As enterprises struggle to find full-time employees to fill critical infrastructure roles in networking and cybersecurity, many are turning to managed service providers to fill the gap.
“On one hand enterprises want to move faster, and then on the opposite they just don’t have the people and skills to do it,” IDC analyst Leslie Rosenberg told SDxCentral.
Rosenberg studies lifecycle services for IDC and has been tracking how enterprises approach contractors and managed services.
“It’s not mess for less anymore, it’s more strategic outsourcing,” she said. “Not only are you taking the capex off my books, but you’re ensuring that I’m always on the latest iteration and you’re also managing it for me.”
Managed service and security service providers offer a broad range of services from fully and co-managed IT to a full complement of SD-WAN and cybersecurity tools.
But despite increased workforce mobility stemming from the Great Resignation as American leave their jobs in record numbers, Rosenberg doesn’t believe the dynamic is pushing enterprises toward managed services to the same degree that growing complexity, security threats, and the existing talent shortage already were.
For many enterprises considering managed services, it’s an opportunity to outsource business-critical functions that are secondary to their core product, she explained. “If I’m a shoe manufacturer, I am not in the business of managing my network and infrastructure, but I know it’s critical to the manufacturing processes of my business,” Rosenberg said.
Shifting the Problem?Of course, adopting managed services doesn’t solve the talent shortage, it just makes it someone else’s problem.
“The reason there is a shortage is it’s hard,” IDC analyst Craig Robinson said. “If it was easy we’d be paying everyone minimum wage.”
Robinson has been tracking how managed security service providers are tackling the talent shortage.
“Five years from now, sadly, we’re going to be talking about the same thing," Robinson said. "It may not be as drastic, but you’re still going to see a shortage five years from now because every organization out there is essentially a software company right now. And if you’re a software company, that means you’re vulnerable, that means you’re a target.
Last year was punctuated by an ever-escalating storm of security vulnerabilities — SolarWinds, the Colonial Pipeline ransomware attack, Log4j — that touched nearly every business on the planet in one way or another.
Given increasing security threats, combined with the growing complexity of operating networks and applications on-premises, in the cloud, and at the edge, the incentives for turning to managed services become obvious.
Zeus Kerravala, founder and principal analyst at ZK Research, expects these trends to drive managed service adoption in 2022, especially when it comes to networking.
“I think we’re going to see a pretty big shift this year in SD-WAN away from do-it-yourself to managed services,” especially as enterprise networks grow more complex, he told SDxCentral in an earlier interview.
Great Resignation or Great Job Migration?Combatting the talent shortage and addressing these security challenges may require opening the doors to nontraditional workers.
“There needs to be recognition that you don’t need to be credentialed for your graduate to provide cybersecurity. You just need some training,” Robinson said. “Cybersecurity isn’t a pure cybersecurity skill. Your typical liberal arts type majors can play a role.”
In other words, cybersecurity teams and service providers can benefit from hiring workers with diverse backgrounds.
“Cybersecurity is much more of a business discussion than what people understand,” Robinson added. "You can’t do cybersecurity without understanding what’s going on in terms of the organization.”
And this is where the “great resignation” presents an opportunity to address the talent shortage.
“Organizations need to be doing an internal audit and be a little more open minded in terms of what kind of internal capabilities do they have,” he said, adding that business analysts and accountants are ideal candidates for cybersecurity because they understand which assets are the most important to protect.
The variety offered by managed service providers may make them a more attractive destination for workers dipping their toes in the cybersecurity space too, Robinson adds. “Going to work for a consultancy or service provider is a little more enticing to newly trained cybersecurity partitioners because they get that variety," he explained. "They’re not working with the same company … they’re working with multiple companies on different things.”
Service Provider CannibalizationAccording to Robinson, the talent shortage has also contributed to what he calls service provider “cannibalization.”
“It’s more inorganic growth. They’re acquiring organizations to fill that need because there’s only so much that you can get out of other pools,” he said. “It’s growth by cannibalization.”
Service providers struggling to find talent to maintain their business are increasingly turning to mergers and acquisitions to bolster their ranks.
Last year saw Comcast Business acquire Masergy to bolster its managed SD-WAN and secure access service edge (SASE) business. Later in 2021, consulting firm Wipro snapped up cyber risk and regulatory compliance provider Edgile.
And in January, Zayo Group, a company well known for its transport and packet-optical services, dove into the SD-WAN and SASE market with the acquisition of service provider QOS Networks.
The Rise of AIOpsOne of the technologies promising to ease the talent shortage is artificial intelligence and machine learning-driven automation. These technologies have been popularized by major technology vendors and service providers as AIOps.
Masergy launched its AIOps platform in late 2019. A few months later, VMware acquired Nyansa in a bid to bolster its SD-WAN and emerging SASE offerings.
And over the past two years, Juniper has leaned heavily on its Mist AI capabilities to automate root-cause analysis, troubleshooting, and remediation across its wireless, LAN switching, and WAN portfolios.
“We’re seeing a lot of automation,” Rosenberg said. "As these devices get smarter, you’re having automated configuration, that takes away a lot of those ‘fat-finger’ issues.”
However, these technologies have a long way to go before they can supplant workers entirely. AIOps is “alleviating some pain, but not all the pain. You still need smart people doing smart things. You can either hire them directly or you’re going to have to go down the gig, crowdsource route,” she added.
Automation alone won’t solve the talent shortage, but can help empower smaller teams to do things that “only human analysts can do,” Robinson added. “Take a look at a SOC. Think about a tier-one analyst that’s triaging alerts as they come in. The use of artificial intelligence to aid in triage of these investigations is going to be really important.”