increasing revenue through information protection...

ExEcutivE REpoRt: coMMuNicAtioN SERvicE pRoviDERS

Increasing revenue through information protection services

Selling new cloud and mobile services with confidence

Introduction

About this report

Profit from new revenue opportunities

Meet customer demand

Build trust and confidence in the cloud

Managed M2M connectivity

Bring the right decision makers together

Meet market demand

Meet business objectives

Conclusion

The right partner for information protection

References

1

2

3

3

4

6

8

9

10

11

12

12

12

Contents


1

The communications industry is undergoing a major

transformation. The traditional voice market has

flattened and is now in decline. Communication Service

Providers (CSPs) are experiencing increased competition

from other Telcos, and new Over the Top (OTT) players

and web-based providers are entering the market. As the

latter are using existing CSP network resources to offer

price-attractive service offerings, this opens up a complex

new battleground for customers and revenue.

The convergence of IT and network operations is driving

the implementation of an all-IP communications

network that promises huge cost savings. As a result,

investments in service-enabling initiatives for cloud,

mobile, machine to machine (M2M) and content delivery

are becoming a priority.


Protecting infrastructure and information assets as well

as the customer experience is of high importance.

Security is a key concern to customers and is integral to

priority investments around cloud, mobile and M2M.

This is further complicated as the threat landscape is

changing to include mobile devices, putting Android,

Windows Mobile, and even iOS devices at increased

risk. This trend looks set to continue as enterprises are

introducing mobile technology for business purposes and

supporting BYOD (Bring Your Own Device) programmes.

The shift from securing the perimeter to protecting an

organisation’s information is becoming harder for CSPs,

due to three trends:

• The volume of data is growing exponentially.

• Information has gone beyond IT data centers and PCs

to the need for access from any device in any location

and the cloud.

• The value of a company has changed from physical

assets to how it uses information.

CSPs already have experience in protecting and managing

internal IT information. This gives them a great advantage

as their customers, including enterprises, SMBs, and

consumers, are experiencing the same challenges with

information protection but most don’t have the resources

to deal with them. This presents a huge opportunity

for CSPs to monetise skills and investments to provide

information protection services to their customer base and

target markets, turning information protection from a

pure internal cost and risk perspective into an

opportunity for growth.

In addition, CSPs can position themselves as cloud

services brokers (CSB) or aggregators for security and

information protection services. They can protect

customers accessing public cloud services over

the Internet in an innovative way, via both fixed

and mobile networks.

2

Introduction

About this report

this report supports cSps exploring innovative information

protection offerings that they can successfully sell to their

existing customers and target markets. it addresses the

important business challenges faced by key stakeholders

and provides recommendations based on Symantec’s

experiences of working with cSps worldwide.

the report utilises Symantec research, analyst

commissioned research, and Symantec’s breadth of

knowledge and experience within this industry to provide

in-depth analysis of both business opportunities and risk.

Profit from new revenue opportunities

Existing relationships with large consumers, SMBs and

the enterprise customer base offer cSps another key

differentiator against competitors. the potential to

seamlessly grow from consumer services into SMB or

even enterprise solutions shouldn’t be underestimated.

cSps are running huge service delivery platforms, billing

systems and customer care centres which can be optimised

for new types of services. they also have a reputation for

guaranteeing strong service level agreements (SLAs) in

their core communications business; therefore customers

perceive cSps as very trustworthy. if they are able to

manage similarly strong SLAs in trust and security

for cloud and mobile services, then they are in a great

position to succeed in the new world of services.

Develop a services roadmap and catalogue

unlike their competitors, cSps can develop a straightforward

information protection and management roadmap: starting

from core network competencies then leveraging all other

differentiating assets and moving up the service stack.

So, they are in a superb position to create huge upsell

opportunities for their sales operations.

this roadmap should include details on how cSps can

offer and manage:

• Communication networks (pipes).

• Performance and availability of the pipes.

• Security of the pipes (clean pipes).

• Policy-based network security and management services.

(cSps are in a unique position to provide highly scalable,

network-based and device-independent security by

analysing network traffic.)

• Endpoint management, application management and

protection services for connected servers, pcs, tablets,

and smartphones.

• Strong user authentication and encryption services.

• Backup and archiving services of network-connected

systems.

• Storage and disaster recovery services.

• Personal cloud and secure file sharing services.

3

Stakeholders Business Challenges Risks

cMo/product Management

Sales Management

cto/technical Architects

cFo/Finance department

Brand reputation, customer satisfaction and churn, delivering innovative services that sales can successfully sell

New business generation, increased ARpu

Build and maintain service portfolio

total cost of ownership, return on investment

competitive differentiation, services roadmap, time-to-market

upsell opportunities from existing core business products, sales enablement and succussfully selling new it related services

integration into existing infrastructure, vendor complexity, agility and flexibility, achieving planned SLAs

upfront investments, sales forecasts, payment models

and cash flow


4

3

Swisscom it Services and Slovak telekom (part of Deutsche

telekom AG) experienced significant network resource

savings and reduced costs for their customer care centres as

the result of their clean pipe solution. Swisscom’s cpu server

performance increased by 50%, allowing the organisation

to reduce its messaging transfer server infrastructure by

half. the help desk administration effort required to resolve

related customer cases also decreased ten-fold.

Meet customer demand

there is increasing evidence that many customers, from

consumers, small home offices and SMBs, up to large

enterprises would rather buy into an information protection

roadmap and purchase cloud and mobile services from

cSps, than try to solve the challenges by themselves.

Companies of all sizes are suffering from

targeted attacks

As security attacks become more sophisticated, many

organisations are experiencing significant difficulties

dealing with the resources, time and money required to

maintain effective security architecture. in particular, SMBs

are presenting as a core target market for cSps as they

are suffering the most due to limited resources. Symantec

research found that out of 26,000 targeted attacks in 2011,

almost half were aimed at SMBs and 18% of the companies

targeted had 250 or fewer employees1.

this presents an opportunity to offer managed security

services and cloud-based security to this market to help

mitigate these risks.

• IT compliance and data loss prevention services.

• Cloud Brokerage Services for Information Protection.

• Secure M2M connectivity services for vertical markets.

cSps who partner with just one or a limited number of

vendors to develop such a roadmap for their customers

will benefit significantly from technical and contractual

simplicity and faster time to market.

Optimise networks before adding services

An existing network is an important advantage for

generating top line business. But as traffic is increasing,

often through ott players and third-party content

providers, it becomes more difficult to manage

network resources properly. cSps are constantly being

pressurised to increase network bandwidth in order to

satisfy customers, which ultimately reduces profitability.

Another area of concern is the level of unsolicited and

malicious traffic, much of which is caused by botnets.

cSps that neglect solving this problem risk:

• Unsatisfied customers and higher churn.

• Bad brand reputation through blacklisting.

• Higher total cost of ownership of the network

infrastructure and customer care centres.

• Poor foundation for revenue generating services.

cSps are strongly advised to optimise networks using a

‘clean pipe’ strategy. traffic management projects, using

Deep packet inspection (Dpi), can be easily complemented

by network-based security policy management, which will

significantly reduce malicious and unsolicited traffic. the

impact will be a further gain in networking resources in

inbound and outbound data streams and an increase in the

messaging reputation. the gains in bandwidth and server

resources can be invested in new value-added services for

customers, thereby increasing revenue.

4

Organisations of all sizes at risk of targeted attacks

13,428

1501-25001001-1500

501-1000

250-500

<250 18%

13,518

2,500+


Source: Symantec Internet Security Threat Report 17, 2012

Mobile computing risks are increasing

Symantec research found that 2011 was the first year

that mobile malware presented a tangible threat to

businesses and consumers1. For years, attackers focused

on Windows pcs because the widespread prevalence of

the platform meant the return on investment was greater.

However, in 2012, the attentions of the attackers shifted

towards Windows Mobile, Android, and even ioS devices.

Businesses are aware of these risks and when a Symantec

survey asked it to rate the risk associated with 10

common computing initiatives, 41% of the respondents

placed mobile computing within their top 3 risks2. As a

result, protecting information and devices is becoming a

key market consideration.

Enterprises already purchase mobile security from

Telco suppliers

Symantec research found that enterprises already

purchase or plan to purchase security safeguards from

telco Service providers2.

From whom do you currently purchase

security safeguards?

the network-centric information protection approach

gives cSps unique opportunities to offer highly scalable

services for enterprises and consumers which can include

parental controls, corporate controls, personal screening,

mobile security and data retention.

SMBs struggling with data protection and

disaster recovery

Symantec research discovered that many SMB

customers are at risk when it comes to disaster recovery3.

Although good backup technology is available, SMBs

often don’t have the right personnel and processes in

place to manage the volume of data within their

existing infrastructures.

As a result, there is an excellent opportunity to support

SMBs (and larger enterprises) with information

protection and disaster recovery services.

5

Software vendor 48%

Our Telco service provider 52% Source: Symantec SMB Disaster Preparedness Survey, 2011

Source: Symantec State of Mobility Survey, June 2012


6

<50%back up data weekly or more frequently

Only

23%back up daily

31% don’t back up email

21% don’t back up

application data

17% don’t back up

customer data

In a disaster

44% wouldlose at least

40% oftheir data

5

Build trust and confidence in the cloud

the cloud holds significant potential for cSps to

deliver innovative information protection services that

are perceived as trusted and available. However, this

marketplace is growing rapidly and looks set to become a

battlefield. there is also still some resistance to the cloud

from companies who fear the loss of intellectual property,

customer data, reputation, malicious activity and

outages. A 2011 Symantec survey found that security is

still the number one concern for enterprises moving parts

of their it into the cloud4. it showed organisations are

conflicted about security – 88 percent believed the cloud

would not impact on and could even improve security

postures, while still rating security as their major concern

on moving to the cloud.

to succeed, cSps need to provide superior cloud

services that are more trusted than those

offered by the current generation of

ott players and other web-based

cloud providers. product Managers

within cSps need to address security and

regulatory requirements, providing customer

driven and service-appropriate security across multiple

deployment methods, while guaranteeing highest

performance and SLAs.

the guidance by the cloud Security Alliance (cSA)

provides an excellent starting point. cSps can

differentiate themselves by designing cSA controls

(policies, procedures and processes for 14 defined

security domains) into their cloud architectures. they

should also ensure any third-party cloud service partners

implement these controls.

in addition, with the adoption of the 4G mobile

technology LtE, which is based on the all-ip

protocol, cSps should integrate ipsec protocols for

secure connectivity.

6


“Everything depends on how you secure

your data. If there’s no security, there’s no

point in going for the new technology.”

– CTO of a small technology company

Develop cloud and mobile business models

cSps should analyse various deployment options for

their cloud service offerings. the right choice will depend

on target markets and size, competitor offerings,

time-to-market requirements, cloud partner ecosystems,

and their own it service delivery skills.

Resell existing services from trusted cloud partners

cSps without extensive it and cloud services experiences,

or for whom time-to-market is critical, should partner with

established cloud providers to resell information protection

services. cSps need to select a cloud partner that supports

the security guidelines and best practices of the cSA and

provides the most suitable SLAs for their business

models. Availability, security efficiency,

delay times, service and support, as well

as transparency of the service, are

important considerations in the

selection process. cSps should have

the option to resell these services

under their own brand, co-branded, or marketed completely

under the partner’s brand.

Build cloud services

cSps with advanced it services skills are able to build cloud

services that they can adjust to the special needs of their

customers: for example, regulatory requirements in certain

countries or vertical industries can be exactly addressed.

this deployment model provides more flexibility and margins

can be higher. Following the ‘Security by Design’ principals

from the cSA, security and availability controls should be

embedded into cloud architecture from the beginning.

Prepare for the future above the cloud

the recent beta phase of a new Symantec cloud

security brokerage solution demonstrated that cSps

are keen to offer security for cloud services ‘above

the cloud’. their network-centric position between

enterprises and third-party cloud providers allows

them to act as cloud service aggregators and cloud

brokers for policy-based security management. in this

expanded role as an ecosystem manager, cSps can

ensure enterprises migrating to the cloud can maintain

the same risk posture; enabling them to extend

their internal information protection policies to data

migrated to the cloud.

there is a great opportunity to enrich the customer

experience and assist compliance with data protection

regulations and internal it security policies. this is

especially important, as public cloud services are often

not transparent about security implementations.

7

Access control Information protection Cloud visibility Control Security Compliance

Private cloud


“Our goal is by 2014 everything should

be in the cloud.”

– CTO of a small technology company

Extend on-premise customer environments

via cloud

cSps can use this as a migration step for customers

moving gradually into the cloud while leveraging

existing on-site investments. on-premise security

software can be managed via cloud-based

management portals hosted by the cSp. on-premise

backup and archiving solutions can automatically

back up the data into the cloud-based data centers

of the cSp, where skilled personal and certified

processes will guarantee high availability and disaster

recovery SLAs.

8

A new security layer above the clouds

To embrace the cloud with confidence

Cloud Services of all kinds

CSP Business Customers

CSPInformationProtectionBrokerage

Service

7

Managed M2M connectivity

Although M2M has been available for many years, it has

recently become an investment priority for providers.

As cSps migrate from pure connectivity via managed

connectivity towards multiple forms of complete service

enablement, different models in the M2M value chain

have been developed. Most providers are focusing on

vertical markets such as Smart Metering or mHealth,

which are highly security sensitive.

Driven by scalability requirements, public Key

infrastructure (pKi) solutions are experiencing a

renaissance within M2M security as they ensure that only

trusted devices are communicating and also guarantee

authenticated firmware updates. For example, the German

Federal office for information Security (BSi) mandates pKi

as the security measure for authentication and encryption

in smart meter gateways for the German market5.

