Paranoid? No, they are out to get you

Listen to this article

00:00
00:00

Imagine the scene 15 years from now. You have been diagnosed as a potential heart attack victim, and you have an implanted bio-mechanical device that can detect the telltale warning signals in advance.

At the core of the device would be a monitoring chip, so the device would be a computer - and that, says Stijn Bijnens, means that it could be hacked. But he suggests people could have a managed security services (MSS) company to monitor the device’s security.

If that idea sounds far out, Mr Bijnens has plenty of others that are more down to earth. One of the pioneers of the MSS market and an expert on e-security, he co-founded Ubizen in 1995. The company, a spin-out from KULeuven, Belgium’s largest university, is now majority owned by US-based Cybertrust, of which he is chief strategy officer.

One more immediately realisable idea Mr Bijnens is pushing is to offer, via a carrier or internet service provider, a managed security service to individuals, who would be willing to pay, say, €5 a month to have their firewalls managed remotely.

Then there is what he calls the personal firewall market. “This is the firewall for you, and not just your home. It would be protecting all your devices in the forthcoming era of pervasive computing.”

Mr Bijnens is happy to admit that the forecasts he made for the MSS market in 1995 and 2000 were “always wrong”. Yet it seems that some of his predictions for the next few years will have to come true if there is not to be a big shakeout in the MSS market.

“Too much money went into MSS during the dotcom boom,” he says, “perhaps more than €1bn.” The popularity of MSS as a concept grew slowly, and the market was still small in 1999/2000.

Now the concept is better established, at least in North America and Europe, but the industry has yet to fulfil its promise financially. Cybertrust’s MSS business, which has annual revenues of $42m, is breaking even, but Mr Bijnens claims rivals are losing money.

Revenues from contracts come in slowly, he adds, as it can take a year to transfer all a large company’s firewalls to the managed service. A typical large MSS contract might be worth $5m a year, equating to £10,000 for each internal firewall.

On top of all this, investment has to continue in the MSS providers’ own security, both physical and logical (i.e how it structures its own IT networks and procedures) to reassure existing and potential customers about the security of their data.

Most new customers still insist on visiting Cybertrust’s security operations centres (SOCs) to see facilities for themselves, and gaze through a glass window at young, denim-clad SOC staff who might look like the average hacker but have all received Nato security clearance.

Some prospective customers are not above playing tricks on service providers during these site visits. One Cybertrust executive recalls how a rival lost a potential contract when customer representatives were allowed to visit the toilet unescorted while visiting the most sensitive part of a facility.

Customers like to be impressed by the technology on display, too. At Cybertrust’s Atlanta SOC, giant plasma screens light up behind workers’ desks highlighting in multiple colours the flow of events and alerts into the centre. This razzmatazz has not hitherto been deemed necessary at the Leuven SOC, but plasma screens are on the way there, too.

Finally comes the cost of training staff in spotting - with the help of technology - which of the millions of daily “events” need to be classified as alerts or even genuine attacks that customers should know about and for which they should receive advice and recommendations.

It is not for nothing, therefore, that Mr Bijnens believes “only the fittest will survive” in the MSS sector. It also makes sense, he says, to leverage the €150m that has been invested in Cybertrust’s MSS business over the past decade by exploiting new opportunities to expand the market.

He is keen to develop the role of the Cybertrust MSS arm as a specialist supplier of services to other companies that would deal directly with new customers in the small and medium-sized enterprise market. This could include partnering with telecoms companies, or working with local IT resellers, which would bundle MSS in with other services. An MSS for individuals could become a reality in the next two years, he says, as people tire of grappling with computer security problems.

Another possibility, says Mr Bijnens, is to promote MSS by working with insurance companies. “Their customers would get a better price for their e-business insurance if they were monitoring their security devices 24/7,” he says. “We have been talking about this with insurance companies for five years.”

Copyright The Financial Times Limited 2017. All rights reserved. You may share using our article tools. Please don't copy articles from FT.com and redistribute by email or post to the web.