ISPs underestimate value of security, core demand for 71% of enterprises
ISPs underestimate value of security, core demand for 71% of enterprises

There is a disconnect between how much enterprises care about Internet security and what service providers think these customers value according to a new survey by the Internet Society (IS).

The survey showed 71 percent of respondents stating that security was a core value for their organisation. Asked about specific threats, enterprise respondents ranked traffic routing, interception, and hijacking at the top of the list (at 74 percent), with DDoS and address spoofing tied for second place (at 57 percent) and concerns over 24×7 Internet service availability and blacklisting following thereafter.

According to the IS, these results validate its calls for service providers to leverage Mutually Agreed Norms for Routing Security (MANRS), the Internet Society-coordinated routing security initiative, to improve competitive positioning and generate increased revenue. Some service providers are failing to recognise this congruence causing them to fail to meet customer expectations and miss additional business opportunities says IS.

Once informed about MANRS, respondents said its actions over time would be either very effective (34 percent) or somewhat effective (64 percent) – and 15 percent would pay a premium to support MANRS compliance.

However, only 12 percent  of service providers would plan for implementation of MANRS even if part of an RFP, and 16 percent said it would have no impact. But 72 percent indicate that practical incentives could drive greater adoption. Possible additions include appropriately automated anti-spoofing controls that log activity, and can be used to generate periodic reports for customers; these could also be part of an intelligence feed that alerts customers to misconfigurations or potential attacks, and so provide additional customer binding/additional revenue.

“There is a gap between enterprises and service providers, to be sure, but also an opportunity to engage,” said Andrei Robachevsky, technology programme manager for the Internet Society. “As they seek out security-minded providers, enterprises could also put MANRS compliance into their RFPs, and for their part, service providers can market compliance with MANRS as a business differentiator. By committing to being held accountable by the Internet community and doing good, they can also align with customer concerns, capture a premium and do well.”

 “The bottom line impact is real,” said 451 research chief analyst Eric Hanselman and report author. “Our expectation is that MANRS compliance could translate into additional value, just in the procurement process, for instance, through minimisation of the discounting required to win contracts, with as much as a seven percent long-term revenue increase for providers who are able to leverage the MANRS branding as part of the selling process.”