open another SOC <strong>in</strong> Eastern<br />
<strong>Europe</strong>.<br />
Its MSS strategy focuses on provid<strong>in</strong>g <strong>in</strong>tegrated network-based security to <strong>Europe</strong>an-based<br />
customers that possess a global footpr<strong>in</strong>t, utiliz<strong>in</strong>g services such as virtualized firewall, <strong>in</strong>trusion<br />
prevention, Web filter<strong>in</strong>g, DDoS and premises-based solutions. It is aggressively mov<strong>in</strong>g <strong>in</strong>to cloud<br />
and software-as-a-service-based security services.<br />
Strengths<br />
■ Global coverage of communications and security services<br />
Gartner, Inc. | G00219325 Page 15 of 28<br />
x<br />
x<br />
x
■ Its ability to leverage exist<strong>in</strong>g communications clients <strong>for</strong> upsell<strong>in</strong>g MSS<br />
■ Its tight bundl<strong>in</strong>g of security services with network services and capabilities <strong>in</strong> cloud security<br />
Challenges<br />
■ Variable response to customer service requests rema<strong>in</strong>s an issue<br />
■ Despite global brand and presence, rarely appears on MSS shortlists <strong>in</strong> <strong>Europe</strong>, and needs to<br />
improve its visibility as a security provider to extend beyond the mult<strong>in</strong>ational company market<br />
Rat<strong>in</strong>g: Promis<strong>in</strong>g<br />
Atos<br />
Atos (<strong>for</strong>merly Atos Orig<strong>in</strong>) is an <strong>in</strong>ternational IT services company with four primary service l<strong>in</strong>es:<br />
bus<strong>in</strong>ess consult<strong>in</strong>g, system <strong>in</strong>tegration, managed operations and transactional services. In July<br />
2011, Atos completed its acquisition of the IT Solutions and <strong>Services</strong> subsidiary of Siemens. This<br />
analysis reflects the preacquisition situation.<br />
Its security services strategy focuses on Atos High Per<strong>for</strong>mance <strong>Security</strong>, an <strong>in</strong>tegrated SecaaS<br />
plat<strong>for</strong>m. The security portfolio <strong>in</strong>cludes endpo<strong>in</strong>t security, server security, network security and<br />
IAM. Other focus areas are governance/risk/compliance and cloud security. Most of its MSSP<br />
contracts are part of larger IT outsourc<strong>in</strong>g relationships. It targets the public sector, f<strong>in</strong>ancial<br />
services (card payments) and healthcare sectors.<br />
Strengths<br />
■ Experience <strong>in</strong> <strong>in</strong>tegrat<strong>in</strong>g security services with complex, large-scale IT programs (its IT security<br />
services <strong>for</strong> the Olympics are an example)<br />
■ Ability to work effectively and collaboratively with other service providers (<strong>for</strong> example, network<br />
service providers) that its clients have engaged<br />
■ Knowledge and skills of some of its technical MSS staff<br />
Challenges<br />
■ Pursu<strong>in</strong>g <strong>in</strong><strong>for</strong>mation security with the same diligence as IT operations<br />
■ Improv<strong>in</strong>g collaboration among and consistency of different countries' and teams' operations<br />
■ Becom<strong>in</strong>g more cost-efficient, reduc<strong>in</strong>g the tendency to overeng<strong>in</strong>eer security solutions<br />
Rat<strong>in</strong>g: Positive<br />
BT Global <strong>Services</strong><br />
BT is an established name <strong>in</strong> network and communications services <strong>in</strong> <strong>Europe</strong>. Because of ongo<strong>in</strong>g<br />
R&D <strong>in</strong>vestments and market<strong>in</strong>g that exhibits regional <strong>in</strong>sights, BT also managed to shape a decent<br />
Page 16 of 28 Gartner, Inc. | G00219325
security service profile. Customer feedback <strong>in</strong> <strong>Europe</strong> has also been more positive over the past<br />
year. BT has an extensive security service portfolio with a focus on multifunction firewall/UTM<br />
devices and secure message gateways.<br />
Its MSS differentiation focuses on security embedded <strong>in</strong> the network, skilled resources and a global<br />
<strong>in</strong>frastructure. Target<strong>in</strong>g ma<strong>in</strong>ly large enterprises, its key messages emphasize the basics —<br />
simplicity, cost reduction, compliance and asset protection.<br />
Strengths<br />
■ A resilient operations <strong>in</strong>frastructure and BT's responsiveness <strong>in</strong> <strong>in</strong>cident report<strong>in</strong>g<br />
■ The quality of its <strong>in</strong>ternal operational processes (<strong>for</strong> example, quality assurance)<br />
