When four altered copies of the much hyped but mostly harmless Anna Kournikova
virus were sent to my Outlook Inbox recently, I started to think about security.
The virus, a visual basic script (VBS) disguised as a .JPG image of the pretty
young tennis player, e-mailed itself to everyone in the address books of the
four unlucky people who had received the attachment themselves and attempted to
open it. I mention receiving four altered copies of the virus because our
Microsoft Exchange Server uses Network Associates' McAfee Groupshield for
Exchange to filter out all .VBS and .EXE attachments, the two most common
methods of transmitting viruses. What I actually received was a text file from
the server informing me that it had filtered out the viral attachment
AnnaKournikova.jpg.vbs. The questionable attachment itself was sent to a
quarantine folder for proper disposal by our MIS department.
This is a small example of the importance of network security and is focused
on me, the end user, but is indicative of the pressing need for smart safety
solutions as networks grow more extensive. A recent survey commissioned by the
ASP Industry Consortium (www.allaboutasp.org)
and performed by Zona Research revealed the number one concern of respondents
considering a hosted application is security. And when you consider the amount
of confidential information being sent from the customer premises to the service
provider's network (and beyond) in many hosted scenarios, the need for
all-inclusive security solutions becomes abundantly clear.
SECURITY SOLUTIONS: A MARKET OPPORTUNITY
As with virtually every other facet of the hosted space, a new breed of security
solutions providers has emerged. I think it's important to make a distinction
here, as the use of acronyms grows more and more pervasive in this space. I have
heard the term MSP (managed service provider) used to describe the new breed of
security solutions providers, those who install and maintain security software
and hardware on a hosted basis. However, MSP may also stand for management
service provider, as is the case with the MSP Association (www.mspassociation.org).
They define management service providers as delivering information technology
infrastructure management services to multiple customers over a network, on a
For the sake of this column, I'm going to refer to security solutions
providers as just that, to avoid unnecessary confusion. And there is a huge crop
of companies offering these types of solutions on a hosted basis, as well as
companies that create security solutions tailored to the hosted application
environment, which service providers and ASPs may install on their own. These
are the two main types of solutions I've run into in this space.
Hosted Solutions Providers
Akaba (www.akabainc.com) offers a full
suite of managed security services, from planning and implementation to
management, from their Global Security Operations Center. DefendNet Solutions (www.defendnet.com)
offers the SecureInternet managed security service, a firewall-based solution
for outsourced administration, monitoring, and reporting. CyTek Corporation (www.cytekcorp.com)
has created security policy development, network vulnerability assessments,
firewall design and installation, intrusion detection services, and even
security awareness training. Another notable company in this space is Telenisus
Corporation (www.telenisus.com), which
offers managed security, hosting, and VPN services.
Aravox Technologies (www.aravox.com) offers
the dynamic VoiceShield firewall for secure delivery of Voice over IP (VoIP).
The company also offers the VoiceShield NAT (network address translation)
facility to allow service providers to connect endpoints and control traffic
routes among them. Check Point Software Technologies (www.checkpoint.com)
provides a variety of firewall and security products from enterprise and Virtual
Private Network (VPN) solutions to the Provider-1 solution for managed service
providers and large enterprises. Features include a three-tier, multi-policy
security management architecture and multi-administrator distributed management.
Esecurity products from Baltimore Technologies (www.baltimore.com)
cover everything from e-mail safety and security policy management to
system-level security applications for systems integrators. SecureLogix
focuses specifically on protecting telecommunication networks with its TeleWall
and TeleSweep products.
One company I recently met with is focusing on security inside the network, a
growing concern for hosted communications as employees of various ASPs and
infrastructure providers partner and gain access to one another's networks.
Cryptek Secure Communications (www.cryptek.com)
is getting ready to roll out its DiamondTEK line of security appliances, which
sit inside a service provider's network (on the inside of an existing firewall,
for instance). The products will offer IPSec, encryption, and token-based user
authentication to physically identify users. The system was originally developed
for the U.S. Department of Defense.
Please keep in mind that the companies listed above are just a small sampling
of the vast number of solutions and service providers available today. We will
be covering security in greater depth in future issues of this publication, but
we hope that the information above will serve as a reminder of the importance of
security solutions when delivering any type of hosted application.
To The March/April 2001 Table Of Contents ]