It's bad enough that service providers have to defend against an ever increasing array of outside threats, from distributed denial of service attacks to zero-day exploits. Now an even bigger danger could be lurking -- the "business security threat".
It's not a physical threat and it doesn't necessarily come from the bad guys, but it's nevertheless very real, says Dr Keith White, Alcatel-Lucent APAC security services director, who warns that new business models from the likes of Google and Skype are potentially as dangerous to service providers as anything the hackers can dish up.
"At this point the threat is fairly benign but at the end of the day, who is going to pay for the infrastructure? That's a huge business challenge," White told BroadBand Communities in an exclusive interview.
He said that with most service providers still making most of their revenues from voice, business models would have to change, noting that new enterprise offerings such as Microsoft's Communications Server 2007 could effectively kill the need for voice circuits in many cases. "It's like Skype on steroids and that's the stuff that worries me," he noted.
Ironically, the Alcatel-Lucent security services director said he was cautiously optimistic that the industry was getting the measure of physical security threats. "The industry as a whole is getting ahead of the game for the first time in 15 years," he said, quickly adding that the situation can change quickly. "We will never defeat all the hackers but it's getting better."
He said that today's hackers are more targetted in their attacks, rather than in the past where they might have had more random attacks to show off. But he noted that targetted attacks can also be defended against more effectively.
Dr White said that in the past he had worried about the implications of transforming to an all-IP infrastructure, but new models and standards available today are up to the task, he suggested. "I was worried about IP transformation but we're starting to see light at the end of the tunnel and security solutions that are effective."
He pointed to the ISO/IEC 27001 security standard that he said was particularly applicable to broadband and IP infrastructures, noting that many large companies are starting to demand 27001 compliance for their supply chain partners.
Dr White was a keynote speaker at the Information Security Asia 2007 event in Bangkok, with his talk centred around end-point security and network access control (NAC). He likened NAC -- which controls what end-points such as notebooks and mobile devices can do once they are on the network -- to "seatbelts for the information highway" and suggested that corporations are now starting to enforce the "seatbelt" policy.
While he said there was no official NAC standard, in future all of the various technologies will have to work together. "It's not really a standard but something that evolved as a good idea, but the interoperability will come because it's so critical to security," he pointed out.
He also claimed that the merged Alcatel Lucent was in a better position to offer businesses security equipment and services, noting that Lucent in the past had good technology but Alcatel had the better channels to distribute it to enterprise customers.
The next focus will be for service providers to offer security solutions at the consumer level, he said, adding that the biggest challenge was to get consumers to pay for value-added services in an environment where they are used to free offerings. "The business model will be a challenge but new business models will emerge," he predicted.
Meanwhile, Infonetics Research has forecast the managed security service market to more than double between 2006 and 2010, when it will reach US$12.1 billion, according to its latest report on "Security and Encrypted VPN Services."
The report indicates the security service market is being driven by increasing global demand from organisations of all sizes due to the proliferation of security threats of all types, the complexity of current security solutions, and the desire of many service providers to add revenue and improve margins. Infonetics said that while there will never be a major spike in managed security service spending, strong incremental growth will continue beyond 2010.