Security may not be the first thing you think of when it comes to finding new customers. But Internet security consulting services have become an important channel for Terremark (TMRK). "There's no better way to start a relationship with the customer than to resolve a security incident," said Manuel Medina, chairman and CEO of Terremark.
The security business at Terremark has been boosted by its relationship with Kroll, one of the world's leading risk mangement companies. "Kroll has a stellar reputation in the computer forensics and e-discovery market," said Christopher Day, Senior VP of Secure Information Services at terremark. "Where they typically bring us in is on a compromise or intrusion where we actually have to figure out what happened."
Day's team will use server logs and disk images to deconstruct the incident and do a root cause analysis. His team's mandate often includes "being able to explain to regulators what happened and how they fixed it. You have to know exactly what happened to be able to fix it properly."
The relationship has an additional benefit when a Kroll client needs secure hosting or disaster recovery services. "They sometimes need some unique and extreme capabilities that we can bring to bear," said Day. "Kroll is my biggest channel now, and we reciprocate on customer referrals."
Internet security is becoming an even larger part of the managed hosting business. Internet attacks are continually evolving, as attackers develop new strategies and quickly refine them in an effort to stay a step ahead of web site operators and the security community. That trend has accelerated in recent months, according to Day.
Landscape Has Changed
"The security landscape has changed radically in the last six months," said Day. "Many (customers) weren't prepared for the attacks we are seeing, and the level of sophistication we're seeing." Attack vectors have also shifted, as noted by the SANS Institute in its annual list of the Top 20 Security Risks for 2007, with office and web applications being targeted along with browsers and e-mail clients.
As risks have proliferated, so have regulatry requirements, both from industry regulators in Washington and state laws requiring companies to disclose any security incidents that may expose customer data. "The game has much higher stakes now," said Day. "Now there's a huge legal penalty for a data loss."