ExEcutivE REpoRt: coMMuNicAtioN SERvicE pRoviDERS
Increasing revenue through information protection services
Selling new cloud and mobile services with confidence
Introduction
About this report
Profit from new revenue opportunities
Meet customer demand
Build trust and confidence in the cloud
Managed M2M connectivity
Bring the right decision makers together
Meet market demand
Meet business objectives
Conclusion
The right partner for information protection
References
1
2
3
3
4
6
8
9
10
11
12
12
12
Contents
ExEcutivE REpoRt: coMMuNicAtioN SERvicE pRoviDERS
1
The communications industry is undergoing a major
transformation. The traditional voice market has
flattened and is now in decline. Communication Service
Providers (CSPs) are experiencing increased competition
from other Telcos, and new Over the Top (OTT) players
and web-based providers are entering the market. As the
latter are using existing CSP network resources to offer
price-attractive service offerings, this opens up a complex
new battleground for customers and revenue.
The convergence of IT and network operations is driving
the implementation of an all-IP communications
network that promises huge cost savings. As a result,
investments in service-enabling initiatives for cloud,
mobile, machine to machine (M2M) and content delivery
are becoming a priority.
ExEcutivE REpoRt: coMMuNicAtioN SERvicE pRoviDERS
Protecting infrastructure and information assets as well
as the customer experience is of high importance.
Security is a key concern to customers and is integral to
priority investments around cloud, mobile and M2M.
This is further complicated as the threat landscape is
changing to include mobile devices, putting Android,
Windows Mobile, and even iOS devices at increased
risk. This trend looks set to continue as enterprises are
introducing mobile technology for business purposes and
supporting BYOD (Bring Your Own Device) programmes.
The shift from securing the perimeter to protecting an
organisation’s information is becoming harder for CSPs,
due to three trends:
• The volume of data is growing exponentially.
• Information has gone beyond IT data centers and PCs
to the need for access from any device in any location
and the cloud.
• The value of a company has changed from physical
assets to how it uses information.
CSPs already have experience in protecting and managing
internal IT information. This gives them a great advantage
as their customers, including enterprises, SMBs, and
consumers, are experiencing the same challenges with
information protection but most don’t have the resources
to deal with them. This presents a huge opportunity
for CSPs to monetise skills and investments to provide
information protection services to their customer base and
target markets, turning information protection from a
pure internal cost and risk perspective into an
opportunity for growth.
In addition, CSPs can position themselves as cloud
services brokers (CSB) or aggregators for security and
information protection services. They can protect
customers accessing public cloud services over
the Internet in an innovative way, via both fixed
and mobile networks.
2
Introduction
About this report
this report supports cSps exploring innovative information
protection offerings that they can successfully sell to their
existing customers and target markets. it addresses the
important business challenges faced by key stakeholders
and provides recommendations based on Symantec’s
experiences of working with cSps worldwide.
the report utilises Symantec research, analyst
commissioned research, and Symantec’s breadth of
knowledge and experience within this industry to provide
in-depth analysis of both business opportunities and risk.
Profit from new revenue opportunities
Existing relationships with large consumers, SMBs and
the enterprise customer base offer cSps another key
differentiator against competitors. the potential to
seamlessly grow from consumer services into SMB or
even enterprise solutions shouldn’t be underestimated.
cSps are running huge service delivery platforms, billing
systems and customer care centres which can be optimised
for new types of services. they also have a reputation for
guaranteeing strong service level agreements (SLAs) in
their core communications business; therefore customers
perceive cSps as very trustworthy. if they are able to
manage similarly strong SLAs in trust and security
for cloud and mobile services, then they are in a great
position to succeed in the new world of services.
Develop a services roadmap and catalogue
unlike their competitors, cSps can develop a straightforward
information protection and management roadmap: starting
from core network competencies then leveraging all other
differentiating assets and moving up the service stack.
So, they are in a superb position to create huge upsell
opportunities for their sales operations.
this roadmap should include details on how cSps can
offer and manage:
• Communication networks (pipes).
• Performance and availability of the pipes.
