Security without services

[William Knowles <wk () C4I ORG>]

http://www.zdnet.com/eweek/stories/general/0,11011,2635351,00.html

By Scott Berinato, eWEEK
October 2, 2000 12:00 AM ET


Cisco Systems Inc.'s new security blueprint, Safe, isn't an acronym,
but it might as well stand for "Services Are Found Elsewhere."

The Safe initiative, introduced here at NetWorld+Interop last week, is
Cisco's overarching attempt to simplify its security architecture and
message for net work security users, many of whom have turned to
companies such as Internet Security Systems Inc. and Check Point
Software Technologies Ltd.

The plan bundles Cisco's home-grown VPN (virtual private network),
intrusion detection, policy and firewall products, all of which are
manageable under the same console.

However, Safe lacks the very component that has attracted users to
competing security vendors and that has become central to the security
industry: services. That is causing some Cisco loyalists to balk at
the plan.

"It's scary to me if you're touting security without services," said
Jeff Uslan, security manager at 20th Century Fox, in Los Angeles, who
said the Cisco networking shop won't go with Safe. "They come in and
sell this idea, and then they say, 'You have to talk to this channel
partner or that strategic partner.'"

Instead of offering the services itself, Cisco, of San Jose, Calif.,
is willing to "leverage the ecosystem" of partners, said Richard
Palmer, vice president of security services. To that end, it has
linked up with Exodus Communications Inc., a managed service provider
that will offer services based on Safe. According to sources, IBM
Global Services will be added in the near future as a services
partner.

"Say the customer purchases the hardware from Cisco, but they're going
to want the total outsourced solution," said Max Shoka, senior product
line manager for security services at Exodus, in Santa Clara, Calif.
"That's where we come in."

Some users, however, like Fox's Uslan, discounted such a plan. "If I'm
going to get directed to an integration partner, why even deal with
Cisco at all?" he asked. "Then I'll just go with a partner that will
sell me a service with whatever boxes I think I need."

As for the Safe architecture, the hardware and software are in place.
In addition to bundling VPN and other security products, Safe adds a
new security certification course for Cisco Certified Network
Professionals. It also adds an online Cisco Security Encyclopedia that
the company hopes will become a standard, widely used repository.

As security has evolved into a services-based market over the past
year, the Safe initiative exposes a serious conflict at Cisco, one
that is endemic across the company. Just why Cisco lacks service
offerings is a complex mesh of internal politics, business decisions
and a lack of execution, said sources at the company.

Politically, the company is divided between those who are pushing
major investments in services as a Cisco-branded operation and those
who believe in the status quorelying on partners for the services
while focusing on networking infrastructure. One Cisco strategist said
his team had been trying to push the services message for months, but
it has been met with great resistance. "They don't get it, and they
don't want to get it," the source said.

They don't get it because the company's current business is so good.
Several sources requesting anonymity said one reason Cisco has, as a
rule, shied away from services is that it's a less profitable venture
that requires a heavy investment to get off the ground. Creating a
services-centric model at Cisco would cut into the high margins the
company enjoys in hardware.

Despite all this, Cisco has tried to put some flesh on the bones of
its services, but a lack of execution has hampered the effort. Again,
internal issues have left the services group with little muscle, and
the group has not exe cuted well, sources report. Part of the problem
is in the sales process, which treats services as a tack-on after an
infrastructure sale is made instead of bringing services into the
process early or even leading with the service as the principal thing
to buy.

Despite its failures, Ciscoor at least a contingent within the
companywants to restart efforts to make Cisco services something
closer to IBM Global Services than to the nonentity it is now. The
goal is to launch a services division early next year, called Cisco
Advantage, according to sources close to the company. Cisco has been
briefing partners on the direction.

If successful, Cisco Advantage would be a major services organization
that would span the entire Cisco AVVID (Architecture for Voice, Video
and Integrated Data) initiative and its three pillars: IP Telephony,
Content Networking and Safe. It would operate rather independently,
with the ability to choose partners' or even competitors' products
when outfitting enterprises with any of the AVVID platforms, including
Safe.

Something like Cisco Advantage "will be great if they do like IBM
[Global Services]," Uslan said. "IBM doesn't think Blue, they think
'customer.' If Cisco wants to do services, they can't talk about a
blueprint or partner for it. They need to live it."


*==============================================================*
"Communications without intelligence is noise;  Intelligence
without communications is irrelevant." Gen Alfred. M. Gray, USMC
================================================================
C4I.org - Computer Security, & Intelligence - http://www.c4i.org
*==============================================================*

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".