|
|
|
|
|
|
|
|
|
||
| internet.commerce | ||
|
Partner With Us |
Behind the Curtain of In-The-Cloud Security Services
There's a real opportunity in security services, and the most valuable customers are the most demanding. ISPs should be equally rigorous in choosing a security service provider.
| by Jim Freeze Crossbeam Systems Vice President of Marketing [November 18, 2008] |
 |
|
|
Service providers are always looking to deliver comprehensive, higher-value solutions to their enterprise customers in order to both retain existing revenue streams and capture new ones. At the same time, enterprise customers are overwhelmed by IT security complexity and high up-front and operating costs, and are in desperate need of outsourced solutions. Enormous pent-up demand has built up for new, carrier-based "in-the-cloud" security services, where security is delivered seamlessly to enterprise customers.
True in-the-cloud security services, and the benefits they offer to carriers and their customers, are difficult, if not impossible, to realize via traditional security hardware. In order for carriers to realize the full operational and revenue-producing potential of these new, much-needed services, they need to consider a new breed of security platform. One that is capable of delivering massive scalability and performance, while providing the ultra-high reliability and availability that have long been the trademark of successful carrier services. Forward-looking carriers investigating hardware and software solutions that enable the delivery of reliable, high-performance security services will find several options available to them, including traditional security appliance-based solutions, unified threat management solutions and next-generation security platforms, but not each option will deliver the same results to carriers and enterprises.
Traditional model
The traditional model for delivering security services to enterprises is achieved via the installation of dedicated security appliances at the customer premises. As appliances are added to the network to meet demand, all accompanying hardware, including switches, load-balancers, cables and redundant hardware necessary to deliver carrier-class reliability must also be installed, leading to what is commonly known as "appliance sprawl." Because this traditional managed security service model requires customer premises equipment, potential problems to both carriers and enterprise customers arise. Because the service is not delivered through carrier's cloud alone, when the hardware fails, the carrier must roll trucks and dispatch service people to the customer site to solve the problem, and the enterprise suffers with no service until the problem is remediated. In this complex arrangement, as service offerings grow, traffic levels rise, and new security services are required (e.g. antivirus, IDS/IPS, content filtering), the complexity of the network gets out of hand. While this traditional approach does enable carriers to deliver security services, performance is often poor, and costs—driven by hardware purchases, IT personnel requirements, physical space rental charges and electrical consumption—continue to grow and quickly eat into carrier margins, which in turn lead to rising service fees for enterprises. These traditional systems are difficult to deploy, operate, update and scale.
Some carriers have changed their approach for delivering security services by adding all of the required hardware to their own network, providing "clean" service to enterprise customers without hardware on their premises. These carriers have realized the benefits of a centralized network and have eliminated the burden of servicing external hardware. This alternative approach has some advantages over the traditional model, but doesn't protect the carrier from the internal appliance sprawl that grows as the service offering grows. The result is highly complex network architecture with less-than-optimal profitability.
UTM
An alternative solution for carriers looking to offer in-the-cloud services is to use existing UTM (unified threat management) solutions that bundle multiple security applications on a single, dedicated appliance. While this model enables multiple security services, it does not solve the appliance sprawl problem in that it requires the carrier to deploy a separate "box" for every customer, whether at the customer premises or in their own network cloud. Moreover, it also eliminates the choice of security applications—a carrier installing this type of solution must accept the all-or-nothing bundled software offered by the UTM vendor. These "unified" software solutions are often cobbled together through acquisitions, and don't offer best-of-breed applications for each type of security need. UTM technology's selling point is that it offers all the security applications needed in a single device. While this type of offering can be ideal for small enterprises where management simplicity and all-in-one technology trump the need for best-of-breed technologies, large enterprises and carriers, which are looking to offer competitive in-the-cloud security services, will find that UTM offerings are insufficient to meet their high performance and high reliability demands.
NGSP
For carriers and large enterprises that demand the best applications in each class of security software, running with ultra-low latency on dedicated hardware that minimizes the network footprint, a new alternative has emerged in the market—the Next Generation Security Platform (NGSP). These advanced systems enable the delivery of multiple best-of-breed security services from the carrier's network cloud to enterprise customers via a dedicated chassis purpose-built for security. NGSPs combine network blades, control blades and application blades to efficiently process high-throughput data streams while adhering to security policies, enabling carriers to customize security services applied to each of its customers' data streams. NGSP hardware and management software are purpose-built to streamline security processes, setting up literally hundreds of virtual instances of multiple best-of-breed security applications within the application processors. This virtualization eliminates unnecessary appliances and supporting hardware—replacing hardware at up to a 200:1 ratio—and drives traffic at unmatched levels across very high throughput backplanes. The virtualization capabilities within these platforms make full use of the all application hardware resources, enabling quick failover and high reliability. Next generation security platforms preserve best-of-breed choice, offer unparalleled performance, five 9s+ of reliability and unmatched linear scalability.
The resulting benefit to enterprises is clear: they can be assured delivery of "clean pipes"—outsourced security services that enable their IT staff to focus on more strategic security initiatives. Carriers benefit by having a security infrastructure that supports thousands of customers in a scalable and flexible manner.
Conclusion:
Enterprises facing complex security requirements with constrained security IT resources will turn to carriers to provide these services. Companies with sensitive data and high uptime requirements will do best to look under the hood of managed security service provider offerings before they sign service contracts. Only forward-looking carriers equipped to deliver this best-of-breed technology from their own networking clouds will be able to truly deliver the security, reliability and competitive fees that enterprises have come to expect.
—End
| Related articles: | ||
| [Dec. 27, 2007] | Fire-Proofing Your Network With UTM | |
| [Dec. 20, 2006] | ISP-Planet Survey: Managed Security Service Providers |
|
ISP-Planet's
RSS feed
Legal Notices, Licensing, Reprints, Permissions, Privacy Policy.
Advertise | Newsletters | Shopping | E-mail Offers | Freelance Jobs 