One of the problems with setting up any kind of security practice these days is that it’s hard to really differentiate yourself. After all, just about anybody can claim to be a security expert these days, even if they don’t have anybody on staff that is actually certified by any recognized industry body. And even if they do have one or two people on staff that are certified, that doesn’t mean that everybody in the company they work for is really competent when it comes to delivering enterprise-class security.
That’s why it’s good to see CompTIA finally putting some more weight behind its fledgling Security TrustMark accreditation for solution providers. The basic idea is that solution providers that earn the TrustMark accreditation are demonstrating that their entire company is a credible provider of IT security services.
Unfortunately, most customers that buy security services have no idea what Security TrustMark and very little cognitive recognition of what CompTIA is. So the real question is to what degree security vendors will get behind the TrustMark effort to create a truly certified security channel?
Among the things security vendors could do is allocate market development funds to solution providers that gain Security TrustMark accreditation while also giving them credit for gaining the Security TrustMark when it comes to be certified on the vendor’s products.
Solution providers in the channel have been asking for some sort of vendor-neutral security certification for years. With so many vendors in the space, it’s not cost effective for solution providers to get certified on each and every product in their portfolio. Security TrustMark is not necessarily the answer to creating a meaningful vendor-neutral certification, but it is a step in the right direction. The simple fact of the matter is that security is required core competence for any solution being sold today. That means that solution providers that are winging their way through security issues are probably doing more harm than good to their customers and the industry as a whole.
Unfortunately, we live in some challenging economic times. So now may not be the best time to come up with any new mandates. But short of creating new edicts, vendors should use their economic interest to encourage solution providers to become truly competent when it comes to security. Without more focus on security, it’s only a matter of time before something bad happens to the customer. And once that happens, there’s always plenty of blame to spread around about who committed what error because they didn’t really know how to set up and configure a given product.
So rather than waiting around for the inevitable to happen, the time has come to raise everybody’s security game once and for all.
Mike Vizard is senior vice president of market strategies and content services at Ziff Davis Enterprise and a regular contributor to Channel Insider.
Commentary 
