FierceTelecom Leaders: Chris Costello, AVP of Product Management, AT&T Managed Hosting & Application Management Services

Chris Costello, AT&TAT&T continues to find a sizeable business for its disaster recovery and business continuity capabilities, and business is good. According to a recent study, 83 percent of U.S. businesses surveyed in an AT&T study said that they have a business continuity plan in place, up 14 percent in the past five years. A growing piece of AT&T's disaster recovery/continuity of operations business is cloud-based network and security services. Sean Buckley, Editor of FierceTelecom, recently caught up with Chris Costello, AVP of Product Management for AT&T Managed Hosting & Application Management Services to talk about disaster recovery and cloud computing.

FierceTelecom: Chris, tell us a bit about how AT&T targets business continuity?
Costello: The work that AT&T does spans two areas: the testing we conduct on our own that we share best practices with our customers and the other area would be the services that we provide to enable disaster recovery/network continuity solutions. In the first area, AT&T has its network disaster recovery exercise. We plan and simulate disasters in our own business continuity plans several times a year. Our next one is in San Jose, Calif. on July 13-14. During these events, we simulate large-scale disasters, network disruptions and then invite customers to learn from our best practices.

We have done this for over 15 years and have invested $500 million in that program and the equipment is maintained and deployed from the U.S., Europe, Middle East and Africa. We also have a special operations team that's prepared chemical, biological, radiological and nuclear response. At their disposal they have HAZMAT trailers, response trailers, communications vehicles first aid, security and portable generators and cooling and heating. We also have teams assisting in natural disasters over the years that provide emergency communications. For example, we deployed our services to assist the coal miners in West Virginia and have been providing assistance to the Louisiana oil spill in regards to emergency communications.

In our second area, we help customers with their own business continuity planning. The services that AT&T has in the space span a variety of areas. The areas I have the most focus on given my role include hosting solutions. We have 30 data centers around the world and can help out as can other service providers at customer premises. Generally, customers are looking for load balancing, data replication, data storage, and data backup services. More and more customers are relying on virtual services and are including virtualization in their business continuity plans. They are also looking at how cloud services can help.

One of the trends we're seeing is that customers are investing in cloud services so they can only incur expenses when they are testing their disaster recovery plan or invoking their disaster recovery plan. IT systems can be very expensive and a very expensive insurance policy if they are sitting idle most of the year. There are other services customers rely on including mobility services (e-mail, voice and texting) to communicate, call center solutions and security solutions not only for disasters, but also to meet regulatory requirements to keep out hackers, for example.

FierceTelecom: Another big area that's gaining momentum is cloud-based security services. What are the advantages of that approach, and how is that resonating with your customer base?
Costello: We see this as very important especially for the enterprise customers we serve. There are various cloud providers out there, some of which are targeting developing communities. We can serve a variety of customer shapes and sizes. As CIOs and other functional enterprise technology managers look at what applications can fit into the cloud, in a recent survey I saw that 83 percent cite security as a concern when looking at cloud services. AT&T as a service provider, along with other providers, has different security models. We include managed firewall capabilities as part of the solution and intrusion detection capabilities that allow us to detect issues right in the network so we can detect problems before they hit the data servers themselves.

A lot of customers will look for a provider that's SAS 70 Type II compliant and/or of if they have credit cards they are using for transactions for their end users, they'll look for PCI compliance as well. Looking for a service provider that has processes and data centers that have met those compliance needs. Then, of course having a center that is Tier 3 or higher or that meets or exceeds the uptime institute standards is an important criterion for enterprise clients. Then, just having the physical security guards in the data centers is very important. This is all around clients being faced with HIPAA, Sarbanes Oxley and other regulatory compliance requirements. And you open the news and you see hackers launching Distributed Denial of Service (DDOS) attacks. And you open the news and you see hackers launching DDOS attacks. Security is of the utmost importance and is something we surround our cloud services with like a moat.

Interestingly, government markets, financial services and health care are the most security conscious of any industry. Ironically, they seem to be the markets that are the most vocal and are doing the most investigation on cloud services because they see the benefits. If the service provider can prove out the security, they're apt to move services to the cloud. Another point around security is that a service provider that owns a network, and if an enterprise buys private networking from that provider, security is built right into that private networking solution and can be combined with a cloud-based provider's offer.