Home » Data Protection » Network Security

Pipe Cleaners: Telcos Offer Managed Security Services

AT&T and other telcos want to clean up your Internet traffic - for a fee. A look inside in-the-cloud scrubbing services.

$7 billion Canadian telecom company, says security services have always been part of his company’s offerings; they’ve just never really been marketed. “When we’re dealing with big clients or government contracts, then we put on our security consulting hat,” McLean says simply. “We look at it as a differentiator.”

Typically, telecom companies sell virtual private networks (VPNs) and take over such rote tasks as managing firewalls, intrusion detection systems or other customer premises equipment. This frees up business customers to keep lean staffs or focus on more strategic operations. While standalone managed security service providers (MSSPs) have the same capabilities and, arguably, deeper security expertise, telecom companies have one gigantic advantage: They are already on the payroll.

“Telcos don’t find themselves in the position of having to market the way that pure-plays do,” says Loren Rudd, an industry analyst at Frost & Sullivan, a research and consulting company. “The pure-plays have to evangelize on almost every sale that they make. It’s easy for the enterprises who are migrating to managed security services to call up their telco [and add a feature] like you were adding a cable channel to your TV.”

That’s basically what Dan Antion of American Nuclear Insurers did when he chose to outsource security to AT&T, which had been his phone and Internet vendor for seven years. “It just seemed to make sense,” says Antion, VP of information services at the Glastonbury, Conn.-based underwriter for the nuclear power industry. “We’d been through a lot of projects with them.”

Given the middling need for marketing, it shouldn’t be surprising that few people noticed when the telecom companies overtook most of the pure-plays in terms of market share for security services. According to Frost & Sullivan, three of the eight largest MSSPs in North America are telecom companies: AT&T, Sprint and Verizon. Three more are IT services companies—Getronics, IBM and VeriSign—that have gotten big in the MSSP space mostly by eating up smaller pure-plays (most notably IBM’s purchase of Internet Security Systems earlier this year). Until recently, Cybertrust and Symantec were the last two large MSSPs with an information security focus. Symantec, though, is positioning itself more as a purveyor of “infrastructure software,” and the pending purchase by Verizon of Cybertrust further narrows the field. (See chart on Page 33 for details.)

The market is still fragmented, though, with plenty of room for competition. Frost & Sullivan estimates that these large companies combined have only 40 percent of the MSSP market—a market it expects to grow about 20 percent a year through 2010. “I personally think that, if implemented correctly, telcos are a good match for the managed security market,” Rudd says. “The growth trajectory of MSSPs has proven itself in recent years. It’s not speculative for a telco to get involved.”