ISP = Internet Security Provider
India is catching up with the global phenomenon of ISPs offering
security as a service. Security vendors have started looking at ways to team
up with ISPs to penetrate the small business segment. By Kushal Shah
with inefficient IT support, SMEs and SOHOs are continuously struggling to cope
with their IT requirements. Most small businesses do not even have an IT staff
and in turn, have networks that are always welcoming cyberpunks to get hold
of their IT setup. Security is struggling to keep pace with growth in these
companies, primarily due to a lack of budget to maintain IT staff, insufficient
set-ups and inadequate knowledge in handling the simplest IT activities. Most
SMEs or small businesses in particular have their IT managed by third-parties
who charge an annual retainer.
These third-party support engineers might be competent enough
to tackle your network or hardware related problems, but when it comes to dealing
with critical data and security, their strategies and methodologies usually
go for a toss. This happens due to excessive use of pirated products which lack
support from the manufacturer, leaving the system in a compromised state.
Small and Medium Businesses,
the basic need is for perimeter security. This can be provided
by ISPs with the help of basic
anti-virus, anti-spyware and anti-malware solutions"
- Pravir Arora
CA South Asia
Security needs expert support, which does not have to come
at a steep price even though it does provide high value to the business. Security
vendors have found a new way to tap small organizations by partnering with ISPs.
ISPs act as third-party security providers and support end-users. With their
help, organizations can at least safeguard their computers from Internet threats.
For Small and Medium Businesses, the basic need is for perimeter security.
This can be provided by ISPs with the help of basic anti-virus, anti-spyware
and anti-malware solutions, says Pravir Arora, Director Channels, CA,
Securing the Internet
The Internet is one of the primary means of communication
and platform for business activities in organizations irrespective of their
size. People rely on the Internet for their day-to-day activities. Broadband
penetration is also growing in the country. With this, threats have also increased.
The increasing fear of Web-related threats has alarmed organizations, driving
them to implement more comprehensive and preventive security solutions. An increasing
number of corporate computer users combined with the ubiquitous knowledge-centric
nature of the Internet has been a cause of concern for organizations over the
issue of maintaining absolute security.
for maximum financial
gain, Web threats cause businesses
and consumers to be exposed to
information leakage, business interruptions and thefts, more so than ever
- Niraj Kaushik
Country Head (India & SAARC), Trend Micro
Engineered for maximum financial gain, Web threats cause
businesses and consumers to be exposed to information leakage, business interruptions
and thefts, more so than ever before, says Niraj Kaushik, Country Head
(India & SAARC), Trend Micro. He explains that these evolving and highly
potent threats enter a companys network silently, in real-time, posing
an immediate danger to the organizations data, productivity, corporate
reputation, and even revenues. It is a challenge to identify and mitigate such
threats. In order to deal with this issue, where the customer is way too ignorant
about the consequences, security vendors have begun providing security as a
service to secure small organizations with a minimum of human intervention.
ISPs can play a big role in safeguarding organizations by helping them with
certain basic needs. There are various models for this activity that are currently
being adopted both by ISPs and security vendors across the globe. The trend
is quickly catching up in the Indian market as well due to growing broadband
penetration and an increasing number of Internet-based attacks.
With the help of ISPs, one can get Internet security, either through the client
solutions offered by an ISP or by automatic content filtering on their part
or by other means. Such value-added security offerings from ISPs are giving
them an added advantage; they boost consumer confidence by reducing the fear
of your PC being infected by viruses, spyware, or of you ending up as a victim
of ID theft. It also helps in creating the image of a secure ISP,
which in turn successfully attracts new and retains existing customers. Security
vendors are also able to reduce support costs as ISPs take a large number of
calls related to spyware and virus attacks. This apart, they are able to penetrate
this segment, something that they find tough to do otherwise.
