Outsourced security has been tipped by global vendors such as Symantec and Computer Associates as one of the hottest, if not the hottest, trends for coming years.
Market researcher IDC has predicted 2004 as the year IT services start growing again, with managed network services alone to hit $1.2 billion by 2007.
Managed security services can seem like a jigsaw puzzle of interlocking offerings. Perimeter protection, firewalls, intrusion detection and VPNs are infrastructure aspects of services ranging from support, monitoring, content filtering, risk assessment, archiving and disaster recovery and any variety of on-site consulting.
New regulatory requirements such as Australia's CLERP 9, the European Union's Basel II and the US's Sarbanes-Oxley legal reforms have made management and security both more interdependant and more critical to profitability.
It seems there could be something for everyone. Especially as more and more business processes become dependent - for better or worse - on the vagaries of internet technology.
The Australian subsidiary of Asia's Pacific Internet is one example. Matt Lovegrove, national sales manager at Pacific Internet in Sydney, says the company has added managed security this year in response to customer demand.
Yet he argues that the pieces of such offerings may have a long way to go. For instance, Service Level Agreements (SLAs) are coming in but a long way from reaching the level of sophistication that other IT sectors enjoy. And they're not without risk. SLAs done properly always have a price, whether explicated or hidden. 'In this area, [SLAs] are quite new,' Lovegrove says. 'At this stage, we're trying to understand what our customers are looking for, so it's very hard to guarantee that.'
Pacific Internet targets companies with five to 199 employees, essentially providing an SMB offering. In the past, and in other nations, larger organisations have been the biggest buyers of managed security.
Smaller businesses tended not to have their own dedicated IT staff or $20,000 to spare for security updates and support.
But as more SMBs adopt broadband, their respective security needs get complicated and more urgent, Lovegrove says. 'There is potential for viruses to be transmitted more easily - and spam also,' he says. 'They don't really want to go and hire someone, to be sitting there day in and day out managing their network.'
The company has been offering IP VPN-type services for two years. But customers are getting frustrated with having to constantly upgrade their security so expansion of the service makes good business sense. Security, after all, isn't a core business activity for most.
Pacific Internet is also pushing subscription-based managed security. Subscription, 'utility'-style pricing makes for easy scaleability and pay-as-you-go convenience, Lovegrove says.
And Pacific Internet relies heavily on its resellers to deliver that service. But unlike in the old days, buying a box isn't enough. IT security has evolved - and as customers' evolve their awareness and understanding of those threats, so must resellers. 'As we know, the nature of threats is constantly changing,' he says.
Pacific Internet has about 400 reseller partners, 20 of which opt to deliver its managed security offering. Although the vendor wants more, Lovegrove says it's more important to have the right resellers for the product than to sign up as many as possible. 'They're mainly network integrators and system integrators. They are effectively providing outsourced support to SMBs,' he says.
Pacific Internet believes a stable of 80 to 100 pushing managed security could be about right. Over time, the ISP will get more into deep inspection of packets, as opposed to perimeter protection such as managed firewalls, he says.
Resellers without specific security expertise can still be suitable. It might be enough if they are able to build the brand and establish a trusting relationship with customers. Then, managed security becomes that Holy Grail of today's shrunken channel - an additional revenue stream to boost those ever-decreasing margins, Lovegrove says.
But he warns new players shouldn't try to build a managed security offering without external help. Most of the time, new entrants to any field can benefit greatly by learning from others. However, in IT security that's even more important, Lovegrove claims. 'Partner with people and use their experience,' he urges.
Andrew Tune, Australia-based director at a very different company, managed security provider Network Box, is also keen on encouraging resellers to partner with established players. 'Talk to people like us who've done it before. A managed security business can be a very nice, profitable business but there are many traps for young players,' he says.
Doing managed security provision is like running Noah's ark, he says, with the provider trying to maintain matched pairs of every necessary species to keep the earth safe post-deluge. 'We have channel partners who were profitable from day one. But if you're trying to do it by yourself, you'll probably be profitable by installation number 100,' he argues.
Tune says customers often don't know what they want. So service providers and resellers must learn to re-interpret customer needs in ways that will provide whatever fix is needed with an explanation that will satisfy the customer.
Managed security should be a comprehensive, integrated suite of systems, with all the bits working together smoothly and efficiently. It little benefits a busy corporate or SMB customer if network security has to be bought piecemeal, Tune says.
