Secure in someone else’s knowledge

31 Jul 2003

There are many reasons why a company should consider outsourcing its telecommunications activities to a specialist, but one area that should not be overlooked is security. Often it is possible for a managed services provider to offer levels of security that the client simply cannot afford or have the inhouse skills to deliver.

“We talk about managed services. We talk about solutions that customers would purchase from us and that we would install on their behalf and that then would be managed by the customer, by us or by a combination of both,” says Conall Lavery of Entropy. “The benefits to the client would be that if they are working with a service provider that understands security very well, the chances that they get good service increases and they have access to current skills, a wider range of more current knowledge and so on. Security is all about weaknesses, but if a company picks the right supplier and has the right service level it couldn’t be better.”

However, Lavery points out that if the company providing the managed service isn’t very good, the client might not be better off. “In fact, you might be in an even worse situation. If your own people are managing the telecoms network their jobs are potentially on the line. If it’s an outsourced service provider, if anything goes wrong it’s just another contract loss. And they might not have the same level of skills,” he says.

According to Lavery, the security of a network is inversely proportional to the number of people involved in managing the infrastructure or who have access to it. “You can tie things down somewhat with service level agreements (SLAs). The challenge is similar to that in the network provision space. In the past SLAs were based around technical documents. Now, however, they are based on business factors such as uptime, latency time and so on. It is possible to take the same approach to security, for instance, specifying response time to known vulnerabilities and a patching policy.

“I remember when telcos provided bandwidth and that was it,” he goes on. “When they started offering additional services they were criticised for going outside their natural space. They certainly are more focused on security than they were before. They are partnering with other companies that can provide security and that is potentially a much better solution.”

Eircom takes the security of its clients’ networks seriously. “We achieve security by both physical and logical means,” says Fintan Lawler, director of ISP (internet service provider) hosting and managed services at Eircom. “All our buildings are covered by multiple security guards and the buildings themselves are bulletproof with trenches dug around each one. We use biometrics to regulate access so that only certain people can access key parts of the building. We also have a series of firewalls. As an ISP we are constantly under attack so we are used to developing security for clients.”

Meanwhile, Esat BT is actively looking at developing security products for the Irish marketplace. “We’ve recently been looking at launching security offerings,” says Gary Cobain, general manager solutions at Esat BT. “One of the things we offer in the UK and that we are looking at for here is a suite of security services that will be hosted services for customers. So if someone wants a virus scanner, we can offer it on a shared basis. Or if an SME [small to medium-sized enterprise] doesn’t want to buy a high-end firewall, it can set up things so that people get access to its networks via ours.”

According to Cobain, BT in the UK offers a range of firewall options and mail sweeper products as part of an overall security catalogue. “For the SME market it’s all about how we get it down to a price point. We had phenomenal take up when we launched in the UK so we need to see how we can get the same results here,” he says.

By David Stewart