Few cSps can justify running a secure, large-scale pKi

infrastructure for their customers. partnering with

managed pKi providers that perform all these security

processes on their behalf will allow cSps to quickly

enhance the value of M2M service offerings

to vertical markets with securely managed

connectivity requirements.

Information Protection Services opportunities

8

Source: Symantec sponsored GDS International NGT Summit 2012 – Investment Priorities of leading European CSPs

Investment 2012: Business Strategy Services / Technology Currently Sought – Less than 12 Months

Cloud Mobile Cloud Brokerage

M2M

Information Protection Services

Strong Convergence


Billing (C

onverged & Real Tim

e)

Broadband Infra

structure BSS

Business

Transform

ation

Carrier E

thernet

Charging & Policy M

anagement

Cloud Computing Softw

are

Complex Programmes & M

anaging Risk

Customer C

are & CRM/CEM

Customer L

oyalty/C

hurn Management

Data Center Optim

isatio

n

Location-base

d Services

LTE/4G

Machine to M

achine

Mobile Backhaul

Mobile M

arketing

Mobile Value Added Services

Mobile W

orkforce Management

Network M

anagement & Optim

isatio

n

Network Perfo

rmance M

anagementOSS

Outsourcing/M

anaged Services

Security (N

etwork, C

ustomer, M

obile)

Smart Card & Contactle

ss Te

chnology

Subscriber D

ata Analytics

Test

& Measu

rement

Video-based Services

Wireless

Infrastr

ucture

Real Tim

e Business

Intelligence-Event P

rocessing

Network Power/E

nergy Storage & Management

504540353025201510

50

Num

ber

of D

eleg

ates

Investment Priorities

Cloud MobileVAS

SecurityVideo based

servicesLTE M2M

• CSP Product Management and Marketing:

Do i have the right roadmap of information services?

• CSP Sales Management:

can i sell these services to my target markets?

Are there easy upsell opportunities from one

service to another?

• CSP Technical Architect:

can i build, integrate and maintain these services under

SLA considerations?

• CSP Finance:

What are my upfront investments for sourcing the

appropriate building blocks? What is my financial risk?

can i generate revenue? Do these services fit with the

paying models of my enterprise and consumer customers?

this model is a useful tool for maximising the industrialisation

potential of different service offerings and ensuring

business processes are aligned.

9

Bring the right decision makers together

Successfully selling new services requires good planning

and a common direction for all major stakeholders.

Bringing the right stakeholders to the table early enough,

to discuss and agree on service abstraction layers,

deployment models and the service target segments

with specific go-to-market strategies, is as important as

the industrialisation of the service offerings is critical to

achieving profitability.

Symantec has developed a ‘cube’ model that acts as a

framework to support cSps in analysing, architecting

and deploying information protection services. As a

result, the stakeholder groups will better understand the

service strategies, business and technical requirements

and financial models which can be tailored to the paying

cycles of the cSp’s customers. the framework also helps

to answer the following important questions:


publicHybridcommunityvirtual private

private

portalsWeb Servicescommunication Services

End user ServicesSystems Management

MonitoringSecurityAvailability

NetworkpowercomputeStorage

SaaS

paaS

iaaS

Archiving as

a Service

Storage as

a Service

Virtual

Desktop

Backup as

a Service

Security as

a Service

?

Distributor

Enterprise

SMB

consumer

10

The Cube

Framework for services

9

Meet market demand

Symantec has worked with analysts including Gartner

and iDc to analyse the demand for information protection

services. the diagram above exemplarily illustrates the

attractiveness of the market for five services. Analysts

expect a cAGR (compound Aggregate Growth Rate) of

30% or more for some of the information protection

solutions delivered as services.

cSps have an advantage against prior established

system integrators and traditional outsources. By using

the existing consumer subscriber base and by offering

services such as personal clouds and secure content

management that grow seamlessly from consumer needs

into enterprise requirements, these opportunities can be

leveraged further.

Exploit and optimise existing infrastructures

Most service providers have standardised their data centers

on a common storage, server and high availability layer.

By building services on existing infrastructures, cSps can

utilise an it foundation that is not locked-in to specific

hardware or software. technical Architects, responsible for

the design of the service, benefit from increased agility and

flexibility. Additionally, they are able to easily migrate from

legacy unix systems to more cost-efficient Linux oS without

losing any existing investments.

Differentiate in the market

trust and confidence in cloud offerings give a key

differentiator compared to low cost offerings from ott

players and content providers.