■ The skills of its eng<strong>in</strong>eers and the ability to listen, respond and adjust to client requirements<br />
Challenges<br />
■ Shar<strong>in</strong>g <strong>in</strong><strong>for</strong>mation more openly and mak<strong>in</strong>g it available <strong>in</strong> real time, rather than on request<br />
■ Cost sav<strong>in</strong>gs <strong>in</strong> order to keep pric<strong>in</strong>g competitive must not result <strong>in</strong> staff shortage<br />
Rat<strong>in</strong>g: Strong Positive<br />
Computacenter<br />
Computacenter is a <strong>Europe</strong>an provider of outsourc<strong>in</strong>g, outtask<strong>in</strong>g, consult<strong>in</strong>g and support services.<br />
It operates primarily <strong>in</strong> the U.K. and <strong>in</strong> Germany, and has two SOCs <strong>in</strong> each of these two countries.<br />
Its MSS strategy emphasizes a holistic approach to security (client, network and data center),<br />
<strong>in</strong>tegrat<strong>in</strong>g MSS <strong>in</strong>to other outsourc<strong>in</strong>g deals and customer <strong>in</strong>timacy. It differentiates on agility,<br />
value <strong>for</strong> money and customer relationships. Its customer growth <strong>in</strong> 2010 was above average.<br />
Computacenter has had recent success <strong>in</strong> the automotive, pharmaceutical and f<strong>in</strong>ance <strong>in</strong>dustries.<br />
Strengths<br />
■ Provid<strong>in</strong>g cost-effective services from a <strong>Europe</strong>an vendor<br />
■ Act<strong>in</strong>g as a strategic partner, is able to understand <strong>in</strong>frastructure and bus<strong>in</strong>ess requirements<br />
■ Hav<strong>in</strong>g the ability to leverage the exist<strong>in</strong>g client base <strong>for</strong> upsell<strong>in</strong>g managed security services<br />
Challenges<br />
■ Reduc<strong>in</strong>g the perceived gap between promise and per<strong>for</strong>mance<br />
■ Improv<strong>in</strong>g service consistency and quality<br />
Gartner, Inc. | G00219325 Page 17 of 28
■ Improv<strong>in</strong>g knowledge of <strong>in</strong>dustry-specific needs and requirements<br />
Rat<strong>in</strong>g: Positive<br />
CSC<br />
CSC is a global provider of IT-enabled bus<strong>in</strong>ess solutions and services. This ranges from<br />
consult<strong>in</strong>g, to solution design through to implementation and management of the solution.<br />
Headquartered <strong>in</strong> the U.S., it provides MSS via security operations centers <strong>in</strong> the U.K., Australia,<br />
Malaysia and the U.S.<br />
It emphasizes the need to address security from a bus<strong>in</strong>ess risk perspective, not just a technology<br />
perspective. This is a message that tends to resonate with <strong>Europe</strong>an client organizations. In <strong>Europe</strong>,<br />
its traditional customers are from with<strong>in</strong> its outsourc<strong>in</strong>g base, although more recently, it has<br />
targeted the public sector and f<strong>in</strong>ancial services <strong>for</strong> its MSS.<br />
Most customers <strong>in</strong> <strong>Europe</strong> use CSC <strong>for</strong> the management of firewalls, customer-owned SIEM/log<br />
management and endpo<strong>in</strong>t security clients. For cloud-based Web and email, CSC chooses to work<br />
with partners.<br />
Strengths<br />
■ Hav<strong>in</strong>g the capability to embed an <strong>in</strong><strong>for</strong>mation risk manager as a s<strong>in</strong>gle po<strong>in</strong>t of contact <strong>in</strong> the<br />
client's organization<br />
■ Be<strong>in</strong>g able to work with partners to complete the security service portfolio<br />
■ Be<strong>in</strong>g able to leverage its exist<strong>in</strong>g client base <strong>for</strong> upsell<strong>in</strong>g MSS<br />
Challenges<br />
■ Be<strong>in</strong>g more flexible (and less commercially rigorous) <strong>in</strong> its response to chang<strong>in</strong>g client<br />
requirements<br />
■ Align<strong>in</strong>g communications between security and other operational teams<br />
■ Improv<strong>in</strong>g the ability to leverage security and threat <strong>in</strong><strong>for</strong>mation from its large client base <strong>for</strong> the<br />
benefit of <strong>in</strong>dividual clients and deliver<strong>in</strong>g enhanced portal capabilities<br />
Rat<strong>in</strong>g: Positive<br />
Dell (SecureWorks)<br />
Dell SecureWorks In<strong>for</strong>mation <strong>Security</strong> <strong>Services</strong> is the result of Dell's acquisition of SecureWorks<br />
(U.S.). With this acquisition, Dell benefits from SecureWorks' previous acquisitions of VeriSign's<br />