• Security of the pipes (clean pipes).
• Policy-based network security and management services.
(cSps are in a unique position to provide highly scalable,
network-based and device-independent security by
analysing network traffic.)
• Endpoint management, application management and
protection services for connected servers, pcs, tablets,
and smartphones.
• Strong user authentication and encryption services.
• Backup and archiving services of network-connected
systems.
• Storage and disaster recovery services.
• Personal cloud and secure file sharing services.
3
Stakeholders Business Challenges Risks
cMo/product Management
Sales Management
cto/technical Architects
cFo/Finance department
Brand reputation, customer satisfaction and churn, delivering innovative services that sales can successfully sell
New business generation, increased ARpu
Build and maintain service portfolio
total cost of ownership, return on investment
competitive differentiation, services roadmap, time-to-market
upsell opportunities from existing core business products, sales enablement and succussfully selling new it related services
integration into existing infrastructure, vendor complexity, agility and flexibility, achieving planned SLAs
upfront investments, sales forecasts, payment models
and cash flow
ExEcutivE REpoRt: coMMuNicAtioN SERvicE pRoviDERS
4
3
Swisscom it Services and Slovak telekom (part of Deutsche
telekom AG) experienced significant network resource
savings and reduced costs for their customer care centres as
the result of their clean pipe solution. Swisscom’s cpu server
performance increased by 50%, allowing the organisation
to reduce its messaging transfer server infrastructure by
half. the help desk administration effort required to resolve
related customer cases also decreased ten-fold.
Meet customer demand
there is increasing evidence that many customers, from
consumers, small home offices and SMBs, up to large
enterprises would rather buy into an information protection
roadmap and purchase cloud and mobile services from
cSps, than try to solve the challenges by themselves.
Companies of all sizes are suffering from
targeted attacks
As security attacks become more sophisticated, many
organisations are experiencing significant difficulties
dealing with the resources, time and money required to
maintain effective security architecture. in particular, SMBs
are presenting as a core target market for cSps as they
are suffering the most due to limited resources. Symantec
research found that out of 26,000 targeted attacks in 2011,
almost half were aimed at SMBs and 18% of the companies
targeted had 250 or fewer employees1.
this presents an opportunity to offer managed security
services and cloud-based security to this market to help
mitigate these risks.
• IT compliance and data loss prevention services.
• Cloud Brokerage Services for Information Protection.
• Secure M2M connectivity services for vertical markets.
cSps who partner with just one or a limited number of
vendors to develop such a roadmap for their customers
will benefit significantly from technical and contractual
simplicity and faster time to market.
Optimise networks before adding services
An existing network is an important advantage for
generating top line business. But as traffic is increasing,
often through ott players and third-party content
providers, it becomes more difficult to manage
network resources properly. cSps are constantly being
pressurised to increase network bandwidth in order to
satisfy customers, which ultimately reduces profitability.
Another area of concern is the level of unsolicited and
malicious traffic, much of which is caused by botnets.
cSps that neglect solving this problem risk:
• Unsatisfied customers and higher churn.
• Bad brand reputation through blacklisting.
• Higher total cost of ownership of the network
infrastructure and customer care centres.
• Poor foundation for revenue generating services.
cSps are strongly advised to optimise networks using a
‘clean pipe’ strategy. traffic management projects, using
Deep packet inspection (Dpi), can be easily complemented
by network-based security policy management, which will
significantly reduce malicious and unsolicited traffic. the
impact will be a further gain in networking resources in
inbound and outbound data streams and an increase in the
messaging reputation. the gains in bandwidth and server
resources can be invested in new value-added services for
customers, thereby increasing revenue.
4
Organisations of all sizes at risk of targeted attacks
13,428
1501-25001001-1500
501-1000
250-500
<250 18%
13,518
2,500+
ExEcutivE REpoRt: coMMuNicAtioN SERvicE pRoviDERS
Source: Symantec Internet Security Threat Report 17, 2012
Mobile computing risks are increasing
Symantec research found that 2011 was the first year
that mobile malware presented a tangible threat to
businesses and consumers1. For years, attackers focused
on Windows pcs because the widespread prevalence of
the platform meant the return on investment was greater.
