Ezine

This article can also be found in the Premium Editorial Download "Information Security magazine: How to stop data leakage."

Download it now to read this article plus other related content.

AT&T, meanwhile, says it can trim 30 to 50 percent off the total cost of ownership of a security infrastructure.

"The biggest advantage to doing [security] in the cloud is that you remove attacks from bandwidth," Pescatore says. "If I pay for a T1 line, and 700 kilobits per second [of traffic] are worms and viruses scanning my network, I might consider buying another T1 because I need more bandwidth. If that noise gets filtered at the cloud, I might not have to buy another T1." T1 lines can cost up to $1,500 a month, which includes carrier and ISP fees. "You're looking at real big numbers," Pescatore says. "If you're looking at some of the big T3s, how many megabits per second are they logging for no reason? Think about the amount of spam before filtering became popular--hitting hard drives and requiring more storage."

The numbers are compelling, but they're not the clincher in this kind of decision. A company needs to consider how its network architecture is constructed, how it connects to the Internet and what kind of trust relationship an enterprise has with a network service provider.

A Forrester Research paper points out that security managers are usually unwilling to give up control over part of their infrastructure, but should to realize that providers already carry company's sensitive data and are responsible for how they connect to and present themselves on the Internet. Internally, there has to be a determination in

    Requires Free Membership to View

an SLA what a carrier, for example, would be responsible for blocking and what a company would secure.

That would force security and network teams to examine how a company connects to the Net. Companies with many locations may use multiple service providers. If some security functions are transferred to a carrier, the carrier becomes responsible for that risk, Forrester says. A company would then have to make decisions on who would provide connections to the Internet and where, what kind of traffic is carried via those connections and what security services would be required for the different connections.

Up In the Air
Ken Emerson, CIO of Boiling Springs Bank, a 14-branch regional financial services provider in New Jersey, says his organization's investment in cloud services (IDS management, spam filtering) from Perimeter Internetworking helps keep its business model viable. Perimeter sells managed network security services and acts as a utility between a customer and its carrier or ISP. Traffic is routed through Perimeter via a point-to-point switch or frame relay VPN, cleansed and then routed back to the customer.

"If ISPs don't take care of this themselves, you're going to see a reduction in online activities," Emerson says. "The business model won't work, and people won't invest in it unless we have a cleansing of the Internet at the level of those who provide access to it--it's incumbent upon ISPs and carriers to do so."

AT&T's Amoroso says the challenge with security managers is not only overcoming those reticent to give up control of all or part of their security operations to a carrier, but fighting long-standing infrastructure investments.

"The only thing standing in the way would be inertia, meaning, 'I'm set now; this would be a change. Even if it's cheaper, it would be a change,'" Amoroso says. "The issue in the industry is that there are an awful lot of companies that are not happy about the message that we are proposing. It's been a very lucrative market for so long to sell IDS and IPS. Then Ed comes along and says, 'Hey, this functionality really can be embedded in the carrier infrastructure.' Naturally that's not going to make everyone happy."

This was first published in January 2006

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: