Taking the EZ Street A New Business Model for Cloud-Managed Wi-Fi 339 N. Bernardo Avenue, Suite 200, Mountain View, CA 94043 www.airtightnetworks.com 2008 2014 AirTight Networks, Inc. All rights reserved.
Executive summary Introduction...2 Not all Clouds are Created Equal...3 Multi-tenant, hierarchical, location-based architecture...3 Massive scalability and Virtualization...3 Fault tolerance...4 Security Becomes an Opportunity...5 Security Breaches are Costly (and Common)!...5 Who are the Victims?...5 Wireless Increases Risk...5 Integrated Analytics...7 Achieve shorter sales cycles and more predictable revenue...7 Move Upstream to Higher Margin Services...8 Unlock new budgets...8 Minimize Risk...8 Eliminating Provisioning Pains with PreFlight...9 The AirTight EZ Street Program...10 Introduction It may come as a surprise but enterprises, both large and small, no longer need to buy wireless networks. The migration to cloud-based WLAN solutions signifies a fundamental shift from making large in-house investments in equipment, infrastructure, and technical staffing to adopting a different operational model where more Wi-Fi functionality, and the upfront investment of delivering them, will be provided by VARs and MSPs. Advancements in cloud data centers and virtualization have reduced the effort of developing and maintaining remote servers for WLANs, but the fundamental financial and technical burdens have not gone away. Unless resellers are already equipped with an MSP-class infrastructure capable of supporting hundreds, thousands, let alone hundreds of thousands of customers and locations, the challenge of creating profitable cloud-based WLAN services can be intimidating in terms of capital requirements, cash flow, and technical support. This white paper will address the fundamental challenges resellers face when offering cloudbased enterprise Wi-Fi and how to leverage currently available solutions to minimize up front investments and staffing requirements, shorten sales cycles and time-tomarket, and build a growing stream of recurring revenue using off-the-shelf wireless applications and services. 2
Not all Clouds are Created Equal The ability to provide profitable cloud-based WLAN services starts with the quality and scalability of the cloud services themselves. Whether fully outsourced to a public cloud provider or built from the ground up and hosted on site, unless the cloud is designed to enable resellers to easily support a diverse and distributed customer base, it will quickly become unmanageable and too costly to scale. The following are basic requirements to ensure a sustainable cloud-based business model. Multi-tenant, hierarchical, location-based architecture Being able to scale cloud services to a growing customer base requires more than simply adding more capacity. Duplicating server costs and maintenance, increasing staff, and adding management cycles every time a new customer comes on board are unsustainable. Instead economy-of-scale must be a fundamental strategy when providing cloud WLAN services. Multi-tenancy As simple as it may seem, being able to support multiple customers efficiently requires a purpose-built multi-tenant management system. This enables system level administrators to manage all of their customers from a single console while at the same time allowing individual customers or technicians to administer their own portion of the infrastructure without compromising the security or configurations of other customers. Hierarchical location-based architecture In addition to being able to host multiple customers, managing hundreds or even thousands different configurations, locations, and devices requires a hierarchical structure to ensure efficiency, consistency in configuration and service, and ease of managing updates. A true hierarchical system operates like nested file folders on a computer. WLAN locations, devices, and configurations can be organized based on multiple-level, parent-child relationships. With a hierarchical system, the organization does not have to be limited by location. It can be structured based on different company divisions, brands, customer types, or any way a company chooses. Not having a hierarchical system is like having a computer file system without folders. Finding and managing WLAN assets and configurations without such a logical structure would quickly run out of control if you had to support many different customers and their respective devices. Massive scalability and Virtualization Virtualization of the Wi-Fi management plane demonstrates a clear advantage of the cloud both in terms of scalability and cost. Some cloud vendors however continue to use dedicated hardware servers inside their data centers. In addition to being inflexible due 3
the fixed capacity of dedicated servers, the only way to scale this model is to provision additional hardware each time the customer base grows. This is extremely expensive and unsustainable. A virtualized server environment is preferred for MSPs and resellers because it maximizes available capacity and has the flexibility to accommodate many customers as well as large and small customers. For example, a single server instance may be able to support many small tenants (customers) making full use of its capacity. Likewise, if a customer is so large that a normal server instance is not enough, being able to merge multiple virtual servers into a single large server instance allows seamless and fully transparent expansion to any size needed. Multi-tenant cloud architecture enables flexible provisioning of virtual server instances to support multiple customers of any size. Fault tolerance Having greater than 99.9% availability for the cloud management plane requires meticulous maintenance plus failover redundancy. Also, the use of dedicated server hardware can be costly and does not optimize use of available capacity. Server virtualization, with co-location in multiple cities and continents, is not only more efficient but it significantly minimizes the risk of downtime while reducing redundancy costs as much as five to one. AirTight cloud servers operate in seven data centers worldwide providing excellent redundancy as well as providing more options for enhancing performance and scalability based on geographic location. 4
Failures of WLAN servers hosted inside a top-rated cloud data center are extremely rare or non-existent. However a more likely downtime situation occurs when the Internet connection between the access point on the customer s premises and the remote cloud server goes down. If the access points rely on a cloud server or controller for operation and the connection goes down, Wi-Fi service will cease. A better solution is to have controller-less intelligent access points that can operate autonomously in the event the connection to the cloud server fails. For example, if the Internet connection to an AirTight cloud server is interrupted, AirTight access points will continue to deliver 100% of their local Wi-Fi and wireless intrusion prevention system (WIPS) functionality without interruption. When the Internet connection is restored, the access point and server will sync any security data and management-related information accumulated during the outage. Security Becomes an Opportunity A clear advantage of cloud-managed WLANs is that access points can be managed remotely rather than with visits from IT technicians. However, ensuring compliance with security standards and being able to protect every location from rogue devices and intrusion requires WIPS security that can prevent breaches automatically without the aid of an onsite IT staff. For resellers and MSPs, providing cloud-managed security presents a lucrative opportunity in one of the fastest growing market sectors. With the recent spate of high profile security breaches, the security market shows no signs of abating. Over 82% of organizations have had a data breach involving sensitive or confidential information (Source: CIOinsight). The average cost of a data breach is cited at $214 per record (Source: Ponemon Institute) Security Breaches are Costly (and Common)! According to the Ponemon Institute, security breaches cost as much as $214 per individual record. Even a small breach of several hundred records may cost considerably more than proactive measures that could have prevented them in the first place. $73 Direct Costs $214 Security Breach Cost per Record Source: Ponemon Institute $141 Indirect Costs Notification Call Center Identity Monitoring Identity Restoration Discovery/Data Forensics Loss of Productivity Restitution Additional Security and Audit Requirements Lawsuits Regulatory Fines Loss of Consumer Confidence Loss of Funding 5
Who are the Victims? Security breaches affect every type of business and organization large or small and according to the Verizon Business Data Breach Investigation Report, the distribution of incidents is fairly evenly distributed as indicated below. 37% Financial organizations 24% Retail environments and restaurants 20% Manufacturing, transportation, utilities 20% Information and professional services firms 38% Larger organizations Wireless Increases Risk The ubiquity of wireless devices and users makes the physical networking environment even more difficult to protect even in no-wireless zones. As a result, network security policies are nearly impossible to enforce without an effective wireless intrusion prevention system (WIPS). The wireless industry s top rated WIPS comes fully activated with every AirTight WLAN system at no charge to the reseller. This powerful security feature can be sold to customers as a value added service moving them beyond inadequate checklist compliance to having comprehensive vulnerability assessment and protection including the following: Intelligent behavioral analysis Faster and more reliable than using manually compiled white lists, lookup tables, and signature profiles Automated classification Patented Marker Packet technology provides immediate and definitive identification of authorized, rogue, and external (non-threatening) devices and connections 24/7 protection from wireless threats Enables safe blocking of unauthorized connections without fear of incorrect responses or risky inaction due to false positive and false negative results Precision location tracking Simplifies location and removal of rogue devices from your premises Security and compliance reports Automatically generate and distribute richly detailed reports and compliance assessments including PCI DSS and HIPAA. 6