However, in 2012, the attentions of the attackers shifted
towards Windows Mobile, Android, and even ioS devices.
Businesses are aware of these risks and when a Symantec
survey asked it to rate the risk associated with 10
common computing initiatives, 41% of the respondents
placed mobile computing within their top 3 risks2. As a
result, protecting information and devices is becoming a
key market consideration.
Enterprises already purchase mobile security from
Telco suppliers
Symantec research found that enterprises already
purchase or plan to purchase security safeguards from
telco Service providers2.
From whom do you currently purchase
security safeguards?
the network-centric information protection approach
gives cSps unique opportunities to offer highly scalable
services for enterprises and consumers which can include
parental controls, corporate controls, personal screening,
mobile security and data retention.
SMBs struggling with data protection and
disaster recovery
Symantec research discovered that many SMB
customers are at risk when it comes to disaster recovery3.
Although good backup technology is available, SMBs
often don’t have the right personnel and processes in
place to manage the volume of data within their
existing infrastructures.
As a result, there is an excellent opportunity to support
SMBs (and larger enterprises) with information
protection and disaster recovery services.
5
Software vendor 48%
Our Telco service provider 52% Source: Symantec SMB Disaster Preparedness Survey, 2011
Source: Symantec State of Mobility Survey, June 2012
ExEcutivE REpoRt: coMMuNicAtioN SERvicE pRoviDERS
6
<50%back up data weekly or more frequently
Only
23%back up daily
31% don’t back up email
21% don’t back up
application data
17% don’t back up
customer data
In a disaster
44% wouldlose at least
40% oftheir data
5
Build trust and confidence in the cloud
the cloud holds significant potential for cSps to
deliver innovative information protection services that
are perceived as trusted and available. However, this
marketplace is growing rapidly and looks set to become a
battlefield. there is also still some resistance to the cloud
from companies who fear the loss of intellectual property,
customer data, reputation, malicious activity and
outages. A 2011 Symantec survey found that security is
still the number one concern for enterprises moving parts
of their it into the cloud4. it showed organisations are
conflicted about security – 88 percent believed the cloud
would not impact on and could even improve security
postures, while still rating security as their major concern
on moving to the cloud.
to succeed, cSps need to provide superior cloud
services that are more trusted than those
offered by the current generation of
ott players and other web-based
cloud providers. product Managers
within cSps need to address security and
regulatory requirements, providing customer
driven and service-appropriate security across multiple
deployment methods, while guaranteeing highest
performance and SLAs.
the guidance by the cloud Security Alliance (cSA)
provides an excellent starting point. cSps can
differentiate themselves by designing cSA controls
(policies, procedures and processes for 14 defined
security domains) into their cloud architectures. they
should also ensure any third-party cloud service partners
implement these controls.
in addition, with the adoption of the 4G mobile
technology LtE, which is based on the all-ip
protocol, cSps should integrate ipsec protocols for
secure connectivity.
6
ExEcutivE REpoRt: coMMuNicAtioN SERvicE pRoviDERS
“Everything depends on how you secure
your data. If there’s no security, there’s no
point in going for the new technology.”
– CTO of a small technology company
Develop cloud and mobile business models
cSps should analyse various deployment options for
their cloud service offerings. the right choice will depend
on target markets and size, competitor offerings,
time-to-market requirements, cloud partner ecosystems,
and their own it service delivery skills.
Resell existing services from trusted cloud partners
cSps without extensive it and cloud services experiences,
or for whom time-to-market is critical, should partner with
established cloud providers to resell information protection
services. cSps need to select a cloud partner that supports
the security guidelines and best practices of the cSA and
provides the most suitable SLAs for their business
models. Availability, security efficiency,
delay times, service and support, as well
as transparency of the service, are
important considerations in the
selection process. cSps should have
the option to resell these services
under their own brand, co-branded, or marketed completely
under the partner’s brand.
