It’s a necessary gambit for an ocean-ship of a company (2006 sales: $63 billion) in an industry that faces new competition and downward pricing pressure, the result of the excess telecommunications capacity laid during the late 1990s and early 2000s. “The carriers are looking for ways to differentiate themselves so they’re not just competing on who’s got the cheapest bits per second, and they’re also looking for ways to stop the decline in dollars per bits per second,” says John Pescatore, a vice president of the IT research firm Gartner.

According to Pescatore and other observers, AT&T is farthest along in the journey of telecom companies to position themselves as security providers—although competitor Verizon took a huge leap forward in May, when it announced that it was acquiring Cybertrust, one of the country’s biggest names in information security, for an undisclosed amount. Verizon said the acquisition would add 800 employees to its 300-person information security team, along with expertise in computer forensics and identity management and a solid presence in Asia.

The growing security ambitions of telecom companies could have a profound impact on how “security” is packaged and sold—by stand-alone security companies or by network or IT providers; to CSOs as stand-alone services or to CIOs within a bundle of other services; as products or in a software-as-a-service model. What’s more, the outcome of what AT&T is attempting could influence the very future of the Internet as a free and unfettered, if increasingly dangerous, communications platform. The question is whether the strategy will pay off—whether AT&T’s vast customer base really wants to pay extra for an Internet as safe, banal and micromanaged as a shopping mall.

Bruce Schneier, whose own security company was purchased last year by the United Kingdom’s largest telecom carrier, BT, says that right now, it’s not the telecom industry’s role to stop bad traffic. But if a telecom company can make it profitable to do so, that role will change. And fast. “They’ll do it if it makes them money,” says Schneier, chief technology officer of BT Counterpane. Until then, he believes, Internet carriers have little incentive to clean up the Internet. Why should they bother? “Bandwidth is cheap.”

Thinking of Telcos as Security Companies
The idea of a telecommunications company acting as a security provider is nothing new. For years, telephone companies and Internet service providers have used their existing relationships with businesses to spread security services onto the network connectivity that’s their bread and butter. Gene McLean, CSO of Telus, the $7 billion Canadian telecom company, says security services have always been part of his company’s offerings; they’ve just never really been marketed. “When we’re dealing with big clients or government contracts, then we put on our security consulting hat,” McLean says simply. “We look at it as a differentiator.”