Making Money on Security AssessmentsBy Michael Vizard | Posted 2008-08-14 Email Print
An interesting trend in the security space is creating an opportunity for solution providers to get paid for something that they once had to give away pretty much for free.
In the early days of the security boom many customers required solution providers to give them a security assessment for free as part of the effort required to convince customers they needed a particular security product. But as the security market as evolved customers increasingly realize that security assessments are not a one time event. In order to be truly secure, there has to be a continuous security assessment process and that creates a distinct opportunity for solution providers.
For example, Verisign has partnered with Skybox Security to deliver a two-tier security risk assessment service. Skybox Security sells a software package that automates much of the risk assessment process. Verisign is using the software to deliver a network compliance service and a higher end threat mitigation service. Similarly, IBM’s managed security service unit has partnered with Skybox Security to deliver similar services and both Verisign and IBM are looking for partners to resell their service.
Of course, Skybox Security is also open to partners that want to use its software to develop their own set of risk assessment services. Of course, solution providers could partner with other companies such as Shavlik Technologies that are also encouraging solution providers to develop managed services around continuous security assessments.
Tyson Whitten, senior product manager for risk and vulnerability services at Verisign says that his company will offer the Skybox risk assessment service both as a set of stand-alone services as well has an offering that can be bundled alongside other managed Verisign services.
As the economy continues to soften, IT organizations are becoming interested in security-as-a-service as a way to cut costs. At the same time many of them can’t even find the security talent they would need to manage security on their own. What all this adds up for the channel is more opportunity for services in the security space even as the product vendors in the security category continue to consolidate as more security functionality is embedded in the network. All that’s required is distinguishing between what high margin services to sell versus just focusing on increasingly lower margin security hardware.
Michael Vizard is editorial director of Ziff Davis Enterprise. He can be reached at firstname.lastname@example.org.