"The biggest advantage to doing [security] in the cloud is that you remove attacks from bandwidth," Pescatore says. "If I pay for a T1 line, and 700 kilobits per second [of traffic] are worms and viruses scanning my network, I might consider buying another T1 because I need more bandwidth. If that noise gets filtered at the cloud, I might not have to buy another T1." T1 lines can cost up to $1,500 a month, which includes carrier and ISP fees. "You're looking at real big numbers," Pescatore says. "If you're looking at some of the big T3s, how many megabits per second are they logging for no reason? Think about the amount of spam before filtering became popular--hitting hard drives and requiring more storage."

The numbers are compelling, but they're not the clincher in this kind of decision. A company needs to consider how its network architecture is constructed, how it connects to the Internet and what kind of trust relationship an enterprise has with a network service provider.

A Forrester Research paper points out that security managers are usually unwilling to give up control over part of their infrastructure, but should to realize that providers already carry company's sensitive data and are responsible for how they connect to and present themselves on the Internet. Internally, there has to be a determination in an SLA what a carrier, for example, would be responsible for blocking and what a company would secure.

That would force security and network teams to examine how a company connects to the Net. Companies with many locations may use multiple service providers. If some security functions are transferred to a carrier, the carrier becomes responsible for that risk, Forrester ...

Up In the Air
Ken Emerson, CIO of Boiling Springs Bank, a 14-branch regional financial services provider in New Jersey, says his organization's investment in cloud services (IDS management, spam filtering) from Perimeter Internetworking helps keep its business model viable. Perimeter sells managed network security services and acts as a utility between a customer and its carrier or ISP. Traffic is routed through Perimeter via a point-to-point switch or frame relay VPN, cleansed and then routed back to the customer.

"If ISPs don't take care of this themselves, you're going to see a reduction in online activities," Emerson says. "The business model won't work, and people won't invest in it unless we have a cleansing of the Internet at the level of those who provide access to it--it's incumbent upon ISPs and carriers to do so."

AT&T's Amoroso says the challenge with security managers is not only overcoming those reticent to give up control of all or part of their security operations to a carrier, but fighting long-standing infrastructure investments.

"The only thing standing in the way would be inertia, meaning, 'I'm set now; this would be a change. Even if it's cheaper, it would be a change,'" Amoroso says. "The issue in the industry is that there are an awful lot of companies that are not happy about the message that we are proposing. It's been a very lucrative market for so long to sell IDS and IPS. Then Ed comes along and says, 'Hey, this functionality really can be embedded in the carrier infrastructure.' Naturally that's not going to make everyone happy."

< PREV PAGE   |   1  |   2  |   3  |   4  |   5  |   NEXT PAGE  >