A managed firewall alone is not enough either. Not only is it 'almost useless' even as a perimeter defence but it has been technologically outmoded. Today, managed firewalling is only a small part of the arsenal available.
As a result, requests for firewalling are something Network Box needs to reinterpret for the customer. '[Firewalling] is a 1995 solution. There are a whole lot of problems nowadays that firewalls just don't fix,' Tune says.
He points out that another critical component beyond having technologies that actually do what's needed is the level of support. Without at least the option of 24 by seven or a minimal eight by five hours a week, you can forget about offering managed security. The window of opportunity for threats is then too large - and likely to widen as time passes, he says.
Network Box looks customer needs, then builds up its Linux-based solutions bit by bit. That's the only way a real answer can be offered, even temporarily, he says. 'All our systems have SurfControl engines and Kaspersky anti-virus. Some are commercial and some are proprietary,' Tune says. 'But the key is not the technology but the integration.'
What technology is chosen is only 10 percent of the problem, he claims.
Tune himself has seen a customer ditch a rival's security offering, disconnect the box and change service providers without the incumbent noticing. He won't name that company, but says it shows how far some security providers have yet to go to actually deliver useful product.
Network Box, like Pacific Internet, relies on its channel, and having different types of partners to reach a broader end-user base. Customers - like people everywhere - don't expand beyond their current relationships unless forced. So having an established network of IT partners with loyal clients is critical to reaching the market. 'Working with the channel is the only way that makes sense,' Tune says. 'That is the way people buy security.'
NSW reseller Netlan, which started offering managed security a decade ago, is one of its partners. Gunter Baurhenn, CEO at Netlan, says his Castle Hill-based company has been building up its managed security services provision for about 10 years, but this year sales are accelerating. 'I think the market has changed incredibly,' he says.
Netlan specialised in LAN and WAN networking for the education sector - especially regional private schools. The reseller has just finished deploying managed security services across two campuses at Illawarra Christian School, near Wollongong.
The $50,000 implementation covers Tongarra and Cordeaux, the two main campuses at the school, which caters for around 1000 pupils from six to 18 years of age. The campuses are 12 kilometres apart as the crow flies, Baurhenn says.
'Network Box had a firewall system in Cordeaux but nothing in Tongarra and an ISDN link between the campuses. Tongarra was opened up to the rest of the world and also a wireless connection,' he says. 'They were getting severely savaged by viruses and trojans and stuff like that.'
Key to reseller profits is setting up a system that requires the least human interference possible. Netlan deployed a Network Box SME 250 anti-virus and anti-spam appliance in each campus and then fine-tuned the network.
Each SME 250 can support and keep separate up to three LANs. The actual set-up took just a couple of days, but the reseller will continue to facilitate Network Box support for Illawarra Christian School, Baurhenn says.
'Within 24 hours, we had about 20,000 emails coming in which we filtered for trojans and stuff like that,' he says. 'Also, the school has control over what's being looked at.'
Previously, the school's system had been overloaded to the point where it was shut down regularly. Tongarra has been 'completely refurbished' and further work on the Cordeaux side is scheduled for the Christmas school holidays. VPNs will connect the two campuses, Baurhenn says.
'There's no limit to how many VPNs you can set up,' he says. 'They should not have problems any more. They were getting a few thousand viruses through in a week.'
Baurhenn believes Illawarra Christian School can expect to save $100,000 in costs overall from the managed security deployment. 'And you can't price up the agony,' he says.
Security was once merely desirable but today is a necessity not just in business but in the home, especially as broadband uptake increases. It is too early to say if 2004 is the turning point for the managed security market, but growth is definitely up. 'If you don't have security, you get savaged,' Baurhenn says. That's a realisation that has now reached most, if not all, computer users. 'I would say that 40 percent of users buy the system once they have had a problem,' he says. 'And today the resellers are doing more marketing than the vendors. And the technology is becoming a commodity.'
There has been a certain amount of consolidation of the early adopters of managed security offerings. Logicalis got bought by IBM. MCR has outsourced its managed security offering. Meanwhile, former high-profile player Zento, entangled in PowerLan, has gone somewhat quiet this last year.
Five-year-old Sydney telecommunications provider SecureTel, run by BrennanIT frontman Dave Stevens, is a survivor.