MSS operations and dns (U.K.) <strong>in</strong> 2009 through 2011. Dell SecureWorks manages and/or monitors<br />
security devices all over <strong>Europe</strong>, predom<strong>in</strong>antly <strong>in</strong> the U.K., especially log sources, firewalls,<br />
network IDS/IPSs and data loss prevention systems. Dell SecureWorks operates two SOCs <strong>in</strong><br />
<strong>Europe</strong>, provides a comprehensive portal, and also offers support <strong>in</strong> Spanish and French.<br />
Page 18 of 28 Gartner, Inc. | G00219325
Strengths<br />
■ Its clearly articulated strategy <strong>in</strong> <strong>Europe</strong>, its understand<strong>in</strong>g of the market and its <strong>in</strong>creas<strong>in</strong>g<br />
<strong>in</strong>vestments <strong>in</strong> R&D<br />
■ Its ability and will<strong>in</strong>gness to adapt to the chang<strong>in</strong>g needs of large clients<br />
■ Its advanced portal (<strong>in</strong>clud<strong>in</strong>g asset <strong>in</strong><strong>for</strong>mation and various correlation capabilities)<br />
Challenges<br />
■ Mitigat<strong>in</strong>g the perception that a large vendor cannot provide customer <strong>in</strong>timacy<br />
■ Cont<strong>in</strong>u<strong>in</strong>g to establish a brand presence <strong>in</strong> the <strong>Europe</strong>an security market<br />
■ Ensur<strong>in</strong>g consistency of service quality dur<strong>in</strong>g acquisition <strong>in</strong>tegration<br />
Rat<strong>in</strong>g: Positive<br />
HCL Technologies<br />
HCL Technologies is an India-based offshore provider that has already ga<strong>in</strong>ed some traction <strong>in</strong><br />
<strong>Europe</strong>. HCL cont<strong>in</strong>ues to show significant revenue growth <strong>in</strong> <strong>Europe</strong>.<br />
HCL is strong <strong>in</strong> server-based security services (IDS/IPS and log collection) as well as endpo<strong>in</strong>t<br />
security client management. In addition, it offers application security services and IAM. It also<br />
claims comprehensive portal capabilities. HCL focuses on provid<strong>in</strong>g flexible services based on a<br />
large pool of skilled, experienced resources and can support delivery <strong>in</strong> a large number of <strong>Europe</strong>an<br />
languages.<br />
Strengths<br />
■ Consistent and mature service delivery, <strong>in</strong>clud<strong>in</strong>g a methodological, process-driven approach to<br />
security management<br />
■ Human resource management — expertise of staff and relatively low staff<strong>in</strong>g turnover rate<br />
■ Ability to pull <strong>in</strong> expertise, on demand, from a large resource pool<br />
■ Cost-effectiveness, especially <strong>for</strong> standard plat<strong>for</strong>ms <strong>in</strong> the HCL support portfolio, and <strong>for</strong><br />
services that don't deviate from the standard offer<strong>in</strong>gs<br />
Challenges<br />
■ Improv<strong>in</strong>g management of nonstandard requests, specifically the ability to deal with requests<br />
and issues that fall outside the scope of the exist<strong>in</strong>g <strong>for</strong>mal processes<br />
■ Improv<strong>in</strong>g strategic plann<strong>in</strong>g — clients would like to see more <strong>for</strong>ward-th<strong>in</strong>k<strong>in</strong>g and <strong>in</strong>novative<br />
suggestions <strong>for</strong> deal<strong>in</strong>g with a constantly chang<strong>in</strong>g security environment<br />
Gartner, Inc. | G00219325 Page 19 of 28
Rat<strong>in</strong>g: Positive<br />
HP<br />
HP offers enterprise security products and enterprise security services. Its managed security<br />
services represent the capabilities of HP, EDS (acquired by HP <strong>in</strong> August 2008) and Vistorm<br />
(acquired by EDS <strong>in</strong> April 2008). Vistorm was an established security services and consult<strong>in</strong>g vendor<br />
based <strong>in</strong> the U.K. With ArcSight, HP also owns one of the more widely deployed SIEM technologies.<br />
In <strong>Europe</strong>, HP targets enterprise accounts <strong>in</strong> various <strong>in</strong>dustries, <strong>in</strong>clud<strong>in</strong>g the public sector, f<strong>in</strong>ancial<br />
services and utilities sectors, as well as organizations <strong>in</strong> the high-end small and midsize bus<strong>in</strong>ess<br />
scale. Its <strong>Europe</strong>an security customer base is stable.<br />
HP's security service portfolio <strong>in</strong>cludes endpo<strong>in</strong>t security, and firewall and network IPS<br />
