Information Security News mailing list archives
Security without services
From: William Knowles <wk () C4I ORG>
Date: Mon, 2 Oct 2000 01:49:21 -0500
http://www.zdnet.com/eweek/stories/general/0,11011,2635351,00.html By Scott Berinato, eWEEK October 2, 2000 12:00 AM ET Cisco Systems Inc.'s new security blueprint, Safe, isn't an acronym, but it might as well stand for "Services Are Found Elsewhere." The Safe initiative, introduced here at NetWorld+Interop last week, is Cisco's overarching attempt to simplify its security architecture and message for net work security users, many of whom have turned to companies such as Internet Security Systems Inc. and Check Point Software Technologies Ltd. The plan bundles Cisco's home-grown VPN (virtual private network), intrusion detection, policy and firewall products, all of which are manageable under the same console. However, Safe lacks the very component that has attracted users to competing security vendors and that has become central to the security industry: services. That is causing some Cisco loyalists to balk at the plan. "It's scary to me if you're touting security without services," said Jeff Uslan, security manager at 20th Century Fox, in Los Angeles, who said the Cisco networking shop won't go with Safe. "They come in and sell this idea, and then they say, 'You have to talk to this channel partner or that strategic partner.'" Instead of offering the services itself, Cisco, of San Jose, Calif., is willing to "leverage the ecosystem" of partners, said Richard Palmer, vice president of security services. To that end, it has linked up with Exodus Communications Inc., a managed service provider that will offer services based on Safe. According to sources, IBM Global Services will be added in the near future as a services partner. "Say the customer purchases the hardware from Cisco, but they're going to want the total outsourced solution," said Max Shoka, senior product line manager for security services at Exodus, in Santa Clara, Calif. "That's where we come in." Some users, however, like Fox's Uslan, discounted such a plan. "If I'm going to get directed to an integration partner, why even deal with Cisco at all?" he asked. "Then I'll just go with a partner that will sell me a service with whatever boxes I think I need." As for the Safe architecture, the hardware and software are in place. In addition to bundling VPN and other security products, Safe adds a new security certification course for Cisco Certified Network Professionals. It also adds an online Cisco Security Encyclopedia that the company hopes will become a standard, widely used repository. As security has evolved into a services-based market over the past year, the Safe initiative exposes a serious conflict at Cisco, one that is endemic across the company. Just why Cisco lacks service offerings is a complex mesh of internal politics, business decisions and a lack of execution, said sources at the company. Politically, the company is divided between those who are pushing major investments in services as a Cisco-branded operation and those who believe in the status quorelying on partners for the services while focusing on networking infrastructure. One Cisco strategist said his team had been trying to push the services message for months, but it has been met with great resistance. "They don't get it, and they don't want to get it," the source said. They don't get it because the company's current business is so good. Several sources requesting anonymity said one reason Cisco has, as a rule, shied away from services is that it's a less profitable venture that requires a heavy investment to get off the ground. Creating a services-centric model at Cisco would cut into the high margins the company enjoys in hardware. Despite all this, Cisco has tried to put some flesh on the bones of its services, but a lack of execution has hampered the effort. Again, internal issues have left the services group with little muscle, and the group has not exe cuted well, sources report. Part of the problem is in the sales process, which treats services as a tack-on after an infrastructure sale is made instead of bringing services into the process early or even leading with the service as the principal thing to buy. Despite its failures, Ciscoor at least a contingent within the companywants to restart efforts to make Cisco services something closer to IBM Global Services than to the nonentity it is now. The goal is to launch a services division early next year, called Cisco Advantage, according to sources close to the company. Cisco has been briefing partners on the direction. If successful, Cisco Advantage would be a major services organization that would span the entire Cisco AVVID (Architecture for Voice, Video and Integrated Data) initiative and its three pillars: IP Telephony, Content Networking and Safe. It would operate rather independently, with the ability to choose partners' or even competitors' products when outfitting enterprises with any of the AVVID platforms, including Safe. Something like Cisco Advantage "will be great if they do like IBM [Global Services]," Uslan said. "IBM doesn't think Blue, they think 'customer.' If Cisco wants to do services, they can't talk about a blueprint or partner for it. They need to live it." *==============================================================* "Communications without intelligence is noise; Intelligence without communications is irrelevant." Gen Alfred. M. Gray, USMC ================================================================ C4I.org - Computer Security, & Intelligence - http://www.c4i.org *==============================================================* ISN is hosted by SecurityFocus.com --- To unsubscribe email LISTSERV () SecurityFocus com with a message body of "SIGNOFF ISN".
Current thread:
- Security without services William Knowles (Oct 02)