Fully Managed Security Services on the Upswing

An increased focus on security has made many organizations recognize that security is not one of their core competencies. These organizations have been spending increasing amounts of time and money monitoring the security of their network and keeping abreast of the newest hacker threat or virus. In many cases, particularly with smaller and midsize companies, these security-related activities leave less time and money for other important strategic and business-critical processes.

To alleviate this problem, and to take advantage of this new market opportunity, major Internet service providers (ISP) and other network service providers have begun to offer fully managed security services. These services, many of which are available today, provide nearly any type of security-related function a company might require.

At the low end, security offerings can include firewall and network equipment rental, and software licensing. Most of the ISPs and network service providers, however, are now providing fully managed security services that can include security policy planning, design, implementation, software licensing, authentication, encryption, access control, security monitoring and intrusion detection.

Nearly all of the managed security service providers offer their services based on industry-standard firewalls -- most notably, Firewall-1 from Check Point Systems Inc. (Redwood City, Calif., www.checkpoint. com), Gauntlet from Trusted Information Systems (Glenwood, Md., www.tis.com) and Raptor Firewall from Raptor Systems Inc. (Waltham, Mass., www.raptor.com). As part of their managed firewall service, many providers include, at a minimum, access control and authentication; others offer either firewall-based encryption or an optional hardware-based encryption device from companies such as VPNet Technologies Inc. (San Jose, Calif., www. vpnet.com) or V-One Corp. (Germantown, Md., www.v-one.com). Some providers offer enhanced authentication services using a token-based two-factor authentication process using tokens such as SecureID from Security Dynamics Technologies Inc. (Menlo Park, Calif., www.securid.com) or CRYPTOCard from CryptoCard Corp. (Toronto, www. cryptocard.com).

Most important, the providers manage the security service on an around-the-clock basis, logging all network log-in attempts and recording unauthorized attempts. On the basis of the company's security policy, and the level of security service provided, the service provider will also notify the client of attempted intrusions and take remedial action based on the security policy.

Although not part of the managed security service per se, some service providers offer optional, extra-cost penetration studies that look for potential security problems in the network. As part of this process, many providers will also work with the client to develop a security policy.

In a recent market study, industry analyst firm International Data Corp. (IDC, Framingham, Mass.) indicated that revenue from managed security services will increase gradually in 1998 to $59 million, and reach $455 million by 2002 as more network service providers actively market the services in conjunction with other networking offerings.

IDC also expects that over the next several years, more security service providers will routinely offer two-factor authentication, combining the use of a password with the use of a token or smart card. IDC also expects that this use will accompany an increased usage of digital signatures and certificates, and single sign-on processes.

COPYRIGHT 1998 101 Communications, Inc.
COPYRIGHT 2004 Gale Group