Data sovereignty remains a serious concern for many Canadian corporations. Taking advantage of the more competitive MSS market south of the border results in logs and other data being stored in the United States and subject to American law. While it may be irrelevant to companies with operations in the United States, many find it unacceptable to export potentially sensitive business data on an ongoing basis.
Chicago-based Trustwave, a strong player in the MSS market, was acquired by Singapore Telecommunications Limited (Singtel) on August 31, 2015. According to the company, “The acquisition strengthens Singtel’s information security capabilities and bolsters Trustwave’s ability to expand its leadership in managed security services globally.” The acquisition is already having a positive impact in Canada.
Brent Davidson, Trustwave’s VP of sales and country manager for Canada, stated that Trustwave currently has 58 Canadian employees and plans to hire 25 more. Trustwave has been operating in Canada for several years, including an engineering center in the Kitchener-Waterloo area. According to Davidson, Trustwave currently provides security services to three million customers globally including “thousands in Canada,” and has gained significant experience with Canadian regulations and environments.
In August 2015, Trustwave expanded their Kitchener-Waterloo operations and opened a Canadian SOC to address data sovereignty issues for Canadian customers. This appears to be a strategic investment designed to increase market penetration in Canada. The backbone of their security services involves collecting logs for Security Information and Event Management (SIEM). Logs remain within Canada, and security services are provided by Canadian analysts.
Like other vendors in the MSS space, Trustwave provides a suite of services: compliance management, vulnerability management (including vulnerability scans), and a variety of threat management services including firewalls, Unified Threat Management (UTM) devices, web and email scanning, and endpoint protection such as anti-virus, file integrity, and access monitoring.
Steve Kelley, Trustwave’s senior VP of product and corporate marketing, explained that the firm services all verticals and customers of all sizes, “ranging from multinationals to corner store franchisees.” As an example, he mentioned that for small customers, Trustwave has service bundles to manage PCI compliance, UTM devices, anti-virus, and provide vulnerability scanning.
Service providers and companies who choose to build their own SIEM capability must often contend with expensive products. As SC Magazine reported in 2013, an HP ArcSight Express appliance carries a heavy price tag at US $45,000. This places it out of reach for many small and medium enterprises.
According to Kelly, Trustwave is able to provide services in cost-sensitive markets because they have built and acquired their own technologies, including the SIEM and log management components that underpin MSS. They have also integrated all services with their TrustKeeper portal, providing clients a unified view. This allows Trustwave to bundle services for various markets and to provide services through resellers.
Trustwave is by no means the only MSS provider with a Canadian SOC. They face strong competition from Bell Canada, CGI, and Telus, just to name a few. However, the fact that the US-headquartered company understands the importance of data sovereignty and has invested in a Canadian presence is good news for Canadian businesses. Hopefully this trend will continue and Canadian corporations will benefit from increased competition and a wider variety of management security services to choose from.
Have a security question you’d like answered in a future column? Email firstname.lastname@example.org
SAMSUNG GALAXY S8 PLUS
The Samsung Galaxy S8 Plus is a beautifully crafted smartphone with nearly no bezel, curvaceous in design and reflects a…
How to: Connect to Exchange Online Using Multi-Factor Authentication
Using PowerShell to manage your Microsoft cloud services like Exchange Online and using multi-factor authentication (MFA) separately is awesome. Using…