Managed Security Services Managed Security Services- An Opportunity for Carriers by Vincent Giordano
Carriers looking for new sources of revenue, and new ways of solidifying customer loyalty, should consider adding managed security services to their offerings. Equally important, they should consider outsourcing these services themselves to realize the greatest benefits for themselves and their customers.
Denial of service attacks. “ILOVEYOU” viruses. Online credit card theft. Never has the need for network security been stronger than in the past year.
Never has it been more elusive, either. As these high-profile security breaches indicate, even the largest companies with the most sophisticated security technologies in place are still vulnerable. For small and medium-size businesses, which lack the resources, expertise and capital to implement more than the most rudimentary security infrastructure, the dangers are particularly great.
A recent research report issued by the Ernst & Young Computer Security Institute underscores the growing threat to today?s corporate networks. Sixty-two percent of the
companies surveyed cited a security breach with- in the last 12 months, with each costing an average of more than $650,000. Even those companies with firewalls are not safe: thirty percent of all breaches occur despite the presence of a firewall.
While the costs of imperfect security are high, the benefits of properly implemented security are enormous. A secure network enables access by partners, vendors and customers to important company resources. By providing controlled access to resources to certain key users, companies can improve their business processes, shorten sales cycles and increase customer loyalty. WHY MORE COMPANIES CHOOSE TO OUTSOURCE Protecting a network is more than just installing a firewall and/or intrusion-detection software. Buying security software and installing a firewall are just the first steps. The real cost and value lie in the 24×7 monitoring. A company?s network should be monitored around the clock to ensure that sensitive corporate data remains secure and available only to those who are supposed to access it.
This requires hiring security specialists who are devoted to keeping an eye on the network. The problem is that, skilled security specialists are hard to find, expensive to train and difficult to keep. Security experts are in particular demand because hackers continually find new and different ways to break into networks, making them vulnerable to viruses, denial of service attacks, data intrusions and theft.
Specialists must keep up with the latest trends, products and services to stay competitive and provide value for their business customers. Often, the pace of change in security attacks and viruses make keeping up with the latest anti-virus packages, intrusion-detection information and security patches for various operating systems and network devices nearly impossible. If a good, trained employee leaves, the lag time in hiring and training a replacement can leave the business vulnerable and open to the very attacks it was trying to prevent.
Security technology and processes are also becoming more complex to implement and maintain. This complexity increases the levels of expertise required to deploy and manage a system, and increases the risk that mistakes will be made, providing opportunities for hackers.
Perhaps the most compelling argument for outsourcing network security is the economic one. Businesses that choose to handle security internally should be prepared to spend tens of thousands in hardware, software and implementation costs alone - and that doesn?t factor in staffing costs. THE OPPORTUNITY FOR CARRIERS This economic dilemma presents a golden opportunity for service providers. According to Infonetics, a market research firm, the managed security services market will reach $9.4 billion by 2004, up from $600 million today.
Although some providers have recognized this market opportunity and begun offering basic security to customers, none has really taken on the larger challenge of monitoring customers? internal servers and network traffic to determine if and when systems are being attacked.
Part of the reason is that, until now, service providers have lacked the tools and personnel to cost-effectively deploy and manage security services on a wide scale. Today, however, there are vendors offering scalable, pre-packaged security systems that are enabling carriers to provide outsourced Internet security easily and cost-effectively to their customers.
These managed security systems vendors - sometimes referred to as managed security providers (MSPs) - offer security services such as managed firewalls, virtual private networks (VPNs), vulnerability assessments, network reporting/analysis, anti-virus programs and security consulting. By forming strategic partnerships with these security companies, carriers can quickly and cost-effectively begin to meet the growing demand for security services from their corporate customers.
Many MSPs resell their services through carriers, offering them the option of branding products from leading vendors - as well as their own services - under the carriers? name. Depending on the nature of the partnership, the MSPs will handle the deployment of the firewalls, and all the day-to-day responsibilities of managing them, as well as other security services, from their network operations centers.
Because no up-front investment in equipment or personnel is required on their part, carriers can quickly begin to realize profits by adding managed security services to their portfolios. End-user customers pay a monthly fee per firewall, and more for add-on services such as virus protection and Web site filtering. PARTNERING WITH MSPs VERSUS DOING IT ALONE Because these MSPs focus solely on security, they are better equipped than most carriers to deliver state-of-the-art, proactive service. The MSPs are staffed by security experts with a greater breadth and depth of security expertise than those generally found on carriers? staffs, who may not have the same level of exposure to, and experience with, ever-changing security issues and challenges.
Partnering with MSPs can save carriers money, as well. Following is a look at the costs to carriers of handling security services in-house versus through a partner: WHAT TO LOOK FOR The most important criterion by which to judge a potential MSP partner is the breadth of its offerings. Carriers looking to generate profits through managed security services need to ensure that these services are comprehensive and robust enough to meet their customers? needs. At a minimum, an MSP partner should be able to deliver the following:
* 24×7 x365 Network Monitoring - Most MSPs operate several network monitoring centers, staffed around the clock by experienced security engineers, to manage and monitor all aspects of network security for each of their customers.
* Firewall Configuration/Installment at the customer site. Once installed, the firewall is managed remotely over the Internet using a secure VPN connection.
* Vulnerability Assessments - comprehensive assessments of a company?s network security position both before and after installing security systems. Some MSPs perform standard security checks every six months to ensure that the network continues to show no weaknesses.
* Monthly Usage/Trend Reports allow companies to track all network activity each month and analyze Internet usage to help them shape or refine their Internet policies.
* Web Site Filtering enables companies to block employee traffic to certain categories of sites, and to schedule appropriate times for them to surf the Internet.
* Virus Protection stops viruses and other malicious content at the Internet gateway, before they reach users? desktops. U
Security Services Costs In-house versus msps
In-house Outsourced Appliance Costs* $875,000 $0 Management Software $100,000 $0 Management Hardware $100,000 $0 Total Hardware Costs $1,075,000 $0 Operations Cost $720,000 $0 Implementation Costs* $300,000 $0 Outsourcing costs $0 $1,575,000 Total Costs $2,095,000 $1,575,000 Projected Revenue $2,250,000 $2,250,000 First Year Profit $155,000 $675,000
*Based on 500 security systems sold.
Forrester Research Estimates it costs $60,000/month to operate a NOC. *Includes configuration, installation and vulnerability scans.
Source: DefendNet Solutions
Vincent Giordano is founder and CEO of DefendNet Solutions Inc., a provider of managed Internet security systems. He can be reached at vgiordano@defend net.com. Visit DefendNet on the Web