Download MarketScape
Region Focus: CANADA

Canadian Security Services 2022 Vendor Assessment

March 2022 | ca48060922
Yogesh Shivhare

Yogesh Shivhare

Research Manager, Security and Infrastructure

Product Type:
IDC: MarketScape
This Excerpt Features: Bell

IDC MarketScape Canadian Security Services, 2022

Capabilities Strategies Participants Contenders Major Players Leaders



BellFeatured Vendor



IBM Canada

Herjavec Group


Major Players

ISA Cybersecurity

Long View Systems

ESI Technologies




Hitachi Systems Security

CDW Canada


IDC MarketScape Methodology

IDC Opinion

The Canadian security services market continues to evolve rapidly. As technological disruption leads to rapid digitalization of the Canadian economy, organizations are having to reimagine the architecture of the enterprise, and global disruptive events such as the COVID-19 pandemic are accelerating this process. Canadian organizations are no longer looking just for security products and policy management or regulatory compliance management services from external security services providers. Though these are still very important security functions, organizations today are seeking support from their security services providers (SPs) to deliver 24 x 7 security monitoring, improve detections for new and advanced threats, improve response times, and help them with the recovery process. In addition, organizations need support to understand and manage security risk, develop a long-term security program, and elevate their security maturity to secure their digital transformation.

As organizations incorporate intelligence and telemetry data from multiple sources such as multicloud, edge, endpoints, network, and OT/IoT for threat detection, they often face challenges of alert overload and false positives. The prevalent shortage of cybersecurity experts in Canada and globally makes it difficult for organizations to make sense of so much data and has motivated security services providers to invest more in the areas of machine learning/artificial intelligence (ML/AI), security orchestration, automation, and analytics. It has enabled security services providers to offer scalable security services that can be aligned to the unique needs of Canadian organizations of all sizes and industry verticals.

IDC believes that the following areas will drive the Canadian security services market forward while providing vendors with the opportunity to differentiate their offerings:

  • One-stop shop — the breadth and scope of professional security services as well as managed security services (MSS) including advanced services such as managed detection and response (MDR) that will continue to grow among providers
  • The use of advanced and emerging technologies that will provide greater visibility against sophisticated threats and provide enhanced use of automated processes
  • The ability to deliver higher level of orchestration, automation, and openness in the core platform
  • Cloud monitoring, visibility, and management capabilities that seamlessly enable multiple cloud implementations
  • Flexible deployment models that match the customer’s preferences for adopting and consuming services
  • Customer portal enhancements such as a mobile app and reporting templates to present to C-suite and board executives
  • Hiring and retaining of top-notch security talent

Tech Buyer Advice

Assessing the current capabilities and strategic alignment of a security service provider against your IT and business needs can be a lengthy process. It’s important to fully understand the security requirement of your organization before selecting a provider. IDC recommends referencing common cybersecurity frameworks such as those provided by NIST, ISO 27001/27002, and CIS to ensure you have properly classified all assets on your network. Visibility into your network will aid in selecting the proper services from the right provider. 

IDC has rated several essential criteria that firms should consider when comparing one provider with the others. Key areas to consider during your selection process are:

  • The breadth of the MSS portfolio. There is a broad spectrum of providers offering standardized services to heavily customized managed security services. Therefore, it is important for an organization to map various types of offerings to its IT requirements. The buyer in this market could be looking for traditional security controls such as firewalls, intrusion detection system (IDS)/IPS, security information and event management (SIEM), vulnerability scanning, and secure messaging. All providers in this document provide these capabilities, but these offerings have also expanded to include advanced services such as identity and access management (IAM), threat intelligence, web application scanning, managed detection and response, managed SOC, and vulnerability management/risk monitoring. MSS providers have also started to offer complementary services such as incident response (IR), forensics, and other digital consulting capabilities.
  • Digital consulting capabilities. A sound security program needs a comprehensive approach, which includes evaluating the people, processes, and technologies involved. Vendors listed in this document can assist technology buyers to understand the current security maturity, gaps, and future requirements. Breadth of professional services includes security strategy and planning, training, compliance and auditing, security policy assessment and development, penetration and vulnerability tests, network architecture assessment, breach or incident response, and forensics.
  • Use of security intelligence and machine learning. Threat intelligence and machine learning models are being used to complement or replace traditional SIEM solutions. Buyers need to be aware whether the security services provider that they are considering has a road map to deliver these advanced capabilities.
  • Platform that provides visibility across endpoints, network, and cloud. A security partner should be able to demonstrate innovation capabilities in its core platform as well as its use of emerging technologies. A true value to the organization is the ability to choose a vendor that can provide complete visibility of a detection and response management life cycle.
  • Integrations of orchestration and automation processes. Service providers are focusing more on orchestration and automation tools and integrating these technologies into their core delivery platforms. Along with advanced ML and AI, technologies such as orchestration and automation are assisting service providers to enhance SOC efficiency and help analysts prioritize, analyze, and respond to threats faster.
  • Threat intelligence, threat hunting, and other advanced capabilities. Service providers are going beyond the normal abilities and deepening into areas such as threat intelligence. Threat intelligence has become an important component of advanced services such as MDR and is being integrated into MSS and MDR offerings. Some service providers are also providing regular usage of human-led or automated threat hunting from the integrated threat intelligence feeds and creating processes and playbooks from its discoveries.
  • Cloud security strategy. One of the areas that continues to be developed and enhanced is cloud security. The ability of a provider to deliver flexible cloud models across multiclouds and work in environments for cloud services providers such as Amazon Web Services (AWS), Microsoft, and Google is important based on the organization’s needs. It is important to evaluate a service provider that will assist and provide recommendations for the organization moving to and utilizing these diverse IT environments.
  • Evaluate customer portals. Customer portals provide a convenient, web-based view of all security-related activities. Portals have evolved to become more than a simple reporting tool and popular offerings include interactive visuals, user-defined dashboards, audit report generation, and health reporting capabilities.
  • Security expertise and support. The tenure of the cybersecurity team and available skill sets is increasingly becoming a differentiator, and talent retention and training are critical to be a reliable security provider. Buyers must select a provider that will act as a trusted partner and as an extension to the IT team. Knowing that the provider understands the organization’s IT environment and challenges will simplify the ability to continue to make recommendations and tweaks and provide ongoing guidance along their security journey.

Featured Vendor

This section briefly explains IDC’s key observations resulting in a vendor’s position in the IDC MarketScape. While every vendor is evaluated against each of the criteria outlined in the Appendix, the description here provides a summary of strengths and challenges.


According to IDC analysis and buyer feedback, Bell is positioned in the Leaders category in this 2022 IDC MarketScape for Canadian security services vendor assessment.

Bell offers security services in Canada through its subsidiary, Bell Business Markets (BBM), and operates three commercial and one government SOC in Canada. The 700+ strong security staff is among the largest security teams in Canada and supports BBM’s customers as well as securing the Bell network. Bell has countrywide presence and can service midmarket and large customers across industry verticals.

Bell’s broad managed security services portfolio includes services such as network and content security, managed threat services (SOC services, MDR, and XDR), identity and access management services, cloud security, and IoT security. In 2021, Bell introduced BSURE (Bell Security Unified Response Environment), a Bell-operated and fully managed service that combines latest SIEM and security orchestration, automation, and response (SOAR) technology and Bell’s security expertise to deliver 24 x 7 monitoring, threat intelligence, alert triaging, and orchestrated and automated incident response to its clients. Bell’s MSS portfolio is complemented by an equally wide spectrum of professional security services including strategic consulting, assessment and testing services, and security design and implementation services that enable Bell to provide a one-stop shop for organizations looking to protect their entire ecosystem. Bell maps its security capabilities to clients’ security maturity and partners to transform it through five core security pillars — “simplify and solidify the core,” “SOC optimization,” “enhanced MDR services,” “addressing the velocity of cloud,” and “enabling convergence at the IoT/5G edge.” In addition to these core security service offerings, Bell also offers connectivity and networking services such as SD WAN, managed wireless, and DNS and VNS with embedded security.

Bell is making significant investments in proprietary AI/ML use cases, cloud security, IoT security, and automation within its technology, business support, and customer engagement processes. This enables Bell to add new services, enhance its existing portfolio, and improve customer experience.


Bell customers cite the company’s scalability and maturity to deliver large and complex projects as its strength. Bell’s extensive partnerships with security technology providers and cloud providers enable the company to offer integrated, end-to-end secured solutions to its clients.