Example wireless threats in networking environments Providing wireless security services, such as WIPS protection, security assessments, and detailed security compliance reports (e.g. PCI DSS and HIPAA), can provide additional recurring revenue for the reseller while significantly reducing the customers exposure to costly security breaches Integrated Analytics Now that Wi-Fi is a standard feature in all new smartphones, WLAN operators are now in a position to be able to collect both anonymous traffic data as well as opt-in visitor information directly at each location. Several WLAN vendors are beginning to offer varying degrees of analytics services, usually as a third party option, with limited social network capabilities. Typically these offerings are provided for an extra fee and ownership of the data collected often belongs to the third party analytics service provider rather than the user. Retailers and Wi-Fi service providers can build and monitor in-store marketing programs based on analytics that compile visitor presence and social media sign-in statistics. 7
Because AirTight provides its own analytics and social media integration, it does not have the limitations imposed by third party developers. Advantages of the AirTight system include: No third party costs. AirTight analytics services, as well as any data collected, are included at no extra cost to the reseller More social Wi-Fi sign-in options Most vendors offer only Facebook. AirTight offers Facebook, Google+, LinkedIn, and Twitter with more to be added in the future MSPs and resellers can provide AirTight s analytics and social network sign-in as value added services to their customers while keeping 100% of the revenues that these services generate. Achieve shorter sales cycles and more predictable revenue Despite the introduction of virtualized cloud-managed services and the commoditization of Wi-Fi technology, the concept of selling boxes persists as the business model of choice by most Wi-Fi vendors. This approach requires up front investments by distributors, resellers, and ultimately the customers leading to long equipment sales cycles as well as complicated licensing and maintenance agreements. A much simpler and reseller/customer friendly approach would be a full OPEX model that provides cloud-managed services for a basic monthly fee without the upfront costs, maintenance, and administrative burdens of actual ownership. The full OPEX option, available only from AirTight Networks, enables resellers to build a steadily increasing stream of recurring revenue and the ability to sell additional value added cloud services using the apps and tools AirTight provides at no charge. It also makes it easier for customers to justify the new Wi-Fi solution because no upfront investment is required and AirTight s cloud services cost substantially less than any equivalent service the customer or reseller can develop and maintain on their own. Move Upstream to Higher Margin Services The commoditization of Wi-Fi technology and performance also reduces the perceived value of the hardware itself forcing both vendors and resellers to investigate other value added options to justify higher margins. The future of cloud-managed Wi-Fi is inevitably moving towards providing applications and value added services above and beyond basic wireless connectivity. 8
To lock into this trend, AirTight Networks has developed Mojo Studio, a comprehensive and fully-integrated applications and services suite for its cloud-managed Wi-Fi. Mojo Studio enables resellers to do the following: Customize guest Wi-Fi by leveraging BrandBuilder a splash page designer for customizing brand elements and the visitor experience Combine rich data analytics with social Wi-Fi to build targeted customer loyalty programs at the point-of-purchase For retail customers, measure store performance against KPIs and maintain optimal staffing levels through visibility into customer traffic, dwell times and engagement patterns Use preflighted AP configurations with all features and security activated right out of the box for true plug-n-play deployment by non-it staff Provide automatic updates for new apps, services, and security Move beyond tactical break-fix to proactive and strategic threat prevention by offering wireless vulnerability assessments using AirTight s top rated WIPS solution Provide RF planning and troubleshooting services using included AirTight Planner and WizShark tools Unlock New Budgets With the rise of big data and mobile social media, customer digital interactions have become increasingly important to business growth. As such, digital marketing is now a fundamental driver of IT purchases. Gartner Research predicts that CMOs will outspend CIOs on IT by 2017. Unlock your customers CMO budgets by tapping into this digital consciousness to help them build targeted loyalty programs and guest services. Minimize Risk The MSP business is not for the timid and the life expectancy of an MSP startup can sometimes be measured in months rather than years. MSPs, and resellers who provide services, often struggle to increase their subscriber base to offset fixed costs. Solution providers that overlook cash flow while transitioning to services can easily find themselves in the red. To help de-risk this transition, AirTight developed a purpose-built program named EZ Street that cuts down on upfront investments and allows resellers to maintain minimum staffing levels while immediately enhancing the variety and delivery of services offered. 9