Kaushik points out an added advantageISPs can minimize malware-related
support costs. Call centre and support technicians can see diagnostic results
remotely and identify vulnerabilitieswhether PCs have anti-virus or anti-spyware
software installed. These benefits are particularly significant for organizations
with large customer or user bases, such as universities, banks and government
Global trend now in India
The concept of security vendors partnering with an ISP is already an established
model in the American market, but security as a service is still in a nascent
stage in India. Almost all vendors have their ISP partnerships defined in the
global market. In India, they have partnered with some ISPs and many are in
the process of scaling up this approach.
F-Secure has been one of the earliest adopters of the security as a service
model. The company has constantly partnered with global ISPs and has tied up
with VSNL and Reliance Communications in India. F-Secure solutions are a part
of the software bundle that accompanies the starter kit from VSNL broadband.
We aim to make the Internet a safe place for people, their data, and applications
and for e-commerce, says Kimmo Alkio, President & CEO, F-Secure. This
benefits users and helps reduce churn for service providers. For ISPs, these
benefits are evidently tangible. The company is currently increasing its ISP
business at the rate of 35 percent annually.
One of the common ways of providing such services is by nominating a security
vendor as a preferred one or by offering a free bundle of software to users,
which can be further managed by the ISP. This enables the cost of the security
service to be bundled as part of the monthly subscription fee charged by the
ISP, which a customer does not mind since his organization benefits by coming
under the ISPs security umbrella.
Apart from this, ISPs also have other options for SMBs, wherein
they provide secured Internet as a value-added feature, and the customer does
not need to run any application on his machine. The ISPs network takes
care of perimeter level security in such cases. S R Kannan, Head, Security Services,
Enterprise Solutions, Sify says, We provide a solution called CleanConnect
with the help of a UTM vendor like Fortinet. It includes all the basic security
features as a basic bundle. We charge about 15 percent more on the monthly subscription
for this value-added service to the customer. It is turning out to be a good
had partnered with Satyam and were looking at a model wherein broadband
providers also offer security solutions. At that time we got mixed reactions
from customers. Some people took to the solution, while others did not"
- Kartik Shahani
Globally successful in this domain, McAfee tested this model
in the Indian market at a time when broadband was in its early days. About two-three
years back they partnered with Satyam for their ISP business which did not work
out well due to lack of customer support and an inadequate model. Kartik Shahani,
Regional Director, McAfee, elaborates, We had partnered with Satyam and
were looking at a model wherein broadband providers also offer security solutions.
At that time we got mixed reactions from customers. Some people took to the
solution, while others did not, even if the solution was for free. The following
year, we started charging for the same according to the deal and thats
when most people stopped subscribing. With growing penetration of broadband
in India, McAfee is set to reinitiate talks with ISPs since it is a lucrative
market. Even lay people have started realizing the need for Internet security
since they are continuously executing online transactions such as e-banking
Trend Micro is also looking for active partnerships with ISPs. Currently it
is a preferred vendor for Tata Indicom home users.
Being a relatively new concept in the Indian market, there
are many issues associated with both ISPs and security vendors. Most are struggling
to fine tune their business models. Issues such as whether to make these solutions
freely available or bundle it along with a package or provide it through the
ISP network need to be addressed. Apart from this, ISPs need to get their pricing
right if they are to sustain the value-added service approach. They are unsure
of whether to charge per user or per MB or in some other way. Things can go
against both the ISP and the security provider if they overcharge for the service
since it will increase the churn rate as this model picks up the pace. If they
undercharge, they will suffer in terms of revenues. Security vendors are calculating
the licensing policies for ISPs. They are not sure how licensing should be done.
In an ideal scenario, licenses will be borne by the ISP since a customer can
opt out of the service anytime and in that case transferring licenses becomes
Nevertheless, if one overlooks the hiccups, end-customers
(read small organizations) will surely get security for their machines without
having to spend on IT staff. This new concept will definitely evolve with the
growth of the Internet in India, in the near future. The race has just begun.