← Back to Blog

March 20th, 2025

MSSPs and the IBM Platformization Report

Daniel Ballmer
blog post header image

IBM's Institute for Business Value has released a report on the benefits of cybersecurity platformization. It's an important piece of research, but is focused mainly on enterprise users. In this post, we'll discuss what the IBM report means for managed security services providers (MSSPs) and how they can take advantage of security platformization.

What IBM found: Benefits of platformization

The IBM report, produced in conjunction with platformization advocate Palo Alto Networks, was based on an in-depth analysis of 1,000 organizations in a survey set. IBM researchers found that cybersecurity platforms deliver several key benefits to adopters.

Security platforms:

  • Help solve tool sprawl- The report found that organizations average 83 cybersecurity tools from 29 vendors. Unsurprisingly, leaders at these organizations cite solution complexity as a serious obstacle to security operations. Platformization is a direct answer to this problem because it allows security teams to accomplish their operational goals with far fewer solutions and reduce the number of vendors in their stack.

  • Improve security operations- The report also found that a shift to platforms improves security operations (SecOps) performance. In particular, IBM noted improvements to incident response (IR) times. On average, organizations that had adopted security platforms took 72 fewer days to detect an incident than those that had not.

  • Generate value- IBM researchers estimate that security complexity costs firms an average of 5% of their annual revenue. By reducing complexity, platforms can directly impact the bottom line. In addition, surveyed executives believe that platforms offer a better return on investment (ROI) compared to disparate security tools, with platformized organizations seeing an "average ROI four times better than non-adopters."

  • Accelerate digital transformation- Platformization also has strategic, long-term benefits, per IBM's findings, because organizations that embrace security platforms can better modernize security operations and more effectively undertake digital transformation initiatives. In terms of direct SecOps impact, IBM found that teams using platforms were "3X more likely to use AI and automation to relieve pressure on security analysts." Organizations that embrace security platforms also have greater success with digital transformation efforts in general. Among enterprises that do not currently use security platforms, an average of 1 in 4 digital transformation projects fails due to cybersecurity concerns. But for security platform adopters, that number is just 1 in 10.

How do IBM's findings apply to MSSPs?

IBM's research confirms what we at LimaCharlie have been saying for years: security operations platforms reduce tool fragmentation, improve response times, increase visibility, deliver value, and unleash the power of security automation.

However, IBM's study focused almost entirely on enterprise users—and so MSSPs must evaluate the report's findings carefully in order to benefit from it.

In particular, MSSPs should bear in mind that their business needs differ substantially from most enterprise platform users:

  • MSSPs need a greater degree of flexibility from their tools than enterprises because they must secure the environments of multiple (and sometimes vastly different) client organizations.

  • MSSPs also require a higher standard of visibility and control from cybersecurity solutions than enterprises typically do. An MSSP can't outsource security intelligence, or detection and response, to a third-party vendor. Their business is quite literally to know what's going on in their clients' environments at all times and be able to respond to incidents at a moment's notice.

  • Service providers also need to be able to scale deployments up or down with far greater flexibility in order to onboard new clients quickly or begin IR engagements without delay.

  • Lastly, unlike most enterprises, MSSPs make their money delivering security services; they don't have other business units to fall back on if their security offerings fail. This makes MSSPs vulnerable to the threat of competition from security solutions providers in a way that enterprises don't have to worry about.

Why these differences matter when choosing a platform

For MSSPs, these differences can lead to adoption hesitancy, because there are two very different models of security platformization in the cybersecurity industry today.

The first model, which we've sometimes called the "Salesforce for cyber" approach, is the one advocated by IBM, Palo Alto, and other traditional technology providers. It involves attempting to be a one-stop shop for security teams (and making dubious claims about being “best-of-breed” in every category). Unfortunately, this approach has several serious drawbacks for MSSPs:

  • Platform providers trying to be all things to all users end up creating one-size-fits-all solutions that lack the customizability MSSPs need.

  • Many vendors assemble platform products by acquiring point solutions and attempting (with varying degrees of success) to get them all to work together as a single solution. Unfortunately, this kind of “platformization by acquisition” frequently creates integration challenges and performance issues that roll downhill to users.

  • Platforms developed by traditional vendors reflect their legacy mentality: heavily product-centered and proprietary. The resulting solutions lack visibility and control—often to the point of being too opaque or rigid for a security services provider.

  • The "Salesforce" version of the security platform is based on a SaaS profit model. For MSSPs, this means dealing with inflexible, long-term contracts; subscription-based pricing; and a sales culture that entails friction, gatekeeping, and drawn-out negotiations.

  • Lastly, nearly every vendor offering a unified security platform is also in the managed services space, or is moving in that direction via acquisition and partnerships. An MSSP should be extremely wary of basing its business on a tool provided and controlled by a potential competitor

The SecOps Cloud Platform: a better solution for MSSPs

At LimaCharlie, we're building a different kind of security platform: The SecOps Cloud Platform (SCP). In contrast to the SaaS version of security platformization, the SCP is based on a public cloud model. It’s an approach that has worked exceptionally well in the world of IT and general tech, which is why we often compare the SCP to "AWS for cybersecurity."

Key features of this approach include on-demand, API-first access to everything in the platform, complete customizability, pay-per-use pricing, extensive automation capabilities, and an engineering-centered architecture built to enable modern SecOps at scale.

For MSSPs, the advantages of this kind of platform should be crystal clear. A public cloud-like SecOps platform offers the same benefits of consolidation, automation, cost savings, and operational improvements as legacy vendor platforms. But crucially, it also provides flexibility, visibility, control, and freedom. Most importantly, the SecOps Cloud Platform is based on a fundamentally different business model—that of a pure technology infrastructure provider—so MSSPs never have to worry about their tool vendor competing with them.

In our view, the SCP is what a true SecOps platform ought to be—and is the best way for MSSPs to enjoy the benefits of cybersecurity platformization described in IBM’s report.

Learning more

IBM's report is available here.

To learn more about how LimaCharlie's SCP helps MSSPs to succeed, see our recent webinar: Building a Profitable MSSP: Modern Pricing Strategies for Maximum Growth

To experience the SCP for yourself, book a demo.

Copyright © LimaCharlie 2025