MARKET - Market Analysis - Market Overview - Key and Emerging Players - ICT Generalists

Considering the broad ICT area where PACs technology will reside, key technology silo categories controlled by such vendors will embody various potential attack surfaces across both hardware and software technology stacks. Many of these technology silos are creating specific PACs market ecosystems in their own right, in some cases via partner ecosystems driven by core ICT influencers and supported by niche PACs players. Much user data now resides on other networks (e.g. Amazon, Facebook, Gmail and so on), and the new internet devices we use are increasingly closed and controlled by other large vendors (Apple, Amazon, Samsung etc). Other technology silos include:

• Cloud management platforms, both public and private: (e.g. Amazon, Azure, Rackspace etc.)
• Operating System Environments (Windows, OSX, Linux etc)
• Mobile devices and related OS environments (Apple iOS, Android)
• Database technologies, both proprietary and open source (Oracle, Postgres, MySQL etc.)
• Social media platforms (e.g. Facebook, LinkedIn, Twitter, Flickr, Whatsapp, etc)
• Enterprise SaaS vendors (e.g. Salesforce, Office365 live, Workday, etc)
• Emerging sensor and IoT platforms, and underlying development frameworks (e.g. Intel Gallileo, Arduino, etc) 
• Web Browers (Chrome, Internet Explorer, Safari, Firefox etc)
• Application development languages and platforms (Java, Ruby on Rails, etc)

Responsibility for maintaining security from the point device to the supporting infrastructure is managed by those vendors, with reducing input from the users being served. It is essential that such influential vendors have sufficient in-house security expertise to ensure successful delivery and integration of their solutions. Hence it is not surprising that many of these key ICT influencers are purchasing niche PACs players in an attempt to acquire the technology and skills to secure their technology real estate, and to keep up to date with emerging threats and solutions. Given that a relatively small number of vendors control vast amounts of the infrastructure we use in both personal and professional contexts it is relevant to include them in any discussion of PACs players. 
ICT Generalists competing directly in the PACs domain: Many core ICT influencers discussed above, treat PACs technologies as a core investment input towards protecting the core ICT assets underlying their own business strategy and objectives, but will not compete directly in the PACs domain. Other key influencers however will compete directly in the PACs domain, selling PACs products and services alongside other broader ICT offerings. Within this sub-group, a number of key PACs related company groups exist, for example:

• ICT Consultants and System Integrators - will provide overall security governance services and solutions to their clients on a large scale, typically as part of wider ICT management and solution delivery. Players here will come from different core focus areas, for example from a vendor perspective (e.g. IBM, HP), IT Consultancy perspective (e.g. Accenture, Deloitte), or an accounts based audit/compliance perspective within which PACs is a concern (e.g. PwC, KPMG, Ernst and Young). Key consultative roles that such players provide include insuring that security investment of clients aligns with their business objectives and risk profile, developing appropriate security budgets and spending priorities, supporting business stakeholder participation and compliance initiatives, and managing necessary third-party relationships with PACs and ICT solution providers, balancing in-sourcing and outsourcing where relevant [FOR13]. Many of these players will extend to providing security managed service support. 

• Managed Service Providers (MSPs) - many PACs technologies traditionally installed and managed internally by end-users are now provided and managed directly by third parties on a pay as you use basis across Infrastructure, Systems, Content and Governance solution types in PACs. Such providers are viewed as being crucial to allowing organisations to reduce capital spending on security technology and in allowing them to increase bandwidth for handling security issues within corporate IT teams. Many of the ICT consultants and systems integrators described in the previous category will also provide their own MSSP support. Many will also provide PACs managed services as part of a broader ICT managed service offering. Like in any other business, security services are increasingly being offered as a service, automated in a cloud environment, either to serve cloud operations and services or to serve traditional security needs, such as Identity as a service, Intrusion Detection and Advanced Firewall services, application firewalls, and others. 

