Study Indicates that Enterprises Value Internet and Routing Security More than Service Providers Realize
Washington, D.C. – 16 October 2017 – The Internet Society today announced the results of its recent survey conducted through 451 Research, which points to a disconnect between how much enterprises care about Internet security and what service providers think these customers value. These results indicate an unrealized opportunity for service providers to leverage Mutually Agreed Norms for Routing Security (MANRS), the Internet Society-coordinated routing security initiative, to improve their competitive positioning and generate increased revenue. The study shows that although the MANRS initiative is closely aligned with the goals and security expectations of enterprise respondents, some service providers are failing to recognize that congruence and as a result are underserving their customers and missing additional business opportunities.
Undertaken to better understand the attitudes and perceptions of Internet Service Providers and the broader enterprise community around the MANRS initiative, the MANRS Project Study Report revealed a divide between these two groups and potential ways to bridge it. It showed a large number of enterprise respondents (71 percent) stating that security was a core value for their organization. Once introduced to MANRS, almost all enterprise respondents expressed confidence that MANRS actions over time would be either very effective (34 percent) or somewhat effective (64 percent). Most importantly, enterprises showed a willingness to pay a 15 percent premium to support MANRS compliance.
On the other hand, service providers seem to underestimate the value of MANRS. For instance, service providers were asked what they would do if a MANRS requirement arrived as part of an RFP. Only 12 percent said they would plan for implementation, and 16 percent said it would have no impact. The remaining (72 percent) who said such a requirement would spur consideration of MANRS, however, indicate that practical incentives may yet drive greater adoption.
“There is a gap between enterprises and service providers, to be sure, but also an opportunity to engage,” said Andrei Robachevsky, Technology Programme Manager for the Internet Society. “As they seek out security-minded providers, enterprises could also put MANRS compliance into their RFPs, and for their part, service providers can market compliance with MANRS as a business differentiator. By committing to being held accountable by the Internet community and doing good, they can also align with customer concerns, capture a premium and do well.”
Behind the large number of enterprises who see security as a core value is the growing prominence of the Internet side of business and media coverage of security breaches. Asked about specific threats, enterprise respondents ranked traffic routing, interception, and hijacking at the top of the list (at 74 percent), with DDoS and address spoofing tied for second place (at 57 percent) and concerns over 24×7 Internet service availability and blacklisting following thereafter. While MANRS is not a one-stop solution to all of the Internet’s routing challenges, many enterprises appear to agree that its recommended actions in route filtering, anti-spoofing, coordination, and global validation are important steps in the right direction toward a globally robust and secure routing infrastructure. In addition to revealing a willingness to support MANRS compliance with a 15 percent (median value) price increase, the survey showed that 13 percent of enterprise respondents would only select a provider that was MANRS-compliant in a competitive situation.
“The bottom line impact is real,” said 451 Research Chief Analyst Eric Hanselman and report author. “Our expectation is that MANRS compliance could translate into additional value, just in the procurement process, for instance, through minimization of the discounting required to win contracts, with as much as a 7 percent long-term revenue increase for providers who are able to leverage the MANRS branding as part of the selling process.”
In looking to the future, the MANRS Project Study Report identifies more possibilities. Already trusted by enterprise customers who are lacking cybersecurity resources, service providers could gain additional revenue by adding MANRS-derived services to their portfolio. Anti-spoofing controls that log activity, for instance, can be used to generate periodic reports for customers. These reports can be part of an intelligence feed that alerts customers to misconfigurations or potential attacks. Appropriately automated, this type of service can provide additional customer binding, in additional to generating revenue.
Given all the potential additional revenue, service providers can realize a strong return on a relatively small investment in the four MANRS actions, which represent a lowest common denominator of security measures to increase overall routing security. While the survey indicated that some service provider respondents think that implementation could be disruptive, compared to general routing security practices, all MANRS actions are intended to have low risk and low cost. More details on becoming MANRS compliant can be found in the MANRS Implementation Guide. Service providers who are already compliant can join the MANRS effort here and may download the MANRS badge for their sales and marketing materials here.
For more information, read the full MANRS Project Study Report.
About the Internet Society
Founded by Internet pioneers, the Internet Society (ISOC) is a non-profit organization dedicated to ensuring the open development, evolution, and use of the Internet. Working with a global community of chapters and members, the Internet Society collaborates with a broad range of groups to promote the technologies that keep the Internet safe and secure, and advocates for policies that enable universal access. The Internet Society is also the organizational home of the Internet Engineering Task Force (IETF).