Trend

ISP = Internet ‘Security’ Provider

India is catching up with the global phenomenon of ISPs offering security as a service. Security vendors have started looking at ways to team up with ISPs to penetrate the small business segment. By Kushal Shah

Equipped with inefficient IT support, SMEs and SOHOs are continuously struggling to cope with their IT requirements. Most small businesses do not even have an IT staff and in turn, have networks that are always welcoming cyberpunks to get hold of their IT setup. Security is struggling to keep pace with growth in these companies, primarily due to a lack of budget to maintain IT staff, insufficient set-ups and inadequate knowledge in handling the simplest IT activities. Most SMEs or small businesses in particular have their IT managed by third-parties who charge an annual retainer.

These third-party support engineers might be competent enough to tackle your network or hardware related problems, but when it comes to dealing with critical data and security, their strategies and methodologies usually go for a toss. This happens due to excessive use of pirated products which lack support from the manufacturer, leaving the system in a compromised state.

Security needs expert support, which does not have to come at a steep price even though it does provide high value to the business. Security vendors have found a new way to tap small organizations by partnering with ISPs. ISPs act as third-party security providers and support end-users. With their help, organizations can at least safeguard their computers from Internet threats. “For Small and Medium Businesses, the basic need is for perimeter security. This can be provided by ISPs with the help of basic anti-virus, anti-spyware and anti-malware solutions,” says Pravir Arora, Director Channels, CA, South Asia.

Securing the Internet

The Internet is one of the primary means of communication and platform for business activities in organizations irrespective of their size. People rely on the Internet for their day-to-day activities. Broadband penetration is also growing in the country. With this, threats have also increased. The increasing fear of Web-related threats has alarmed organizations, driving them to implement more comprehensive and preventive security solutions. An increasing number of corporate computer users combined with the ubiquitous knowledge-centric nature of the Internet has been a cause of concern for organizations over the issue of maintaining absolute security.

“Engineered for maximum financial gain, Web threats cause businesses and consumers to be exposed to information leakage, business interruptions and thefts, more so than ever before,” says Niraj Kaushik, Country Head (India & SAARC), Trend Micro. He explains that these evolving and highly potent threats enter a company’s network silently, in real-time, posing an immediate danger to the organization’s data, productivity, corporate reputation, and even revenues. It is a challenge to identify and mitigate such threats. In order to deal with this issue, where the customer is way too ignorant about the consequences, security vendors have begun providing security as a service to secure small organizations with a minimum of human intervention.

ISPs can play a big role in safeguarding organizations by helping them with certain basic needs. There are various models for this activity that are currently being adopted both by ISPs and security vendors across the globe. The trend is quickly catching up in the Indian market as well due to growing broadband penetration and an increasing number of Internet-based attacks.

With the help of ISPs, one can get Internet security, either through the client solutions offered by an ISP or by automatic content filtering on their part or by other means. Such value-added security offerings from ISPs are giving them an added advantage; they boost consumer confidence by reducing the fear of your PC being infected by viruses, spyware, or of you ending up as a victim of ID theft. It also helps in creating the image of a “secure” ISP, which in turn successfully attracts new and retains existing customers. Security vendors are also able to reduce support costs as ISPs take a large number of calls related to spyware and virus attacks. This apart, they are able to penetrate this segment, something that they find tough to do otherwise.

Kaushik points out an added advantage—ISPs can minimize malware-related support costs. Call centre and support technicians can see diagnostic results remotely and identify vulnerabilities—whether PCs have anti-virus or anti-spyware software installed. These benefits are particularly significant for organizations with large customer or user bases, such as universities, banks and government agencies.

Global trend now in India

The concept of security vendors partnering with an ISP is already an established model in the American market, but security as a service is still in a nascent stage in India. Almost all vendors have their ISP partnerships defined in the global market. In India, they have partnered with some ISPs and many are in the process of scaling up this approach.

F-Secure has been one of the earliest adopters of the security as a service model. The company has constantly partnered with global ISPs and has tied up with VSNL and Reliance Communications in India. F-Secure solutions are a part of the software bundle that accompanies the starter kit from VSNL broadband. “We aim to make the Internet a safe place for people, their data, and applications and for e-commerce,” says Kimmo Alkio, President & CEO, F-Secure. This benefits users and helps reduce churn for service providers. For ISPs, these benefits are evidently tangible. The company is currently increasing its ISP business at the rate of 35 percent annually.

One of the common ways of providing such services is by nominating a security vendor as a preferred one or by offering a free bundle of software to users, which can be further managed by the ISP. This enables the cost of the security service to be bundled as part of the monthly subscription fee charged by the ISP, which a customer does not mind since his organization benefits by coming under the ISP’s security umbrella.

Apart from this, ISPs also have other options for SMBs, wherein they provide secured Internet as a value-added feature, and the customer does not need to run any application on his machine. The ISP’s network takes care of perimeter level security in such cases. S R Kannan, Head, Security Services, Enterprise Solutions, Sify says, “We provide a solution called CleanConnect with the help of a UTM vendor like Fortinet. It includes all the basic security features as a basic bundle. We charge about 15 percent more on the monthly subscription for this value-added service to the customer. It is turning out to be a good model.”

Globally successful in this domain, McAfee tested this model in the Indian market at a time when broadband was in its early days. About two-three years back they partnered with Satyam for their ISP business which did not work out well due to lack of customer support and an inadequate model. Kartik Shahani, Regional Director, McAfee, elaborates, “We had partnered with Satyam and were looking at a model wherein broadband providers also offer security solutions. At that time we got mixed reactions from customers. Some people took to the solution, while others did not, even if the solution was for free. The following year, we started charging for the same according to the deal and that’s when most people stopped subscribing.” With growing penetration of broadband in India, McAfee is set to reinitiate talks with ISPs since it is a lucrative market. Even lay people have started realizing the need for Internet security since they are continuously executing online transactions such as e-banking and e-shopping.

Trend Micro is also looking for active partnerships with ISPs. Currently it is a preferred vendor for Tata Indicom home users.

Issues faced

Being a relatively new concept in the Indian market, there are many issues associated with both ISPs and security vendors. Most are struggling to fine tune their business models. Issues such as whether to make these solutions freely available or bundle it along with a package or provide it through the ISP network need to be addressed. Apart from this, ISPs need to get their pricing right if they are to sustain the value-added service approach. They are unsure of whether to charge per user or per MB or in some other way. Things can go against both the ISP and the security provider if they overcharge for the service since it will increase the churn rate as this model picks up the pace. If they undercharge, they will suffer in terms of revenues. Security vendors are calculating the licensing policies for ISPs. They are not sure how licensing should be done. In an ideal scenario, licenses will be borne by the ISP since a customer can opt out of the service anytime and in that case transferring licenses becomes cumbersome.

Nevertheless, if one overlooks the hiccups, end-customers (read small organizations) will surely get security for their machines without having to spend on IT staff. This new concept will definitely evolve with the growth of the Internet in India, in the near future. The race has just begun.