Eliminating Provisioning Pains with PreFlight In addition to the equipment itself, one of the highest costs of WLAN provisioning is configuration and installation. Unless an enterprise has IT staff with sufficient time and experience to undertake detailed configuration, the majority of the most sophisticated access point features will be unused or underused. If this includes critical security features, the WLAN will be open and highly vulnerable to attacks that can go unnoticed for a long time. To eliminate tedious configuration and to ensure all key features and security are implemented successfully before deployment, AirTight has taken its plug-n-play architecture to a new level by preflighting its access points. With preflighting, each access point is delivered to the customer pre-populated with best practice Wi-Fi configurations and security settings developed by AirTight from its decade long experience covering tens of thousands of deployments. This eliminates laborious, multi-screen configuration required by other WLAN vendors. Changes to the preflighted configurations including custom settings are easy and most do not require skilled IT technicians to implement. AirTight PreFlight includes best-practice settings for specific industries 10
The AirTight EZ Street Program EZ Street is an AirTight Networks program designed to help WLAN resellers provide MSP-class cloud Wi-Fi services with minimal technical effort and no upfront costs. The program bundles the following components completely free of charge to the reseller. Access to Mojo Studio AirTight s cloud Wi-Fi applications and services suite Special OPEX pricing on AirTight access points Sales and technical certification training Access to the AirTight partner portal and EZ Street community Business analytics and customization tools Automatic system updates Why take the Hard Road? AirTight Networks is the only vendor in the wireless industry that offers a fully OPEX purchasing model, preflighted plug-n-play access points, and a full suite of strategic value added applications and services. HARD ROAD WLANs done the traditional way High CAPEX investment Uneven revenue stream Requires configuration from scratch Difficult to scale Partner managed servers EZ STREET WLANS done the AirTight way Easy OPEC pricing Steady recurring revenue Preflighted, out-of-the box configurations Scales to many customers AirTight managed cloud High maintenance effort Limited services Serve FEWER customers with MORE effort Zero maintenance effort Strategic services and applications Serve MORE customers with Less effort Free Reseller Training (with Product Certification in Less than Three Hours) Successful businesses are still about investing in the people behind best of breed products. To that end, AirTight has democratized its high value cloud services further by seriously streamlining its partner training and certification program. You are the ultimate arbiters of just how plug-n-play our architecture actually is and can now take our online courses or instructor-led training at a city near you and be certified in under three hours. At no cost. Easy enough yet? 11
About AirTight Networks AirTight Networks is a global provider of secure Wi-Fi solutions that combine its patented and industry-leading wireless intrusion prevention system (WIPS) technology with the next generation cloud-managed, controller-less Wi-Fi architecture. This unified approach allows enterprises for the first time to benefit from Wi-Fi access while concurrently protecting their networks 24/7 from wireless threats at no additional cost. AirTight s customers include global enterprises across virtually all industries and range from those who overlay AirTight WIPS on top of other WLAN solutions, to those who leverage the AirTight Cloud Services to manage AirTight Wi-Fi, WIPS, and regulatory compliance (e.g., PCI) across tens of thousands of locations from a single console. AirTight owns 29 granted U.S. and international patents on WIPS and cloud-managed wireless security, with more than 20 additional patents pending. For more information, please visit: www.airtightnetworks.com. Sign up now To join the EZ Street program and begin selling the industry s best value in cloudmanaged Wi-Fi immediately, visit www.airtightnetworks.com/ezstreet. AirTight is a registered trade mark of AirTight Networks, Inc. AirTight Networks, AirTight Networks logo, AirTight Cloud Services and AirTight Secure Wi-Fi are trademarks. All other trademarks are the property of their respective owners. AirTight Networks, Inc. 339 N. Bernardo Avenue #200, Mountain View, CA 94043 T +1.877.424.7844 T 650.961.1111 F 650.961.1169 www.airtightnetworks.com info@airtightnetworks.com White Paper: [Doc ID: ATN-WP-0314-001-00-EN] AirTight Networks and the AirTight Networks logo are trademarks, and AirTight is a registered trademarks of AirTight Networks, Inc. All other trademarks mentioned herein are properties of their respective owners. Specifications are subject to change without notice. Comprehensive Cloud-Managed Wi-Fi