Telecom Asia: There's been a great deal of talk about ubiquity. How important will it be in the near term?
Scott Kriens: We believe there's going to be a ubiquitous network, it will be a single infrastructure, it will carry multiple services, it will be very intelligent, it will enhance our lives. That will all be true some day. The observation that that it is true is meaningless. The issue is when will what elements within that grand claim be true and what will it mean when they are. It is the path to how one gets there that is where all the real opportunities lie.
One of the reasons for the acquisition of our security portfolio is that we believe that the key enabler to making it all happen faster is that you have to trust the network to use it more. That is one driver. It not only has to be secure, but it also has to be assured--it has to be reliable and has to be able to deliver the quality for the video signal that I'm going to drive across it.
How will it happen? The way the Internet got to scale was simply by dividing everywhere--that way it didn't have to happen in any one place. Ubiquity will happen in the same way. Pockets [of IP infrastructure build-outs] are popping up and establishing themselves and they will all look to connect. Major commitments to rolling out IP infrastructure already include moves by China Telecom, NTT East and West, Deutsche Telecom, MCI and Verizon. This peer-to-peer nature of the arrival of the Internet is going to be exactly the way the next generation of applications that will build on top of it will come into existence. Then we can create some standards to put some order to the chaos.
You said in your briefing to analysts in early November that network threats are increasing and becoming more malicious. Who do you think is responsible for solving security problems?
The answer is everyone and no one, so therein lies the problem. The difficulty is it's a very diverse threat. A sad parallel if you were to look for an analogy is that it's basically network terrorism, with many of the same challenges as fighting terrorism. The question is whether the government is better suited for that or should we protect ourselves. But it's not as though the government could do it if they chose to intervene--they'd be equally powerless. They'd just muck up the work with a bunch of bureaucracy.
Another analogy can be borrowed from the Wild West days in the States. In those days, outlaws come down out of the mountains and took your stuff when you went from town to town. The law usually didn't do much about it, they just protected the town. If you left town, it was up to you to arm yourself. We're in exactly the same situation in the network today. If you go out looking around, you'll probably have someone come down and try to do harm, and nobody is going to go after them. That's not to say the FBI and other cyber-threat response efforts aren't underway. But realistically, as a percentage of the total it's very small--it's like having a posse go out and look for the bad guys. They'll probably catch a few, but it's not much of a deterrent.
It's a very real problem without any immediate or simple answers, let alone cost effective ones.
What is the catalyst behind Juniper's move to an integrated approach to security from the more common siloed approach?
Functional need is what drives it because there is no siloed model that works. There was a time when just out of sheer emergency customers were more willing to buy point solutions because they had to do something to counter the threat. The problem of having gaps between the different point solutions making the problem worse not better doesn't really surface with the first one or two you buy. It surfaces after you buy four or five and then you have three or four gaps. That's kind of what's happening-the first response to the threat has not solved it so people are pausing before they simply do that again or do more of it. So the question arises: What am I going to do then?
Our drive is integrated in one sense, but it's a much more comprehensive approach to the problem. The thing about using the integrated word is sometimes it means compromising on the quality of each point along the integrated effort, which you really can't afford to do. An integrated vulnerable solution is no better than fantastic point solutions with vulnerability between them. You have to start with best-in-class building blocks and then do best-in-class inter-operability and connection of them, which are the marching orders from upstairs here [Sunnyvale] where most of the work goes on.
How has your acquisition of NetScreen impacted your focus on security?
One of the things we've done as a result of the acquisition is to increase dramatically the resource commitment and development investment in the portfolio to address and solve some of these security issues. NetScreen was investing about $14 million per quarter in security product portfolio capabilities and now that number is over $22 million per quarter. That has been the major consequence.