SecureTel - formerly BeSecure - targets medium-sized organisations with 50 to 500 seats, a niche sustaining few competitors. Stevens has been 'very happy' with the company's success. 'Our model is a little bit different in that we sell bandwidth that's secure rather than a managed service as such.
We sell you a 2MB Asynchronous Transfer Mode (ATM) pipe or DSL and then put security on it and virus scanning and content filtering and so on,' he says.
Five years back, the market was about port filtering and virus scanning. Today, managed security is a puzzle with many different yet related pieces and more content-based filtering. SecureTel is constantly adding different intrusion detection boxes to its network, he says.
Different threats - and more attacks - need more complex layers of defence. 'We, I think, filter something like 80,000 viruses out of emails a day, from around 500 actual [customer] companies,' Stevens says.
Those companies have an average 75 seats and that figure represents viruses alone. Other threats are sometimes filtered out, blocked or bounced completely, so few statistics on those threats are available. 'Our clients might get centralised port scans. At any time, there might be thousands of ports we are actually blocking, from one or 30 or 100 different sources,' Stevens says.
Spyware attacks have also leapt up the scale, and managed security is an excellent approach to consistently removing spyware from a network or conglomeration of networks. 'I don't think you can stop it at a single point. There's got to be multiple layers of strategy,' he says.
Spam has required a customised approach, with SecureTel creating product for its clientele. It's managing what is and isn't spam that takes the time, Stevens says.
SecureTel uses boxes from vendors such as Cisco and NetScreen. Many 'lesser threats' are catered for in standard, up-to-the-minute pattern files, such as those released broadly by the likes of Symantec and Trend Micro.
'We are constantly talking to people like Brightmail and Sophos and Trend about other products they can give us,' he says.
SecureTel started with generic software-based firewalling five years ago but by 2000 and 2001 the products were more sophisticated. Line speed security devices began to appear, and SecureTel still uses these, along with centralised, multiple firewalling, packet inspection and other technologies, Stevens says. 'The advent of NetScreen was significant. We wished we'd had that since day one,' he says. 'It's all about getting the packet-filtering in a chip.'
Boxes tend to appeal to telecommunications customers, because they're visible and discrete. SSL VPNs are becoming more common and may be used as appropriate. What product is used, however, is often dependent on what technologies and networking the client already has, Stevens adds.
He agrees with Network Box's Tune about the redundancy of firewalls. 'A firewall by itself is pretty useless these days. Everything comes in through port 80 anyway. At a redundancy level, it just blocks or opens port 80. But you've got to have a firewall to do certain things. 'There's no one-box-fits-all approach,' he says.
Regulatory changes haven't made much difference to SecureTel clients, he says. Customers haven't rung SecureTel asking for changes as a result of legal reforms that might be thought to affect IT security infrastructure. That could be due to most industry players having already thought about these things years ago, Stevens opines. 'Most of our customers were already aware of it, so [the changes] haven't had a huge impact on our industry,' Stevens says.
Sven Radavics, national sales director at managed security vendor WatchGuard, confirms the vendor is seeing good results via its channel. WatchGuard has been using networking distributors VoIP, LAN Systems, WhiteGold Solutions and Firewall Systems and service providers such as AT&T for several years.
Years back, WatchGuard and Check Point held their corner basically alone. Today, such diverse players as Telstra and SurfControl are bringing out managed security offerings.
But even today, WatchGuard can only claim to have sold 'under 100 units' in Australia this year. It appears perceptions of this market are somewhat mixed.
However, the company expects much more growth in the Australian market this year as people continue to become more aware and knowledgeable about IT security. Gartner has been predicting multimillion sales growth for years and that has already happened in the US, Europe and some Asian nations, he argues.
Real profits for a reseller or managed security provider are in creating managed security offerings high in automation and scaleability. 'Every time you need to send a technician out, it significantly shrinks your profit margin,' Radavics points out.
He says providers must also remember that building and running a network operations centre can prove extremely expensive, causing many a player's downfall in the recent past if the customers don't come.
Yet sales will be up for grabs at the SMB level if players can fit the pieces together neatly. Established global players, like BeTrusted, tend to stay at the 'very high end'. 'I think we'll see a snowball effect,' Radavics says.
-1.jpg&w=100&c=1&s=0)
.png&w=100&c=1&s=0)
