Vendors Aim To Keep Data Centers Secure


Data center service providers are experiencing a sharp increase in demand for firewall, VPN, intrusion-detection, vulnerability scanning and other security services.

Take NTT/Verio, for example. As of August, the company sold more managed security services than it did for the rest of 2002, with managed firewall and VPN services the best sellers.

To meet demand for managed firewall services, WorldCom recently introduced a global solution that includes overnight replacement of spare parts and localized support. The solution was built with technology from Check Point Software Technologies, but WorldCom plans to introduce solutions based on Nokia and other platforms.


Sales of managed security services such as VPN, firewall, intrusion-detection are on the rise.

"What's happening is enterprise customers want a complete network solution with embedded security components all managed through the same support organization. That is what we are trying to address with this new solution," said Tim Burke, manager infrastructure services at WorldCom, Clinton, Miss.

Small businesses in particular are more willing to spend money on firewalls and VPNs,solutions that were until now an afterthought, solution provider executives said.

"Before, [small businesses first looked at getting their site up with us quickly, then at high-availability services and lastly at security," said Steve Mann, director of network and security engineering at NaviSite, Andover, Mass. "Now they're more concerned about their site being compromised, so security is taking precedence over things such as high availability."

To meet the budget requirements of small businesses, many data center and managed service providers are developing shared security services. NaviSite, for example, offers a shared firewall service. In NTT/Verio's case, the company added lower-end Cisco Systems' PIX firewalls and NetScreen Technologies' firewalls.

With customers of all sizes experiencing budget constraints, open-source technology such as Snort, an network intrusion-detection system, is gaining traction as well.

"Snort is gaining acceptance because people have access to the actual code," said Charles Neal, vice president of managed security services at Exodus, a Cable and Wireless Service, London. "A lot of studies are showing that [Snort competes very well against the major [intrusion-detection products. The additional advantage is that it's free."

Even enterprise customers are coming around to open-source solutions since more solution providers are putting resources behind technology such as Nessus, a vulnerability scanning tool, said Mike Kelley, principle security engineer at NaviSite.

Customers' questions have also become more in depth, with businesses asking data center service providers not only about the security layers in place, but also the providers' emergency plans.

"We used to have to answer about 15 to 20 standard questions, but now customers are getting much more detailed," Burke said. "[For example, 'What do you do in case of a nationwide emergency?' 'What do you do in the case of business continuity and disaster recovery?' "

Data center service providers are anticipating more of a call for professional services. NTT/Verio, for one, said it plans to expand its vulnerability assessment services. "A lot of companies require assistance when developing security policies, establishing best industry practices and auditing their existing environments," said Margaret Owens, senior product manager for managed security solutions at NTT/Verio.

Also on the horizon are new devices that are being developed to help mitigate DNS attacks, a host of products based upon public key encryption technology, as well as event-correlation technology that looks at router, intrusion-detection system and firewall logs to root out odd transactions, said Cable and Wireless' Neal.