[ISN] Wanted: Simple home security

InfoSec News isn at c4i.org
Thu Oct 7 05:49:43 EDT 2004


[I agree with the author, but I belive the real incentive needs to be 
with the end user, no black box security device, and your rates for 
DSL and internet cable modem become more expensive.  - WK]

By Jon Oltsik
October 6, 2004

How much data can fit through broadband pipes? The next big broadband 
battle is going to turn on that very question. 

With data speeds increasing and monthly charges now within range of 
most family budgets, you should expect a sharp increase in Internet 
usage across a range of devices from PCs and telephones to stereos and 
refrigerators. But that will inevitably invite more attacks from 
worms, viruses, Trojan horses and malicious hackers. 

You'd think the broadband suppliers would tackle the security void (or 
even view it as a revenue opportunity). 


Instead, cable and DSL (digital subscriber line) providers are taking 
baby steps. They prefer to address the security issue by providing a 
combination of bundles, evaluation software and Web-based advice. 

Qwest Communications International and Verizon Communications include 
a free license for MSN Premium, which includes antivirus and firewall 
protection, along with pop-up blocking. AT&T and several others 
provide little more than 30-day trials for security software. 

That puts the burden of responsibility on customers. Savvy home users 
will go to the store and pick up a copy of McAfee or Symantec's 
Internet security suite that has antivirus, antispam, firewall and 
content filtering. 

Here's the problem. As more bandwidth and devices connect to the 
Internet, the home network starts to get complex. Suddenly, you need 
security software on every device in the house. You have to manage 
configuration changes, patch vulnerabilities, filter content and 
download the latest antivirus signatures all over the house. Soon, dad 
has taken on a new role as the family security administrator. If the 
old man lacks these skills or ignores routine tasks, every system is 
at risk. 

I don't know about you, but I barely have enough time to hang out with 
my kids, keep up with the bills, walk the dog and mow the lawn. I 
don't want to fill my precious few moments of personal time with 
maintaining residential firewall rules or deleting spyware. 

What's needed is a simple home security service with two dominant 

* The security service must not require any security knowledge. Upon 
  installation, the security service asks me a few simple questions 
  (in English, mind you), and then configures itself to my needs. It is 
  dynamic in that it continues to maintain my security, even as  
  threats change. 

* All I have to do to preserve my security protection is pay a monthly 
  bill. My estimate is that this service would cost between $5 and $15 
  per month. 

It's as simple as that. What Internet user wouldn't sign up? 

This isn't a pie-in-the-sky concept. Several companies from different 
industry sectors could take a leadership role. The right firm would 
need skills in security, services, customer service and distribution, 
backed up by a billing system that could handle monthly cycles. 

The most plausible candidates come from the traditional security 
industry crowd, with Symantec and McAfee in the poll position. Both of 
these companies could use existing products to build a residential 
security "black box" and sell it through their traditional retail 
channels. They also have established services capabilities. A number 
of other security vendors, including Computer Associates 
International, Fortinet, Jupiter Networks' NetScreen and WatchGuard 
have security products and services but lack a consumer distribution 

PC networking companies like Belkin, D-Link, Cisco Systems' Linksys 
and Netgear could also make a play, as they have some security, 
distribution, services expertise. Not a perfect match but certainly 
the foundation for what is needed. 

Of course, a single broadband provider could pioneer home security 
services and effectively change the rules of the game. For example, 
Verizon could establish a relationship with a security technology 
vendor, develop a model for cooperative development and support, then 
use existing pieces of its business to market, sell and bill its 
broadband subscribers. Security could be used in promotions to 
differentiate Verizon from cable providers to attract new customers. 

This would require some risk taking and strategic vision--not exactly 
qualities associated with cable or telecommunications companies. 

Broadband subscribers don't care who offers this service or which 
technologies they use. They care about getting rid of the security 
burden forever, and they'll gladly fork over $10 a month in perpetuity 
to make this happen. Undoubtedly, the company that comes up with the 
right home security services business model first will be an instant 
security leader and make a ton of money in the process. 


Jon Oltsik is a senior analyst at the Enterprise Strategy Group. 

More information about the ISN mailing list