management. HP recently announced enterprise cloud services: vulnerability scann<strong>in</strong>g, vulnerability<br />
<strong>in</strong>telligence and endpo<strong>in</strong>t threat management. It has five SOCs worldwide, two of which are <strong>in</strong><br />
<strong>Europe</strong> (the U.K. and Spa<strong>in</strong>).<br />
Strengths<br />
■ Its experience <strong>in</strong> <strong>in</strong>tegrat<strong>in</strong>g security services with complex, large-scale enterprise IT solutions<br />
■ It takes the time to develop a detailed understand<strong>in</strong>g of the technical, commercial and<br />
functional aspects of client bus<strong>in</strong>ess operations<br />
■ Will<strong>in</strong>gness to reduce service pric<strong>in</strong>g if customer accepts management handled <strong>in</strong> another<br />
country<br />
Challenges<br />
■ Improv<strong>in</strong>g the features and functionality of its MSS portal (which is currently available only <strong>in</strong><br />
English)<br />
■ Ensur<strong>in</strong>g that Vistorm's strengths are not lost <strong>in</strong> the HP enterprise<br />
■ Improv<strong>in</strong>g HP's visibility as a security player <strong>in</strong> the broader <strong>Europe</strong>an MSS market<br />
Rat<strong>in</strong>g: Positive<br />
IBM <strong>Security</strong> <strong>Services</strong><br />
IBM's security capabilities <strong>in</strong>clude managed security services and cloud-based security offer<strong>in</strong>gs<br />
complemented by a portfolio of professional security services with a slight emphasis on server and<br />
endpo<strong>in</strong>t security (versus network security). IBM <strong>Security</strong> <strong>Services</strong> targets larger enterprises and<br />
exist<strong>in</strong>g customers <strong>for</strong> its MSS. It emphasizes its reputation, global reach, and depth and breadth of<br />
its solution offer<strong>in</strong>gs as key differentiators. IBM is the MSS provider that appears most often on<br />
customer shortlists <strong>in</strong> <strong>Europe</strong>.<br />
Page 20 of 28 Gartner, Inc. | G00219325
Strengths<br />
■ Global security view based on large number of customers<br />
■ Supports many <strong>Europe</strong>an languages and has a presence <strong>in</strong> all major <strong>Europe</strong>an countries<br />
■ Experience with various security products (such as IBM and Cisco)<br />
Challenges<br />
■ Address<strong>in</strong>g client reports of <strong>in</strong>consistencies <strong>in</strong> service delivery standards<br />
■ Improv<strong>in</strong>g the flexibility of IBM processes and procedures to cater to chang<strong>in</strong>g customer<br />
requirements<br />
■ Realiz<strong>in</strong>g that cost is still often quoted as a major reason <strong>for</strong> not select<strong>in</strong>g IBM dur<strong>in</strong>g<br />
competitive bidd<strong>in</strong>g<br />
Rat<strong>in</strong>g: Positive<br />
Integralis<br />
Integralis is a provider of security services orig<strong>in</strong>ally based <strong>in</strong> <strong>Europe</strong> that has grown steadily over<br />
the years and is now present <strong>in</strong> <strong>Europe</strong>, the U.S. and Southeast Asia with a total of n<strong>in</strong>e SOCs. This<br />
<strong>in</strong>cludes operations of Secode, a Scand<strong>in</strong>avian MSSP that was acquired <strong>in</strong> 2010 — like Integralis <strong>in</strong><br />
2009 — by NTT Communications, Japan. Integralis rema<strong>in</strong>s an <strong>in</strong>dependent subsidiary of NTT<br />
Communications. Integralis provides a broad portfolio of network and server-based security<br />
services, <strong>in</strong>clud<strong>in</strong>g data center, CPE and cloud-based services.<br />
Strengths<br />
■ Excellent technical skills of its work<strong>for</strong>ce<br />
■ Flexibility <strong>in</strong> deal<strong>in</strong>g with clients' security requirements<br />
■ Clients especially value Integralis' security architecture design capabilities<br />
Challenges<br />
■ Reta<strong>in</strong><strong>in</strong>g its price competitiveness versus the offshore providers<br />
■ Mak<strong>in</strong>g sure that adm<strong>in</strong>istrative back-end processes don't slip<br />
■ Keep<strong>in</strong>g the functionality of its portal competitive<br />
Rat<strong>in</strong>g: Strong Positive<br />
Gartner, Inc. | G00219325 Page 21 of 28
Open Systems<br />
Open Systems is a specialized security service provider headquartered <strong>in</strong> Switzerland, with an<br />
additional security operations center <strong>in</strong> Sydney. Its portfolio focuses on multifunction firewall/UTM<br />
devices, Web application firewalls, secure Web/email gateways and traditional firewall/network IPS.<br />
