Bolstered by the frame-of-reference to a previous survey, IBM said today that carriers around the world are starting to see security for IP-based services less as a hindrance to service rollout and more as an opportunity to provide security services to its customer base. They just don’t all have a plan for how to realize it.

A survey conducted by IBM Internet Security Systems (ISS) last year revealed that 55% of top-tier carriers felt security concerns were strong enough to impede their rollout of new IP-based services. A new survey released this week showed a decline in that mindset; only 36 % of survey respondents said security concerns were hindering their rollouts of IP-based services.

IBM determined that the 2007 State of Security for Global Telecommunications Carriers survey marks a turning point in how carriers weigh the pressure to rush to market with new services despite security risks and their willingness to address them up front. Eighty-seven percent of respondents said next-generation networks would fail without strong security. And they see mobile endpoints and the IP multimedia subsystem (IMS) as the areas of the network most vulnerable to attack.

The survey was conducted at IBM’s Carrier Security Summit recently where about 65 carriers form 15 different countries attended. “Last year, the discussion was about what should be done; this year, it was more about carriers saying, ‘Here is what we are doing,’” said Clarence Morey, director of carrier strategy at IBM Internet Security Systems. “And the survey data backs that up.”

The survey left little doubt, if any were left, that the migration to IP was imminent. Eighty-five percent of respondents said they will roll out an IP-based architecture in the next five years. However, despite the recognition that security is important, only 46% said they had strategies in place for mitigating security risks.

IBM has an offering called the Unified Security Environment for Telecommunications. It is a hybrid of hardware, software and services that help enterprises and carriers protect their networks and applications from online attacks. It also will help carriers offer in-the-cloud security services to enterprises. The solutions use components from IBM Tivoli, IBM BladeCenter preemptive intrusion prevention capabilities from IBM ISS. Last year, 49% said they did not have the core competency to offer managed, or “in-the-cloud” security services. Today, 77% of survey respondents said they have a strategy in place for offering in-the-cloud security services.

Meanwhile, while carriers rush headlong into the world of IPTV, only 2.5% of those responding to the survey said IPTV rollouts are “very secure.” Ninety-two percent said a hacker with moderate technical knowledge could compromise IPTV.

This is an example of how carriers recognize the security threat, but also that they live in a new environment where time-to-market also is important. “Some feel the NGN movement is so significant, they can’t wait to hash out the security strategy soup to nuts,” Morey said. “They feel they need to start moving on services now and kind of build the truck as it’s moving down the street. That’s a big change for carriers who have had the luxury in the past of taking the time to shape their strategy before implementation.”