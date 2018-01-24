|
|[October 16, 2017]
New Internet Society Research Reveals Disconnect between Enterprises and Service Providers on Crucial Internet Security Fixes
The Internet
Society today announced the results of its recent survey conducted
through 451
Research, which points to a disconnect between how much enterprises
care about Internet security and what service providers think these
customers value. These results indicate an unrealized opportunity for
service providers to leverage Mutually
Agreed Norms for Routing Security (MANRS), the Internet
Society-coordinated routing security initiative, to improve their
competitive positioning and generate increased revenue. The study shows
that although the MANRS initiative is closely aligned with the goals and
security expectations of enterprise respondents, some service providers
are failing to recognize that congruence and as a result are
underserving their customers and missing additional business
opportunities.
Undertaken to better understand the attitudes and perceptions of
Internet Service Providers and the broader enterprise community around
the MANRS initiative, the MANRS
Project Study Report revealed a divide between these two groups and
potential ways to bridge it. It showed a large number of enterprise
respondents (71 percent) stating that security was a core value for
their organization. Once introduced to MANRS, almost all enterprise
respondents expressed confidence that MANRS actions over time would be
either very effective (34 percent) or somewhat effective (64 percent).
Most importantly, enterprises showed a willingness to pay a 15 percent
premium to support MANRS compliance.
On the other hand, service providers seem to underestimate the value of
MANRS. For instance, service providers were asked what they would do if
a MANRS requirement arrived as part of an RFP. Only 12 percent said they
would plan for implementation, and 6 percent said it would have no
impact. The remaining (72 percent) who said such a requirement would
spur consideration of MANRS, however, indicate that practical incentives
may yet drive greater adoption.
"There is a gap between enterprises and service providers, to be sure,
but also an opportunity to engage," said Andrei Robachevsky, Technology
Programme Manager for the Internet Society. "As they seek out
security-minded providers, enterprises could also put MANRS compliance
into their RFPs, and for their part, service providers can market
compliance with MANRS as a business differentiator. By committing to
being held accountable by the Internet community and doing good, they
can also align with customer concerns, capture a premium and do well."
Behind the large number of enterprises who see security as a core value
is the growing prominence of the Internet side of business and media
coverage of security breaches. Asked about specific threats, enterprise
respondents ranked traffic routing, interception, and hijacking at the
top of the list (at 74 percent), with DDoS and address spoofing tied for
second place (at 57 percent) and concerns over 24x7 Internet service
availability and blacklisting following thereafter. While MANRS is not a
one-stop solution to all of the Internet's routing challenges, many
enterprises appear to agree that its recommended actions in route
filtering, anti-spoofing, coordination, and global validation are
important steps in the right direction toward a globally robust and
secure routing infrastructure. In addition to revealing a willingness to
support MANRS compliance with a 15 percent (median value) price
increase, the survey showed that 13 percent of enterprise respondents
would only select a provider that was MANRS-compliant in a competitive
situation.
"The bottom line impact is real," said 451 Research (News - Alert) Chief Analyst Eric
Hanselman and report author. "Our expectation is that MANRS compliance
could translate into additional value, just in the procurement process,
for instance, through minimization of the discounting required to win
contracts, with as much as a 7 percent long-term revenue increase for
providers who are able to leverage the MANRS branding as part of the
selling process."
In looking to the future, the MANRS Project Study Report identifies more
possibilities. Already trusted by enterprise customers who are lacking
cybersecurity resources, service providers could gain additional revenue
by adding MANRS-derived services to their portfolio. Anti-spoofing
controls that log activity, for instance, can be used to generate
periodic reports for customers. These reports can be part of an
intelligence feed that alerts customers to misconfigurations or
potential attacks. Appropriately automated, this type of service can
provide additional customer binding, in additional to generating revenue.
Given all the potential additional revenue, service providers can
realize a strong return on a relatively small investment in the four
MANRS actions, which represent a lowest common denominator of security
measures to increase overall routing security. While the survey
indicated that some service provider respondents think that
implementation could be disruptive, compared to general routing security
practices, all MANRS actions are intended to have low risk and low cost.
More details on becoming MANRS compliant can be found in the MANRS
Implementation Guide. Service providers who are already compliant
can join the MANRS effort here
and may download the MANRS badge for their sales and marketing materials here.
For more information, read the full MANRS
Project Study Report.
About the Internet Society
Founded by Internet pioneers, the Internet Society (ISOC) is a
non-profit organization dedicated to ensuring the open development,
evolution, and use of the Internet. Working with a global community of
chapters and members, the Internet Society collaborates with a broad
range of groups to promote the technologies that keep the Internet safe
and secure, and advocates for policies that enable universal access. The
Internet Society is also the organizational home of the Internet
Engineering Task Force (IETF).