Open Systems operates a variation of the follow-the-sun model with its two SOCs. All Sydney<br />
employees are recruited under Swiss law. They are tra<strong>in</strong>ed <strong>in</strong> the headquarters and then sent to<br />
Sydney three to four months <strong>in</strong> rotation. Open Systems is conscious of the demand <strong>for</strong> on-premises<br />
delivery due to the need <strong>for</strong> stor<strong>in</strong>g sensitive data locally, and hence, it evaluates cloud delivery<br />
options with caution.<br />
Strengths<br />
■ Comprehensive service portfolio with a focus on network-based security<br />
■ Commitment to employee development result<strong>in</strong>g <strong>in</strong> low staff fluctuation, stable service quality<br />
and high customer satisfaction<br />
■ Customers' appreciation that the staff is client-focused, flexible and highly professional<br />
Challenges<br />
■ Ma<strong>in</strong>ta<strong>in</strong> the balance between high growth, high quality and customized (rather than merely<br />
packaged) security services<br />
■ Expand the standard portfolio to <strong>in</strong>clude log management if clients demand it<br />
■ Improve visibility <strong>in</strong> the <strong>Europe</strong>an market <strong>for</strong> managed security services<br />
Rat<strong>in</strong>g: Positive<br />
Orange Bus<strong>in</strong>ess <strong>Services</strong><br />
Orange Bus<strong>in</strong>ess <strong>Services</strong> is the brand name under which France Telecom offers most of its<br />
managed security services. The company is a sizable player <strong>in</strong> the MSS space <strong>in</strong> <strong>Europe</strong> because of<br />
its large base of network and communications clients. Offer<strong>in</strong>gs <strong>in</strong>clude the management of<br />
firewalls, network <strong>in</strong>trusion prevention devices and an above-average number of secure Web<br />
gateways. <strong>Security</strong> services are available <strong>in</strong>dependently, but many sales comb<strong>in</strong>e aspects of<br />
network operations, security services and security consult<strong>in</strong>g.<br />
The company's market<strong>in</strong>g emphasizes simplicity, flexible delivery models and reduced total cost of<br />
ownership (TCO) <strong>in</strong> its MSS offer<strong>in</strong>gs. It has 10 SOCs globally, seven of which are <strong>in</strong> <strong>Europe</strong>.<br />
Strengths<br />
■ Focus on small and midsize bus<strong>in</strong>esses, especially <strong>in</strong> France/Benelux, but also active <strong>in</strong> all<br />
other <strong>Europe</strong>an regions<br />
■ Its ability to leverage exist<strong>in</strong>g client relationships <strong>for</strong> sell<strong>in</strong>g security services<br />
Page 22 of 28 Gartner, Inc. | G00219325
■ Its mov<strong>in</strong>g from device-based to hosted and cloud security services<br />
Challenges<br />
■ Express more clearly how it <strong>in</strong>tends to stay abreast of threat and technological developments<br />
■ Implement the road map <strong>for</strong> security services and articulate where R&D <strong>in</strong>vestments will be<br />
made<br />
■ Improve visibility <strong>in</strong> the enterprise security market segment<br />
Rat<strong>in</strong>g: Promis<strong>in</strong>g<br />
Symantec<br />
Symantec is a vendor with a broad portfolio of security products and services. <strong>Managed</strong> services<br />
<strong>in</strong>clude server and network IDS/IPS, firewalls, and endpo<strong>in</strong>t security solutions. It has four SOCs<br />
worldwide, operates a large network of security <strong>in</strong><strong>for</strong>mation sensors and employs a sizable staff of<br />
security adm<strong>in</strong>istrators. It offers a comprehensive security portal, has developed a technology- and<br />
customer-oriented road map, and has detailed awareness of its regional competition.<br />
Strengths<br />
■ Its global view of the threat environment via its threat <strong>in</strong>telligence capability<br />
■ Its responsiveness to client requests, and its flexibility<br />
■ The quality of its support and sales resources<br />
Challenges<br />
■ Monitor<strong>in</strong>g quality of support services provided by local partners<br />
■ Realiz<strong>in</strong>g that, despite its massive brand presence <strong>in</strong> the security product market, Symantec still<br />
has a comparatively low profile as an MSS player <strong>in</strong> <strong>Europe</strong><br />
Rat<strong>in</strong>g: Strong Positive<br />
Tata Communications<br />
Tata Communications is an India-based global communications provider. It provides MSS via five<br />