Large organizations do bring the benefits of scale and maturity; however, Bell must demonstrate that it is nimble to customers to prove that it can quickly adapt to the changing dynamics of security projects.

Consider Bell When

Organizations looking to unify security management across the enterprise, including connectivity, security, cloud, mobility, and IoT, should consider Bell.

Learn more about how Bell can help you with your security needs.

“Organizations looking to unify security management across the enterprise, including connectivity, security, cloud, mobility, and IoT, should consider Bell.”

Yogesh Shivhare, Research Manager, Security and Infrastructure – IDC


IDC MarketScape Vendor Inclusion Criteria

To be included in the 2022 Canadian security services IDC MarketScape, providers had to meet the following criteria:

  • Need to have a presence in Canada. This criterion could be met by having a Canadian SOC, Canadian offices, or sales staff with a focus on selling security services in Canada.
  • Available services. Providers need a range of managed and professional security services.
  • Security services revenue of over $10 million for 2020. Any hardware or software resale revenue is not included.

IDC reviewed 16 security service providers with operations and customers in Canada using our IDC MarketScape model. This process included interviews of 13 providers and one or more customers from these providers, while 3 providers did not actively participate in this study and their evaluation is based on IDC’s knowledge of their security services offerings. Most of the providers featured in this study were included in IDC MarketScape: Canadian Security Services 2019 Vendor Assessment (IDC #CA44419519, August 2019). As a result of this study, IDC Canada has found seven IDC MarketScape Leaders and nine IDC MarketScape Major Players in the Canadian security services market.

Reading an IDC MarketScape Graph

For the purposes of this analysis, IDC divided potential key measures for success into two primary categories: capabilities and strategies.

Positioning on the y-axis reflects the vendor’s current capabilities and menu of services and how well aligned the vendor is to customer needs. The capabilities category focuses on the capabilities of the company and product today, here and now. Under this category, IDC analysts will look at how well a vendor is building/delivering capabilities that enable it to execute its chosen strategy in the market.

Positioning on the x-axis, or strategies axis, indicates how well the vendor’s future strategy aligns with what customers will require in three to five years. The strategies category focuses on high-level decisions and underlying assumptions about offerings, customer segments, and business and go-to-market plans for the next three to five years.

The size of the individual vendor markers in the IDC MarketScape represents the market share of each individual vendor within the specific market segment being assessed.

IDC MarketScape Methodology

IDC MarketScape criteria selection, weightings, and vendor scores represent well-researched IDC judgment about the market and specific vendors. IDC analysts tailor the range of standard characteristics by which vendors are measured through structured discussions, surveys, and interviews with market leaders, participants, and end users. Market weightings are based on user interviews, buyer surveys, and the input of IDC experts in each market. IDC analysts base individual vendor scores, and ultimately vendor positions on the IDC MarketScape, on detailed surveys and interviews with the vendors, publicly available information, and end-user experiences in an effort to provide an accurate and consistent assessment of each vendor’s characteristics, behavior, and capability.

Market Definition

Security services involve a holistic view of all activities necessary to plan, design, build, enhance, and manage security product environments and operations programs. These can span business processes, application, and IT infrastructure. Security services can be either purchased standalone or embedded with other services. In a standalone (aka “discrete”) security services purchase, the client has contracted with the services provider to purchase a purely security-centered engagement while, in an embedded or bundled security services purchase, the client has engaged with the client for a larger IT services project in which security is a just one component. An example of a standalone security services purchase would be a client that contracted with a services provider to deploy and integrate a new identity and access control technology within an existing IT environment. An example of an embedded security services contract would be a client that has engaged with a services provider to deploy a new cloud-based CRM system and must extend the current security infrastructure to cover the new systems. For a detailed explanation of security services, see IDC’s Worldwide Services Taxonomy, 2021 (IDC #US47191221, May 2021).

Related Research

  • Canadian Cybersecurity Market Outlook, 4Q21: 2020–2025 Security Forecast (IDC #CA47049621, November 2021)
  • Canadian Cybersecurity Market Snapshot, 4Q21 (IDC #CA47049421, November 2021)
  • IDC’s Worldwide Security Services Taxonomy, 2021 (IDC #US47681721, May 2021)
  • Brand Perceptions of Managed Security Service Providers in Canada, 2021 (IDC #CA46282421, March 2021)

IDC MarketScape: Canadian Security Services 2022 Vendor Assessment