As enterprises rapidly digitize more business processes with cloud computing, mobile, IoT, and data they are straining their ability to find the security talent they need to secure their systems.According to the Global State of Information Security Survey (GSISS) 2017 -- a worldwide study conducted by PwC, CIO and CSO released this month - skilled cybersecurity professionals are hard to come by \u2014 and continue to make enterprise IT security all the more challenging. Many enterprises are attempting to close their skills gap by turning to managed security services. According to the survey, 62 percent of respondents use security service providers to operate and enhance their IT security programs.\u201cDepending on who you believe, the MSSP market is growing between 10% and 15% compound annual growth rate and it\u2019s been near that range of growth for quite some time. So, not exploding but solid, steady growth \u2013 because of the factors I mention above,\u201d says John Pescatore, director of emerging security trends at SANS.\u201cTo deal with the changes in threats and the increased business use of cloud and BYOD, enterprises found they didn\u2019t have the skills and they focused on trying to hire people with those skills \u2013 which is very expensive, since you have to offer high salaries to steal them from their existing jobs,\u201d says Pescatore. \u201cOutsourcing as much as possible to an external service, either a full MSSP or point security as a service provider, is one way to fill the gap,\u201d he says.The 10 percent to 15 percent compound annual growth rate aligns with a recent study from Markets and Markets which expects the cyber security services market to reach $202 billion by 2021, growing from $122 billion now at an annual clip of 10.6 percent. According to that report, over that same time period application security is expected to grow the most swiftly, with aerospace and device being the largest buyer of security services, following by government and public utilities, IT, and telecommunications.Carson Sweet, co-founder and chief technology officer at CloudPassage, says competitive pressures is another reason why enterprises choose to outsource so that they can focus on core areas of the business. \u201cMost businesses aren\u2019t going to differentiate on e-mail or CRM, so they outsource those functions and allow their internal resources to focus on technology that does differentiate them competitively,\u201d Sweet says. The same is true for many businesses and information security.While enterprises are more comfortable today with outsourcing security, the GSISS survey found that most of the outsourcing today consists of authentication, data loss prevention, identity and access management, real-time monitoring and analytics, and threat intelligence \u2013 each ranking around 50 percent or higher.Not everyone is convinced that the current trend toward outsourcing security functions will remain intact.The idea, in theory, is that such \u201ccommodity\u201d cybersecurity efforts could be offloaded to security service providers who can hire skilled technologists who staff a security operations center 24 hours, seven days a week. This would free internal resources to focus on other areas. \u201cBut for many security sensitive enterprises (lots of financials and ecommerce, or \u201cdigital businesses\u201d companies) most of security beyond routine alarm monitoring is too tightly wrapped around critical business processes and very sensitive data\/algorithms \u2013 they are the ones investing in \u201cplussing up\u201d the skills of their security staff,\u201d says Pescatore.\u201cThe pendulum will swing back as it did with monitoring services, where folks tried to run it themselves, failed and then sent it to MSSPs,\u201d says Art Gilliland, CEO of Skyport Systems. \u201cBut the challenge with MSSPs is that they lack the context of the enterprise and so they can only deliver lowest common denominator security. Organizations will ultimately figure out which capabilities they can check box, outsource those and hire and run the other capabilities in house.