Build cloud services
cSps with advanced it services skills are able to build cloud
services that they can adjust to the special needs of their
customers: for example, regulatory requirements in certain
countries or vertical industries can be exactly addressed.
this deployment model provides more flexibility and margins
can be higher. Following the ‘Security by Design’ principals
from the cSA, security and availability controls should be
embedded into cloud architecture from the beginning.
Prepare for the future above the cloud
the recent beta phase of a new Symantec cloud
security brokerage solution demonstrated that cSps
are keen to offer security for cloud services ‘above
the cloud’. their network-centric position between
enterprises and third-party cloud providers allows
them to act as cloud service aggregators and cloud
brokers for policy-based security management. in this
expanded role as an ecosystem manager, cSps can
ensure enterprises migrating to the cloud can maintain
the same risk posture; enabling them to extend
their internal information protection policies to data
migrated to the cloud.
there is a great opportunity to enrich the customer
experience and assist compliance with data protection
regulations and internal it security policies. this is
especially important, as public cloud services are often
not transparent about security implementations.
7
Access control Information protection Cloud visibility Control Security Compliance
Private cloud
ExEcutivE REpoRt: coMMuNicAtioN SERvicE pRoviDERS
“Our goal is by 2014 everything should
be in the cloud.”
– CTO of a small technology company
Extend on-premise customer environments
via cloud
cSps can use this as a migration step for customers
moving gradually into the cloud while leveraging
existing on-site investments. on-premise security
software can be managed via cloud-based
management portals hosted by the cSp. on-premise
backup and archiving solutions can automatically
back up the data into the cloud-based data centers
of the cSp, where skilled personal and certified
processes will guarantee high availability and disaster
recovery SLAs.
8
A new security layer above the clouds
To embrace the cloud with confidence
Cloud Services of all kinds
CSP Business Customers
CSPInformationProtectionBrokerage
Service
7
Managed M2M connectivity
Although M2M has been available for many years, it has
recently become an investment priority for providers.
As cSps migrate from pure connectivity via managed
connectivity towards multiple forms of complete service
enablement, different models in the M2M value chain
have been developed. Most providers are focusing on
vertical markets such as Smart Metering or mHealth,
which are highly security sensitive.
Driven by scalability requirements, public Key
infrastructure (pKi) solutions are experiencing a
renaissance within M2M security as they ensure that only
trusted devices are communicating and also guarantee
authenticated firmware updates. For example, the German
Federal office for information Security (BSi) mandates pKi
as the security measure for authentication and encryption
in smart meter gateways for the German market5.
Few cSps can justify running a secure, large-scale pKi
infrastructure for their customers. partnering with
managed pKi providers that perform all these security
processes on their behalf will allow cSps to quickly
enhance the value of M2M service offerings
to vertical markets with securely managed
connectivity requirements.
Information Protection Services opportunities
8
Source: Symantec sponsored GDS International NGT Summit 2012 – Investment Priorities of leading European CSPs
Investment 2012: Business Strategy Services / Technology Currently Sought – Less than 12 Months
Cloud Mobile Cloud Brokerage
M2M
Information Protection Services
Strong Convergence
ExEcutivE REpoRt: coMMuNicAtioN SERvicE pRoviDERS
Billing (C
onverged & Real Tim
e)
Broadband Infra
structure BSS
Business
Transform
ation
Carrier E
thernet
Charging & Policy M
anagement
Cloud Computing Softw
are
Complex Programmes & M
anaging Risk
Customer C
are & CRM/CEM
Customer L
oyalty/C
hurn Management
Data Center Optim
isatio
n
Location-base
d Services
LTE/4G
Machine to M
achine
Mobile Backhaul
Mobile M
arketing
Mobile Value Added Services
Mobile W
orkforce Management
Network M
anagement & Optim
isatio
n
Network Perfo
rmance M
anagementOSS
Outsourcing/M
anaged Services
Security (N
etwork, C
ustomer, M
obile)
Smart Card & Contactle
ss Te
chnology
Subscriber D
ata Analytics
Test
& Measu
rement
Video-based Services
Wireless
Infrastr
ucture
Real Tim
e Business
Intelligence-Event P
rocessing
Network Power/E
nergy Storage & Management
504540353025201510
50
Num
ber
of D
eleg
ates
Investment Priorities
Cloud MobileVAS
SecurityVideo based
servicesLTE M2M
• CSP Product Management and Marketing:
Do i have the right roadmap of information services?