• Networks and Telecoms Players - Players with a core emphasis on networks solutions would also be heavily integrated into the PACs value chain by virtue of the fundamental need for secure networks. Also, telecoms players have traditionally invested heavily in infrastructure to protect their own core businesses, and the increasing link between security, cloud and mobility as strengthened their positioning within the PACs and wider ICT marketplaces. Many of the key telco providers provide strong security managed service and Security Operating Centre (SOC) capabilities to clients. Telco providers are also competing strongly on corporate mobility issues relating to BYOD (Bring Your Own Device) trends.

These players will include both well-known brands with international presence, alongside a much larger number of niche regional ICT players that will include PACs expertise within their overall ICT portfolio. Table 5.1 below highlights some of the key players within these categories, but globally and within Europe.

Table 5.1 - Summary of ICT Players competing directly in PACs Domain

PACs Sub-Category	Key Market Partipants
ICT  Vendors, Consultants, System Integrators, Solution Providers	Key players with reach both globally and within Europe include IBM, HP, Dell, Deloitte, Ernst and Young (E&Y), PriceWaterHouse Coopers, Accenture, KPMG, Wipro, CA Technologies and CSC. While regarded as a security player, Symantec’s reach in other ICT domains merit their inclusion here. Similarly Intel would have a presence in this space due to their acquisition of McAfee.  Other key players with a core European emphasis include Atos (France), CGI(Canada), and Steria (France). Several of the telcos players discussed in the Network and Telecoms players section below will also compete at the top table.
Managed Service Providers (MSPs)	Most of the ICT Generalists above would also provide varying levels of MSP support - particularly IBM, HP, Dell, Symantec. Several of the leading telco players (e.g. AT&T, Verizon, BT, and Orange)  will also provide MSP support on a global scale.   Other prominent players with emphasis on European markets include  Atos (France), CGI, Cassidian (part of EADS), Thales, Computacenter (UK), Open Systems (Switzerland), Sogeti (part of CGI), Level 3 Communications, Getronics,  Steria and Kudelski . Other key European vendors with a national specific focus include Sentor (Sweden),  United Security Providers (Switzerland), S2 Grupo (Spain) and the French telecommunications operator SFR Business Team. Other European providers renowned for niche speciality expertise within PACs include Fox-IT (Netherlands — threat detection and intelligence, and forensic response), Outpost24 (Sweden — vulnerability management), Integrity (Portugal — persistent penetration testing called Keep-It-Secure-24), Spamina (Spain — email security), Secucloud (Germany — cloud security systems), Retarus (Germany — email security) and Nixu Software (Finland — vulnerability management).   A broad range of other mid-tier MSSPs (i.e. with a more core core PACs emphasis exist) - key emerging player examples (predominantly US-headquartered) in a recent Forrester Research analysis [FOR2_13] include Alert Logic, Perimeter E-Security, Integralis (acquired by NTT), StillSecure, Savvvis, Network Box, Tata Communications, Vigiliant, and CompuCom.   Typical services provided include: APT detection and remediation, D-DoS, Email filtering, emergency response services, endpoint AV, endpoint patch management, firewall managemnet, host and network IDS/IPS management, IAM services, log management and monitoring, server patch management, SIEM managed services, threat intelligence, vulnerability testing, web application firewall, and web application monitoring.   Key SaaS and Cloud-based security services are led by various US based operators, but an increasing amount of European (originated) providers, including companies such as Qualys, Secunia, and Centrify.
Network and Telecoms Players	Key networks players providing strong PACs offerings within their overall networks solutions portfolios include Cisco, Juniper, Checkpoint, Palo Alto Networks etc. Most of the well-known global telcos will provide ICT/PACs consultancy and managed services support, as well as services around BYOD  and mobile device management – these include Verizon (US), AT&T and NTT among others. Key European telcos providing strong ICT consultancy, integration and managed services support include T-Systems International (Germany), Orange (France), BT Global (UK), and Vodafone (UK).

References:

[FOR13] Forrester Wave: Information Security Consulting Services, Q1 2013.

[FOR2_13] “Forrester Wave: Emerging Managed Security Service Providers”, Q1, 2013

Return to Key and Emerging Players