Accenture Security’s move to acquire Symantec’s MSSP Business from Broadcom later this year could be the first ripple in the coming wave of consolidation for the MSSP and security services industry. The deal is set to close in March of 2020 and comes shortly after Broadcom’s acquisition of Symantec’s Enterprise System in August of 2019. The implications of this deal are two-fold. First, it suggests future consolidation of the fragmented MSSP market which has been characterized by mid to small size service and software companies as well as in-house MSSPs at companies like IBM, AT&T, Dell (Secureworks) and Accenture. Second, it suggests that the larger trend going forward will be the movement of managed security services to a tech-enabled service-based model as opposed to a pure software-based model. Both of these ramifications will be examined as well as what MSSP and IT Services trends to look for in the coming year.
By building out Accenture Security to include the capabilities of Symantec’s MSSP, Accenture (with more than 4,000 clients) is poised to be the leading MSSP provider for the enterprise market. The MSSP market has been characterized by numerous entrants, often leveraging proprietary dashboards, building practices on the fly as CISOs seek help in a desperately tight labor market. MSSPs range from small, standalone providers to those within a larger service or software provider. This fragmentation allows for a multitude of providers that can be tailored to a company’s needs or a particular software stack. Accenture’s acquisition stands to change this prevailing trend as it moves to provide a holistic suite of security services, with the option to use their native technology stack or the customers’ preferred vendors. Accenture’s other notable IT Security acquisitions include iDefense, Arismore, and FusionX, signaling the intent to shore up their security market share by leapfrogging leaders like Secureworks and IBM in market share, while providing the option for both vendor-neutral and fully-integrated product solutions.
The nature of MSSPs touches on both the practical software that is employed by enterprises, and the management of that software for customers. Because of this, MSSPs have been built both from an enterprise software perspective (as with Symantec) or from an IT services perspective (as with Accenture). Accenture’s acquisition could be the indicator that a service-based model, with a more vendor-agnostic approach to the security software stack, is the most-scalable model, as opposed to a “black box” approach that requires adoption of the software vendors’ solutions wholesale. Though the fully-integrated product suite of a Symantec or IBM cuts down on customer complaint and provides a “single throat to choke,” it can be a barrier to customer acquisition if potential clients have preferred solutions that lie outside of the integrated stack. Though MSSPs will (rightly) continue to differentiate with proprietary technology for orchestration and management, the scalability advantage of the model to a service provider rather than a product vendor is highlighted by this transaction. With a projected CAGR of 18% through 2026, MSSPs are a critical investment for large IT service providers like Accenture and others looking to retain clients’ wallet share and enhance recurring-revenue relationships.
We expect continued consolidation in the MSSP space, as Accenture’s competitors seek to catch up with this new dominant player. If this transaction is a harbinger of future trends, we may see more product vendors relinquishing their SOCs, while the services providers await them with open arms.
To learn more about this deal or to discuss developments in the MSSP space, please contact Jim McCabe at email@example.com.