• CSP Sales Management:
can i sell these services to my target markets?
Are there easy upsell opportunities from one
service to another?
• CSP Technical Architect:
can i build, integrate and maintain these services under
SLA considerations?
• CSP Finance:
What are my upfront investments for sourcing the
appropriate building blocks? What is my financial risk?
can i generate revenue? Do these services fit with the
paying models of my enterprise and consumer customers?
this model is a useful tool for maximising the industrialisation
potential of different service offerings and ensuring
business processes are aligned.
9
Bring the right decision makers together
Successfully selling new services requires good planning
and a common direction for all major stakeholders.
Bringing the right stakeholders to the table early enough,
to discuss and agree on service abstraction layers,
deployment models and the service target segments
with specific go-to-market strategies, is as important as
the industrialisation of the service offerings is critical to
achieving profitability.
Symantec has developed a ‘cube’ model that acts as a
framework to support cSps in analysing, architecting
and deploying information protection services. As a
result, the stakeholder groups will better understand the
service strategies, business and technical requirements
and financial models which can be tailored to the paying
cycles of the cSp’s customers. the framework also helps
to answer the following important questions:
ExEcutivE REpoRt: coMMuNicAtioN SERvicE pRoviDERS
publicHybridcommunityvirtual private
private
portalsWeb Servicescommunication Services
End user ServicesSystems Management
MonitoringSecurityAvailability
NetworkpowercomputeStorage
SaaS
paaS
iaaS
Archiving as
a Service
Storage as
a Service
Virtual
Desktop
Backup as
a Service
Security as
a Service
?
Distributor
Enterprise
SMB
consumer
10
The Cube
Framework for services
9
Meet market demand
Symantec has worked with analysts including Gartner
and iDc to analyse the demand for information protection
services. the diagram above exemplarily illustrates the
attractiveness of the market for five services. Analysts
expect a cAGR (compound Aggregate Growth Rate) of
30% or more for some of the information protection
solutions delivered as services.
cSps have an advantage against prior established
system integrators and traditional outsources. By using
the existing consumer subscriber base and by offering
services such as personal clouds and secure content
management that grow seamlessly from consumer needs
into enterprise requirements, these opportunities can be
leveraged further.
Exploit and optimise existing infrastructures
Most service providers have standardised their data centers
on a common storage, server and high availability layer.
By building services on existing infrastructures, cSps can
utilise an it foundation that is not locked-in to specific
hardware or software. technical Architects, responsible for
the design of the service, benefit from increased agility and
flexibility. Additionally, they are able to easily migrate from
legacy unix systems to more cost-efficient Linux oS without
losing any existing investments.
Differentiate in the market
trust and confidence in cloud offerings give a key
differentiator compared to low cost offerings from ott
players and content providers.
10
Source: IDC 20126
Storage and Security Software as a Service Forecast (IDC)
ExEcutivE REpoRt: coMMuNicAtioN SERvicE pRoviDERS
Continuity Archiving Backup Mail security Web security
2010 2011 2012 2013 2014 2015
9000
8000
7000
6000
5000
4000
3000
2000
1000
0
Mill
ion
US $
Meet business objectives
Successfully selling information protection services will
have a positive impact on all major business objectives.
11
ExEcutivE REpoRt: coMMuNicAtioN SERvicE pRoviDERS
Business generation
information protection solutions are essential
it services valued and demanded by customers.
Depending on the target customer, type of service
and SLAs, the additional ARpu could range from a few
dollars to double-digit numbers per month. Different
customer segments have different and constantly
changing needs, and some expect basic information
protection services as standard. While this will not
generate direct revenue, the positive impact of lower
churn will drive new business.
