Value-Added Service Opportunities: Network Security

March 29, 2000 -- Network security has suddenly vaulted into the public eye thanks to recent hacker assaults on E-Bay, Amazon.com and other high profile Internet sites. It is about time!

As a potential value-added service for CLECs that also are ISPs, I can think of none more important than network security. This discussion will cover some of the ISP network security offerings today and suggest ways in which you can be of service to your customers. CLECs that are just entering the Internet arena may not be fully aware of the risks and opportunities presented by network security.

Why Get Involved with Network Security?
If you are offering any form of dedicated Internet access, including DSL, you do your customers a disservice by not also offering protection. This can be a standard value-added package or an add-on with a fee.

End-users with DSL and other dedicated access services are permanently connected to the Internet. There is no dial-up sequence that establishes a connection using user authentication. The LAN or PC is simply connected all the time. This means that anyone anywhere in the world could potentially “ping” their LAN or PC, and if they wish, play all kinds of havoc.

Is this likely? Who knows, but in these days of schoolyard shootings, it is certainly within the realm of possibility for malcontents to intentionally damage your intellectual property. End-users do not know how truly vulnerable they are – it is up to you as their professional provider to tell them.

Residential users to corporate networks – they all are vulnerable and need your help in protecting themselves. Few people leave their houses unlocked or their cars running with the keys in the ignition anymore. Leaving a dedicated connection to the Internet unsecured is tantamount to the same.

What Is the Scale?
Depending on the scale of what you wish to protect, your methods will be very different.

For single PCs or small LANs, simple software protection is normally sufficient. CLEC/ISPs can resell software from companies like SyberGen that will help to create a barrier to entry from unwanted outsiders. This type of software includes “rule base” functionality that will employ time of day or day of week restrictions that the user establishes. It’s cheap and reasonably effective. If you serve hundreds or even thousands of dedicated connections, the added revenue can be substantial.

Larger organizations will need a great deal more help and are willing to pay substantial amounts for security.

The first step is for the end-user organization to clearly understand what they need relative to network security. This means the creation of a detailed network security policy and plan. The policy identifies what you are protecting, from whom you are protecting it, and the access privileges associated with the information.

The plan describes the tools that are to be used and how they are to be implemented. Without a carefully articulated plan and policy, no network security tools – including firewalls or encryption - can hope to be successful. If there is sufficient interest, we can cover network security plans in greater detail in the future. For now however, ISPs and CLECs should consider partnering with solid professional network security groups and acting as a retailer for such services.

Current ISP Network Security Offerings
Some existing Internet providers are offering network security as a product line.

Intermedia and Digex offer the Intermedia Secure (formerly DIGEXSecure) suite of Internet security solutions. It features turnkey network security management -- from definition of customer requirements to provision of unparalleled remote network security monitoring.  Some of the more interesting aspects include a comprehensive on-site security assessment to determine how and if the network is vulnerable to intrusion, and turnkey or managed firewall services.

UUNET offers their UUSECURE services. These include SecureSweep vulnerability assessment, authentication services, and both stand-alone and managed firewalls. UUNET also offers IP-based Virtual Private Networks (VPNs) for its corporate clients.

Many other CLEC/ISPs are offering network security services. Those mentioned above are only a sampling and not meant to be comprehensive.

What Can You Offer?
When considering network security services as a value-added component of your product line, you need to assess the needs of your customer base, your internal technical and support capabilities, and partner possibilities.

Software security solutions are easy to offer and effective for consumer services. I suggest that you evaluate several alternatives and establish a distribution relationship with a company like SyberGen.

There are a variety of firewall vendors to choose from including Checkpoint and Raptor. Authentication tools are also becoming more and more popular. Check out the offerings of RSA Security or Identikey.  Both have been around a while and offer an interesting possibility for ISPs and CLECs.

If you have the capabilities, you can consider offering a complete suite of services similar to those described for Intermedia and UUNET, including managed services for firewalls or VPNs.

Taking the Plunge
As with all of the services we have covered in this space, the ultimate answer as to what is best is up to you. There are a variety of security products available. My suggestion is to examine what your competitors have done, evaluate the needs of your customers, mix gently with your own capabilities, and you will come up with the right recipe! After examining the security arena carefully, you may find an entirely new profit center for your CLEC enterprise.

In our next installment, we will investigate some of the other interesting value-added Internet services that CLECs can offer.

Joel Maloff is founder of Maloff Group International, an Internet business consulting organization. Maloff has been an executive in local exchange and interexchange telecommunications since 1973, and has been involved in various aspects of the Internet since 1987. Maloff is the author of four books and hundreds of articles regarding Internet.