Level 3's Richter on Driving Demand for Cloud-Based Security

"Build it and they will come" has been the mantra for the beginnings of Level 3's cloud-based Adaptive Network Security services, says Chris Richter, the company's senior vice president of global managed security services, but these days Level 3 has shifted its focus to basing expansion on defined business demand.

Recently, Level 3 Communications Inc. (NYSE: LVLT) unveiled four new global gateways in the APAC market for its Adaptive Network Security service -- three in the APAC market and one in South Africa. Additionally, the company is tentatively planning several new gateways in the Americas to help open up the Latin America market, along with another APAC gateway in Tokyo. (See: Level 3's Adaptive Network Security Expanding to APAC, Africa.)

Here, in part one of this two-part Q&A (edited for length and content), Richter gives Telco Transformation an inside look at the business strategy and customer demand that is driving Level 3's Adaptive Network Security. In part two, look for Richter to talk more about the evolution of network security to a cloud-based model from both Level 3's perspective and the perspective of the IT sector as a whole.

Telco Transformation: How are you determining your customer demand and how to expand and further deploy Adaptive Network Security? What are the factors that are going into these decisions?

Chris Richter: It typically starts at the evolution of the sale. Because Adaptive Network Security is kind of a radical thing, what it poses to the customers is a question: "Would you be willing to abandon your next-generation firewall infrastructure that you've known and loved for a few years but you're paying dearly for because you have to replicate it at every site -- and replace it with an abstract virtualized network-based next-generation firewall that's in a location near you?"

They're not willing to go all in typically all at once. They start with a few core locations, they realize: "Hey, this works pretty well. We've been able to reduce costs, our security has improved, and we don't have to hire as many people to manage these infrastructures because it's done."

Then, very quickly, within a period of months, many of them determine: "Okay, this works, it's great, and it's living up to and fulfilling its promises. We want to go global. We want to extend this to the rest of our offices around the globe." So they come back to Level 3 and say, "We need other locations. We want to pull the rest of our global sites onto this platform."

That really is it. When we hear it time and time again, we say, "Okay, we get the message. We promised we would grow with you." So that's kind of how it starts. It's not very scientific, but there is a lot of business planning that goes behind it. And that's ultimately what we did want to hear because that was the long range for this service -- to expand with a very dense compilation of gateways around the globe. But what we're not going to do is put a gateway in some remote location and just have it sit there and age and not pay for it. We had to begin with a "build it and they will come" business proposition, but we had some pretty good, well-calculated bets on the cities that we put these gateways into in the first iteration.

After that, on the second wave, my chief financial officer made it very clear: Yeah, we will use "build it and they will come" for the first wave of gateways, but after that it's got to be driven by business. And it has been.

TT: You mentioned that customers are reducing their costs with Adaptive Network Security. What are your clients seeing in terms of the savings, the ROI, the total cost of ownership and so on?

CR: A lot of that's going to depend on the company and how much they have already invested in security. In some cases they haven't invested much at all. Very small retail chains, for example, might have a small router that's provided by their Internet service provider, and instead of using the firewall features on that small router they just point their traffic to one of the Adaptive Network Security gateways.

In other cases, customers are able to achieve a very significant ROI, especially if they're at the point where they have to do a technology refresh. Keeping them from having to buy a lot of brand-new next-generation Firewall equipment, and pay those monstrous annual maintenance fees, and instead move to Adaptive Network Security -- which we've seen happen on many occasions -- can achieve a tremendous ROI.

I don't have an ROI percentage for you because it falls within a range, but in every case customers achieve significant cost savings. And not just in equipment, but also in personnel and maintenance fees. You know, these maintenance fees on some of this higher-end equipment can range anywhere from 50% to 70% of the purchase price of the equipment per year. It's almost like buying it all over again every single year. That's what you're paying for. You're buying a chunk of metal and you're paying for the service to keep the technology refreshed and the security updated on that piece of metal. So ours is a subscription-based service that is priced by the number of gateways and the throughput that's pushed through the gateways.

We don't care how many sites are connected; whether it's five or 5,000, it doesn't matter. It's all based on how much protected throughput the customer needs to the Internet.

TT: Are you at liberty to disclose that range of customer ROI?

CR: I can't, and the reason I can't is because I don't have a reliable source. We're collecting that now. We have to go back and survey our customers to find out what their real savings has been. All we have are estimates. We haven't done the real-world analysis to get to a factual ROI.

I can tell you that the estimates range from 30% to 70% in savings, but I can't validate that until we complete our study. We are probably going to do that study at the end of the second quarter of 2018 when the customers have a track record with it and we're able to have that conversation because I think they'll be better informed with their own use cases. But it is significant. Depending upon the particular organization, 30% to 70% is probably a range that we can believe in.

Related posts:

• Level 3's Richter Talks About Enterprise Cloud 'Gotchas'
• Level 3's Richter: Simplicity Strengthens Security in the Enterprise Cloud
• Level 3's Richter: Security Is Better & Cheaper in the Cloud

— Joe Stanganelli, Contributing Writer, Telco Transformation