global SOCs, one of which is <strong>in</strong> <strong>Europe</strong>. It targets large mult<strong>in</strong>ational organizations <strong>in</strong> the retail,<br />
pharmaceutical, oil and gas, and f<strong>in</strong>ancial services <strong>in</strong>dustries.<br />
Its MSS strategy focuses on compliance, customer service, TCO and <strong>in</strong>tegration with the rest of its<br />
service portfolio. While its <strong>Europe</strong>an revenue base is still small, it showed the strongest customer<br />
growth of all <strong>Europe</strong>an MSSPs surveyed <strong>in</strong> 2010.<br />
Gartner, Inc. | G00219325 Page 23 of 28
While Tata Communications meets the <strong>in</strong>clusion criteria <strong>in</strong> terms of device and customer numbers<br />
<strong>in</strong> <strong>Europe</strong>, we could not verify the provider's portfolio and per<strong>for</strong>mance claims <strong>in</strong>dependently.<br />
Strengths<br />
■ Be<strong>in</strong>g able to leverage exist<strong>in</strong>g clients <strong>for</strong> upsell<strong>in</strong>g MSS<br />
■ Support<strong>in</strong>g a broad range of security products<br />
■ Understand<strong>in</strong>g global market trends, and be<strong>in</strong>g able to present an <strong>in</strong>sightful road map, hav<strong>in</strong>g<br />
obta<strong>in</strong>ed relevant certifications <strong>for</strong> its security services<br />
Challenges<br />
■ Establish<strong>in</strong>g a measurable presence <strong>in</strong> the <strong>Europe</strong>an market<br />
■ Prov<strong>in</strong>g their understand<strong>in</strong>g of regional and local requirements<br />
Rat<strong>in</strong>g: Caution<br />
Telefonica<br />
Telefonica is a large, <strong>in</strong>tegrated telecommunications provider with <strong>in</strong>ternational operations and a<br />
strong position <strong>in</strong> Spa<strong>in</strong>, also with a relevant customer base <strong>in</strong> most other <strong>Europe</strong>an regions. It<br />
provides management of Web application firewalls, network firewalls and IPSs. It also manages<br />
endpo<strong>in</strong>t security clients and operates some DLP devices.<br />
Strengths<br />
■ Flexibility <strong>in</strong> adapt<strong>in</strong>g to client requirements<br />
■ Ability to foster and ma<strong>in</strong>ta<strong>in</strong> strong local relationships<br />
■ Sound knowledge of technology and client requirements<br />
Challenges<br />
■ Improv<strong>in</strong>g the quality of service delivery and service management to competitive standards, <strong>in</strong><br />
particular where subcontractors are <strong>in</strong>volved<br />
■ Accelerat<strong>in</strong>g service deployments and equipment updates<br />
Rat<strong>in</strong>g: Positive<br />
Verizon<br />
Verizon is a major ma<strong>in</strong>stream MSS provider with good coverage <strong>in</strong> <strong>Europe</strong>. It has an elaborate road<br />
map and <strong>in</strong>vests <strong>in</strong> reputational <strong>in</strong>telligence and secure mobility services. Verizon tends to <strong>in</strong>tegrate<br />
security services <strong>in</strong>to other network<strong>in</strong>g and IT services. It has a solid presence <strong>in</strong> <strong>Europe</strong>, and<br />
Page 24 of 28 Gartner, Inc. | G00219325
emphasizes its correlation capabilities, security expertise, global reach and risk-based security on<br />
global IP networks. While not <strong>in</strong>expensive, its prices are generally considered acceptable.<br />
Strengths<br />
■ Hav<strong>in</strong>g global reach and expertise<br />
■ The knowledge and skills of its <strong>Europe</strong>an staff<br />
■ Offer<strong>in</strong>g threat <strong>in</strong>telligence correlated from various sources<br />
Challenges<br />
■ Provid<strong>in</strong>g <strong>Europe</strong>an clients with consistently high service quality from U.S. operations<br />
■ Improv<strong>in</strong>g the quality of communications among staff <strong>in</strong> different teams manag<strong>in</strong>g different<br />
services (<strong>for</strong> example, firewall adm<strong>in</strong>istration versus antivirus versus IDS/IPS)<br />
■ Avoid<strong>in</strong>g becom<strong>in</strong>g more bureaucratic, especially <strong>in</strong> back-office processes<br />
Rat<strong>in</strong>g: Positive<br />
Wipro Technologies<br />
Wipro Technologies is an offshore IT service and system <strong>in</strong>tegration company based <strong>in</strong> India. It<br />
provides managed security services to organizations <strong>in</strong> <strong>Europe</strong> from a primary control center <strong>in</strong><br />