Increase customer satisfaction and reduce churn
cSps can industrialise and offer services much more
cost-efficiently than customers can build and maintain
by themselves. information protection delivered by
service providers frees up resources for customers’ core
business objectives and offers a welcome single point of
contact for protecting information. A detailed services
roadmap and intuitive self-service portals will increase
the cohesiveness of the customer relationship.
Brand protection and compliance
cSps can help customers comply with worldwide data
protection regulations. For example, financial institutions
need to archive mobile traffic for industry legislation,
and a network-centric role makes cSps an ideal partner
to fulfil these requirements. Again, trust and confidence
are absolutely crucial for building a strong brand. Even
when ‘soft regulations’ are only on a voluntary basis,
they should be fully supported. this not only increases
customer satisfaction, but also creates a route to sell
premium services on top of free-of-charge offerings.
Total cost of ownership and time-to-market
cSps can leverage the investment in internal information
protection solutions by sharing the cost with revenue
generating business units. industrialisation and reusable
building blocks guarantee profitability. if time-to-market
is a challenge, companies should partner with a leading
cloud vendor that already brings a strong brand and a
rich portfolio to the business.
12
11
Conclusion References
cSps are excellently positioned to offer information
protection services and exploit upsell opportunities
within the market. there is increasing evidence that many
customers, particularly within the key SMB market, would
rather buy into an information protection roadmap and
purchase cloud and mobile services from cSps than try to
solve information protection challenges by themselves.
to profit from these new revenue opportunities it is vital to
leverage the existing network and infrastructure, develop
a services roadmap, build trust and confidence, adapt
to cloud and mobile business models, and use existing
experience to differentiate within the marketplace.
The right partner for information protection
Symantec protects the world’s information, and is the
global leader in security, backup and availability solutions.
our innovative products and services protect people and
information in any environment – from the smallest mobile
device, to the enterprise data center, to cloud-based
systems. our industry-leading expertise in protecting data,
identities and interactions gives our customers confidence
in a connected world.
Symantec has a strong focus on the communication
Service providers’ industry and protects 17 out of the
18 largest telecoms companies worldwide. Symantec
successfully supports communication Service providers
generating new revenue streams by delivering mobile
security and information protection services to their
customers and target markets.
Since 1995, Symantec has been operating the largest and
most comprehensive pKi solutions for enterprises and
service providers available on the market. More than 200
million device certificates have been issued to date.
1 Symantec internet Security threat Report 17, 2012
2 Symantec State of Mobility Survey, June 2012
3 Symantec SMB Disaster Recovery preparedness
Survey, 2011
4 Symantec State of cloud Survey, 2011
5 German Federal office for information Security (BSi)
technical Directive BSi tR-03109-4
6 – iDc Worldwide Storage in the cloud 2011-2015
Forecast #232115
– iDc Worldwide Messaging Security 2012-2016
Forecast and 2011 vendor Shares #235544
– iDc Worldwide Web Security 2012-2016 Forecast
and 2011 vendor Shares #235515
Glossary
BYoD – Bring Your own Device
cSA – cloud Security Alliance
cSB – cloud Services Brokerage
cSp – communication Service providers
LtE – Long term Evolution (4G mobile)
M2M – Machine to Machine
ott – over the top
pKi – public Key infrastructure
SLA – Service Level Agreement
SMB – Small Medium Business
Author
Frank Bunn, Symantec corporation
12
ExEcutivE REpoRt: coMMuNicAtioN SERvicE pRoviDERS
Notes
13
ExEcutivE REpoRt: coMMuNicAtioN SERvicE pRoviDERS
14
13
Notes
14
ExEcutivE REpoRt: coMMuNicAtioN SERvicE pRoviDERS
Symantec is a global leader in providing security, storage and systems management solutions to help customers secure and manage their information and identities.
copyright © 2012 Symantec corporation. All rights reserved. Symantec, the Symantec Logo, and the checkmark Logo are trademarks or registered trademarks of Symantec corporation or its affiliates in the u.S. and other countries. other names may be trademarks of their respective owners. 07/12
Symantec World Headquarters350 Ellis St.Mountain view, cA 94043 uSA+1 (650) 527 80001 (800) 721 3934www.symantec.com