Is security the cloud’s 'killer app'?

Telecom service providers are on a roll, offering managed services–based security products up and down their customer bases in an increasing variety of styles and flavors.

Indeed, while many still question the viability of so-called “cloud-based” computing, telecom operators are racing headlong into at least one cloud opportunity: delivering a wide array of security capabilities as a service, from e-mail filtering to network threat detection and more.

In many ways, the security opportunity is self-fulfilling. Cloud computing itself offers unique security challenges – users are accessing resources from a wider range of sources, and centralized computing architectures give hackers much more high-profile targets to attack. A recent Gartner Research study counted seven cloud computing risks enterprises should watch for, from securing remote users to tracking the spread of mission-critical data beyond a company’s four walls. So securing cloud computing has become an important cloud service in and of itself.

Yet at the same time, offering security capabilities as a managed service that the telco, rather than the enterprise or small business, must manage itself has become a boom business in its own right. AT&T today launched new e-mail security services with partner McAfee. Verizon launched its own service with McAfee recently as well, part of a large effort by that carrier to deliver cloud-based security services.

While simple e-mail, spam and virus protection services – for both SMBs and large enterprises – are a slam-dunk managed services offering, more sophisticated managed security services are emerging, as well. For instance, vendor Arbor Networks is helping its service provider customers offer threat detection as a service, leveraging its ability to scrutinize the traffic running over carrier networks for threat patterns that typical security solutions miss.

Three key trends stand out that are helping to make managed security services such a big success:

1. Mission-critical requirement. There’s nothing “optional” about security, which helps carriers offering these new services get in the door and start the managed security services discussion with existing network customers.
2. Security is complex and ever-changing. It’s difficult for resource-strapped IT shops – not to mention small businesses – to keep up with ever-changing security threats. The virus signature subscription services of off-the-shelf anti-virus software may have been the first managed security service; today’s truly network-based security services are an evolution down that same path.
3. Real security is multi-layered. Hackers won’t try just one way onto a customer network, so cloud-based security offerings that start with simple firewall or anti-virus products and then can scale into more sophisticated offerings are a perfect upsell path for telco cloud security suites.

All of which combine to position security as the cloud’s first killer application – one that can be easily sold and readily added from the network services that telcos already provide business users.