India supported by five regional SOCs <strong>in</strong> <strong>Europe</strong>, which deliver services locally and improve crossborder<br />
data privacy compliance. Wipro offers various delivery models, <strong>in</strong>clud<strong>in</strong>g a dedicated SOC,<br />
an SOC at customer premises, cloud-based operations or hosted services. Its staff works as part of<br />
the customer organization, co-managed and <strong>in</strong> a fully outsourced model. The majority of its<br />
<strong>Europe</strong>an MSS clients are also clients of other Wipro IT services.<br />
Strengths<br />
■ Its flexibility and will<strong>in</strong>gness to help customers, even on short notice<br />
■ The quantity and quality of its skilled staff<br />
■ Its ability to upsell security services to exist<strong>in</strong>g clients<br />
Challenges<br />
■ F<strong>in</strong>d<strong>in</strong>g the right balance between tolerat<strong>in</strong>g some staff fluctuation <strong>in</strong> order to support very<br />
competitive pric<strong>in</strong>g and deploy<strong>in</strong>g experienced staff to provide the best service experience<br />
■ Increas<strong>in</strong>g brand visibility <strong>in</strong> the <strong>Europe</strong>an security services market<br />
Rat<strong>in</strong>g: Positive<br />
Gartner, Inc. | G00219325 Page 25 of 28
Recommended Read<strong>in</strong>g<br />
Some documents may not be available as part of your current Gartner subscription.<br />
"The Global <strong>Managed</strong> <strong>Security</strong> <strong>Services</strong> Provider Landscape"<br />
"Toolkit: Select<strong>in</strong>g the Right <strong>Managed</strong> <strong>Security</strong> <strong>Services</strong> Provider"<br />
"Magic Quadrant <strong>for</strong> MSSPs, North America"<br />
"MarketScope <strong>for</strong> <strong>Managed</strong> <strong>Security</strong> <strong>Services</strong> <strong>in</strong> Asia/Pacific"<br />
"Magic Quadrants and MarketScopes: How Gartner Evaluates Vendors With<strong>in</strong> a Market"<br />
Evidence<br />
For this research, we contacted about 100 managed security service providers, of whom 17 met the<br />
selection criteria. They had to answer a detailed list of questions about their company and their<br />
security services. In addition, we collected <strong>in</strong><strong>for</strong>mation on the providers' per<strong>for</strong>mance from Gartner<br />
clients and provider reference clients through phone <strong>in</strong>terviews and an onl<strong>in</strong>e survey.<br />
Note 1 Intrusion Detection System and Intrusion Prevention System<br />
For the purposes of this research, we ignore the differences between IDSs and IPSs. Whenever we<br />
use "IPS," we mean both.<br />
Note 2 Secure Web and Email Gateway <strong>Services</strong><br />
Secure Web and email gateway services refer to the filter<strong>in</strong>g of malware from Web and email traffic<br />
at the gateway. This does not <strong>in</strong>clude filter<strong>in</strong>g at the endpo<strong>in</strong>t.<br />
Vendors Added or Dropped<br />
We review and adjust our <strong>in</strong>clusion criteria <strong>for</strong> Magic Quadrants and MarketScopes as<br />
markets change. As a result of these adjustments, the mix of vendors <strong>in</strong> any Magic<br />
Quadrant or MarketScope may change over time. A vendor appear<strong>in</strong>g <strong>in</strong> a Magic<br />
Quadrant or MarketScope one year and not the next does not necessarily <strong>in</strong>dicate that<br />
we have changed our op<strong>in</strong>ion of that vendor. This may be a reflection of a change <strong>in</strong> the<br />
market and, there<strong>for</strong>e, changed evaluation criteria, or a change of focus by a vendor.<br />
Gartner MarketScope Def<strong>in</strong>ed<br />
Gartner's MarketScope provides specific guidance <strong>for</strong> users who are deploy<strong>in</strong>g, or have<br />
deployed, products or services. A Gartner MarketScope rat<strong>in</strong>g does not imply that the<br />
vendor meets all, few or none of the evaluation criteria. The Gartner MarketScope<br />
evaluation is based on a weighted evaluation of a vendor's products <strong>in</strong> comparison with<br />
Page 26 of 28 Gartner, Inc. | G00219325
the evaluation criteria. Consider Gartner's criteria as they apply to your specific<br />
requirements. Contact Gartner to discuss how this evaluation may affect your specific<br />
needs.<br />
MarketScope Rat<strong>in</strong>g Framework<br />
Strong Positive<br />
Is viewed as a provider of strategic products, services or solutions:<br />
■ Customers: Cont<strong>in</strong>ue with planned <strong>in</strong>vestments.<br />
■ Potential customers: Consider this vendor a strong choice <strong>for</strong> strategic<br />
