alex_aldo - Fotolia

CenturyLink eyes APAC managed security market

Managed services supplier CenturyLink will be investing in infrastructure and headcount to support the growing demand for managed security services in APAC

CenturyLink is making a dash for the managed security market in the Asia-Pacific (APAC) region in its major expansion outside its home market in the US.

Nathan Shanks, director for managed security services (MSS) at CenturyLink, said the managed IT service provider will be investing in infrastructure and headcount in Singapore to support the cyber security needs of organisations in the region.

Shanks told Computer Weekly that CenturyLink’s choice of APAC was deliberate, as it found that enterprises in the region not only have a bigger appetite for outsourcing, they also face similar challenges as its enterprise customers in North America.

With 74% of CenturyLink’s revenue coming from enterprises, Shanks said the company sees the enterprise space as a sweet spot segment that it knows how to sell to. It also supplies managed services to small and medium-sized businesses, as well as large enterprises that are typically global corporations.

“We started profiling organisations around the world, and we found that the APAC region seemed to be a much more natural fit than the traditionally European roll-out,” Shanks said.

“While we’re known in Europe, our customers there tend to be global institutions that already have dedicated security teams and infrastructure. They are also usually slower to move to an outsourced approach,” he added.

Outsourcing isn’t getting rid of a problem, it’s changing the way you manage the problem
Nathan Shanks, CenturyLink

According to Shanks, CenturyLink will be targeting public sector organisations in APAC, as well as enterprises in regulated industries such as healthcare and financial services that want to make their money count while meeting compliance requirements at the same time.

“In Singapore, we’ve already been communicating with local government institutions to talk about some of their long-term challenges,” he said.

Asked about the mix of new and existing MSS customers that CenturyLink expects to nab in the region, Nathan said like any managed communications and IT service provider, one in three customers that use its managed services are new.

“However, that’s not true for the security practice, where most customers are new,” Shanks said, adding the CenturyLink will figure out the balance between those two trends in its APAC expansion.

In 2016, the managed security services segment was worth $1.58bn in 2016, accounting for 37% of the total security services market in the APAC region, excluding Japan, according to IDC.

IDC said this segment is poised to reach $3.86bn in 2020, driven by the desire for better security outcomes and resilient security posture among organisations in the region.

Outsourcing is no panacea

Enterprises, however, do not usually outsource all aspects of IT security, choosing to retain some in-house capabilities. As such, Shanks said CenturyLink has made its MSS offerings available as individual services.

“One of our biggest value propositions is that they don’t have to hand over everything to us,” he said, adding that enterprises can use application programming interfaces (APIs) to integrate their systems with CenturyLink’s services.

Not outsourcing everything may well be good, not only for organisations that can grow and retain critical IT security capabilities, but also to MSS providers.

Read more about cyber security in APAC

“Companies that lose their cyber security capabilities also eliminate their ability to understand what we do as well,” Shanks said.

“Outsourcing isn’t getting rid of a problem, it’s changing the way you manage the problem,” he added. “If you eliminate your staff, you’ll never perceive the value of what we do and you’ll forget why we’re here.”

With managed service providers becoming vectors through which threat actors such as APT10 can compromise victim networks, enterprises will want to know the security measures undertaken by MSS providers.

To that, Shanks said CenturyLink uses different methods to keep its customer infrastructure secure, including an advanced unified threat management framework for network protection, and software-defined networking for more advanced products.

“Credentials are also managed differently per service line but in each case, the solution is reviewed and taken care of by our corporate compliance team. The team does a comprehensive assessment of appropriate access for the appropriate resources,” he added.

Read more on Managed services and hosting services