Securing access to networks, clouds and applications is becoming more complex than ever, exacerbated by the growth of number of accounts, APIs, applications and end-points, driven to some degree by adoption of connected solutions, including Internet of Things implementations for everything from asset tracking and management, to physical security and factory automation.
Layer mobility and the rise in using contractors to enhance full time employee resources against a growing threat landscape, and enterprise CISOs, working with leaders of IT and with a mandate to control expenses from their CFO counterparts, and we see clear value propositions when it comes to managed security service offerings.
Too many companies are vulnerable to cyber-attacks, with 43 percent of enterprises polled by security company Radware reporting in a Wireless Week article that they can’t handle an attack that lasts just 24 hours.
Securing corporate assets and keeping communications networks running in real time is made stronger through the use of encryption and other techniques but managing keys and ensuring password strength can be time consuming and expensive for enterprises to manage by themselves, including the cost and other resources associated with hiring, training, managing and monitoring technicians and administrators.
Given the investment in Network Function Virtualization CSPs have already made in preparing for an even more hyper-connected world, adding managed security services into their offerings is easier than ever, when working with the right partner.
Bringing those to their existing customer base to deepen relationships or marketing those services to become more competitive and to attract new customers is a natural, especially when those services can be offered globally, and can be offered as modules and added onto over time, is a clear path to sticky, high margin services that fit perfectly with lower-margin and more commoditized bandwidth sales.
When an enterprise under stress based on massive attacks which bring major revenue, reputational and now regulatory consequences with tighter laws including GDPR and more can hold a service provider accountable with Service Level Agreements, why wouldn’t they opt for “carrier grade security” particularly given the increasing complexity with multi-cloud architectures, more applications, including mobile applications, and growth of IoT for productivity and asset optimization?
These enterprises, as well as small and medium businesses, government agencies and other organizations have valuable personal information that hackers want, and it is harder and more important than ever to defend their systems from intentional or unintentional attacks and data loss.
Most are struggling to increase operating margins with low single digit revenue growth over the last decade as CSPs are losing traditional voice revenues, and messaging revenues to new challengers. CSP strategists and product developers are working night and day on moving up the stack to more software and cloud-based services, knowing then cannot rely on basic services to drive growth and sustain margins.
The growth in cyber-attacks offers enterprises an ability to leverage solutions from suppliers they already trust operating network services for them, and a clear opportunity for carriers to expand their services by protecting against DDoS and encrypted attacks, and protecting from the more subtle but high risk attacks from inside the organization (which are rising to nearly half of all attacks, yes those orchestrated by employees or contractors with access to not only the network but to data and information, applications and services).
Additionally, CSPs themselves are putting more and more security into place for their own networks and are developing expertise “in-house” that can be, with the right strategy, converted from a “cost” to an “asset” when security is extended elegantly from the core to the edge to the endpoints.
Many CSPs have already begun offering this type of service and have seen high demand.
In fact, managed security services are expected to grow at an annual rate of 14.5% for the next four years, reaching more than $45 billion by 2022. Why? Because more companies are moving towards and adopting steadily the model of security as a utility. As enterprises shift IT infrastructure from capex to opex-based spending, CSPs can increase their offerings and accelerate revenues through value-added security for all the reasons listed above.
One stunning example of the contribution of managed security services is illustrated by Level 3 Communications, a global communication provider serving enterprises, government, and other carriers, who reported in its Q1 2017 earnings that overall corporate revenue was flat, while managed security revenue grew 9.1 percent.
Of course, CSPs need to choose the right partners who can help with proven, scalable solutions they can deliver within their existing architectures, with competitive prices and high margins, as well as the right engineering and platform support.
They can get to market quickly by white labeling existing, proven services, like Single Connect from Kron. This is less risky than trying to build from scratch and requires little or no upfront capital. This is the least risky of the options and requires no upfront capital. While the CSP focuses on packaging, promotion, sales and service, Kron ensures product quality including a robust roadmap as the threat landscape inevitably changes.
From threat to opportunity – in weeks or months, not years, Kron is bringing CSPs the managed security service offerings that build revenue, deepen customer relationships, and improve their own infrastructure, which is a new “triple play” that’s hard to beat.
Author: Onur Semih Sevim