10

Source: IDC 20126

Storage and Security Software as a Service Forecast (IDC)


Continuity Archiving Backup Mail security Web security

2010 2011 2012 2013 2014 2015

9000

8000

7000

6000

5000

4000

3000

2000

1000

0

Mill

ion

US $

Meet business objectives

Successfully selling information protection services will

have a positive impact on all major business objectives.

11


Business generation

information protection solutions are essential

it services valued and demanded by customers.

Depending on the target customer, type of service

and SLAs, the additional ARpu could range from a few

dollars to double-digit numbers per month. Different

customer segments have different and constantly

changing needs, and some expect basic information

protection services as standard. While this will not

generate direct revenue, the positive impact of lower

churn will drive new business.

Increase customer satisfaction and reduce churn

cSps can industrialise and offer services much more

cost-efficiently than customers can build and maintain

by themselves. information protection delivered by

service providers frees up resources for customers’ core

business objectives and offers a welcome single point of

contact for protecting information. A detailed services

roadmap and intuitive self-service portals will increase

the cohesiveness of the customer relationship.

Brand protection and compliance

cSps can help customers comply with worldwide data

protection regulations. For example, financial institutions

need to archive mobile traffic for industry legislation,

and a network-centric role makes cSps an ideal partner

to fulfil these requirements. Again, trust and confidence

are absolutely crucial for building a strong brand. Even

when ‘soft regulations’ are only on a voluntary basis,

they should be fully supported. this not only increases

customer satisfaction, but also creates a route to sell

premium services on top of free-of-charge offerings.

Total cost of ownership and time-to-market

cSps can leverage the investment in internal information

protection solutions by sharing the cost with revenue

generating business units. industrialisation and reusable

building blocks guarantee profitability. if time-to-market

is a challenge, companies should partner with a leading

cloud vendor that already brings a strong brand and a

rich portfolio to the business.

12

11

Conclusion References

cSps are excellently positioned to offer information

protection services and exploit upsell opportunities

within the market. there is increasing evidence that many

customers, particularly within the key SMB market, would

rather buy into an information protection roadmap and

purchase cloud and mobile services from cSps than try to

solve information protection challenges by themselves.

to profit from these new revenue opportunities it is vital to

leverage the existing network and infrastructure, develop

a services roadmap, build trust and confidence, adapt

to cloud and mobile business models, and use existing

experience to differentiate within the marketplace.

The right partner for information protection

Symantec protects the world’s information, and is the

global leader in security, backup and availability solutions.

our innovative products and services protect people and

information in any environment – from the smallest mobile

device, to the enterprise data center, to cloud-based

systems. our industry-leading expertise in protecting data,

identities and interactions gives our customers confidence

in a connected world.

Symantec has a strong focus on the communication

Service providers’ industry and protects 17 out of the

18 largest telecoms companies worldwide. Symantec

successfully supports communication Service providers

generating new revenue streams by delivering mobile

security and information protection services to their

customers and target markets.

Since 1995, Symantec has been operating the largest and

most comprehensive pKi solutions for enterprises and

service providers available on the market. More than 200

million device certificates have been issued to date.

1 Symantec internet Security threat Report 17, 2012

2 Symantec State of Mobility Survey, June 2012

3 Symantec SMB Disaster Recovery preparedness

Survey, 2011

4 Symantec State of cloud Survey, 2011

5 German Federal office for information Security (BSi)

technical Directive BSi tR-03109-4

6 – iDc Worldwide Storage in the cloud 2011-2015

Forecast #232115

– iDc Worldwide Messaging Security 2012-2016

Forecast and 2011 vendor Shares #235544

– iDc Worldwide Web Security 2012-2016 Forecast

and 2011 vendor Shares #235515

Glossary

BYoD – Bring Your own Device

cSA – cloud Security Alliance

cSB – cloud Services Brokerage

cSp – communication Service providers

LtE – Long term Evolution (4G mobile)

M2M – Machine to Machine

ott – over the top

pKi – public Key infrastructure

SLA – Service Level Agreement

SMB – Small Medium Business

Author

Frank Bunn, Symantec corporation

12


Notes

13


14

13

Notes

14


Symantec is a global leader in providing security, storage and systems management solutions to help customers secure and manage their information and identities.

copyright © 2012 Symantec corporation. All rights reserved. Symantec, the Symantec Logo, and the checkmark Logo are trademarks or registered trademarks of Symantec corporation or its affiliates in the u.S. and other countries. other names may be trademarks of their respective owners. 07/12

Symantec World Headquarters350 Ellis St.Mountain view, cA 94043 uSA+1 (650) 527 80001 (800) 721 3934www.symantec.com

increasing revenue through information protection...

Documents