<strong>in</strong>vestments.<br />
Positive<br />
Demonstrates strength <strong>in</strong> specific areas, but execution <strong>in</strong> one or more areas may still be<br />
develop<strong>in</strong>g or <strong>in</strong>consistent with other areas of per<strong>for</strong>mance:<br />
■ Customers: Cont<strong>in</strong>ue planned <strong>in</strong>vestments.<br />
■ Potential customers: Consider this vendor a viable choice <strong>for</strong> strategic or tactical<br />
<strong>in</strong>vestments, while plann<strong>in</strong>g <strong>for</strong> known limitations.<br />
Promis<strong>in</strong>g<br />
Shows potential <strong>in</strong> specific areas; however, execution is <strong>in</strong>consistent:<br />
■ Customers: Consider the short- and long-term impact of possible changes <strong>in</strong><br />
status.<br />
■ Potential customers: Plan <strong>for</strong> and be aware of issues and opportunities related to<br />
the evolution and maturity of this vendor.<br />
Caution<br />
Faces challenges <strong>in</strong> one or more areas:<br />
■ Customers: Understand challenges <strong>in</strong> relevant areas, and develop cont<strong>in</strong>gency<br />
plans based on risk tolerance and possible bus<strong>in</strong>ess impact.<br />
■ Potential customers: Account <strong>for</strong> the vendor's challenges as part of due diligence.<br />
Strong Negative<br />
Has difficulty respond<strong>in</strong>g to problems <strong>in</strong> multiple areas:<br />
■ Customers: Execute risk mitigation plans and cont<strong>in</strong>gency options.<br />
■ Potential customers: Consider this vendor only <strong>for</strong> tactical <strong>in</strong>vestment with shortterm,<br />
rapid payback.<br />
Gartner, Inc. | G00219325 Page 27 of 28
Regional Headquarters<br />
Corporate Headquarters<br />
56 Top Gallant Road<br />
Stam<strong>for</strong>d, CT 06902-7700<br />
USA<br />
+1 203 964 0096<br />
<strong>Europe</strong>an Headquarters<br />
Tamesis<br />
The Glanty<br />
Egham<br />
Surrey, TW20 9AW<br />
UNITED KINGDOM<br />
+44 1784 431611<br />
Asia/Pacific Headquarters<br />
Gartner Australasia Pty. Ltd.<br />
Level 9, 141 Walker Street<br />
North Sydney<br />
New South Wales 2060<br />
AUSTRALIA<br />
+61 2 9459 4600<br />
Japan Headquarters<br />
Gartner Japan Ltd.<br />
Aobadai Hills, 6F<br />
7-7, Aobadai, 4-chome<br />
Meguro-ku, Tokyo 153-0042<br />
JAPAN<br />
+81 3 3481 3670<br />
Lat<strong>in</strong> America Headquarters<br />
Gartner do Brazil<br />
Av. das Nações Unidas, 12551<br />
9° andar—World Trade Center<br />
04578-903—São Paulo SP<br />
BRAZIL<br />
+55 11 3443 1509<br />
© 2011 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. or its affiliates. This<br />
publication may not be reproduced or distributed <strong>in</strong> any <strong>for</strong>m without Gartner’s prior written permission. The <strong>in</strong><strong>for</strong>mation conta<strong>in</strong>ed <strong>in</strong> this<br />
publication has been obta<strong>in</strong>ed from sources believed to be reliable. Gartner disclaims all warranties as to the accuracy, completeness or<br />
adequacy of such <strong>in</strong><strong>for</strong>mation and shall have no liability <strong>for</strong> errors, omissions or <strong>in</strong>adequacies <strong>in</strong> such <strong>in</strong><strong>for</strong>mation. This publication<br />
consists of the op<strong>in</strong>ions of Gartner’s research organization and should not be construed as statements of fact. The op<strong>in</strong>ions expressed<br />
here<strong>in</strong> are subject to change without notice. Although Gartner research may <strong>in</strong>clude a discussion of related legal issues, Gartner does not<br />
provide legal advice or services and its research should not be construed or used as such. Gartner is a public company, and its<br />
shareholders may <strong>in</strong>clude firms and funds that have f<strong>in</strong>ancial <strong>in</strong>terests <strong>in</strong> entities covered <strong>in</strong> Gartner research. Gartner’s Board of<br />
Directors may <strong>in</strong>clude senior managers of these firms or funds. Gartner research is produced <strong>in</strong>dependently by its research organization<br />
without <strong>in</strong>put or <strong>in</strong>fluence from these firms, funds or their managers. For further <strong>in</strong><strong>for</strong>mation on the <strong>in</strong>dependence and <strong>in</strong>tegrity of Gartner<br />
research, see “Guid<strong>in</strong>g Pr<strong>in</strong>ciples on Independence and Objectivity” on its website, http://www.gartner.com/technology/about/<br />
ombudsman/omb_guide2.jsp.<br />
Page 28 of 28 Gartner, Inc. | G00219325