When it comes to IT security, danger lurks everywhere. Threats come in the form of garden-variety viruses, worms and spam, as well as more sophisticated forms of intrusion such as spyware and hacking.
But that's not all. IT security these days also requires formulating strict data-access policies to comply with federal regulations to protect sensitive information. And when remote-access and wireless connections are at play, additional layers of security and access control become necessary.
End-user organizations are beginning to get a sense of the full scope of the security need, and some are even allocating more of their IT budgets to security, say VARs and integrators. But many, if not most, still have a limited understanding of the need for airtight data protection.
"For many customers their consciousness stops at needing to install a firewall, implementing virus protection, and e-mail security," said Bill Riddick, president of Computer Service Partners Inc., in Raleigh, N.C.
Riddick's company is one of the many VARs and integrators evangelizing the need for customers to think of security as an ongoing project that entails assessment, prevention and remediation.
Often customers buy a security solution, have it installed, and assume that by doing so they have disposed of their security issues, said Chris Redshaw, president of Future Vision Inc., also in Raleigh, N.C. Then a new virus hits or a more sophisticated hacker exploits a breach, and customers wonder if they've been had.
Future Vision conducts assessments free of charge and draws up a report with recommended actions and time frames for addressing issues. If the assessment turns up six issues, it may be that only one or two represent an immediate need, while the others can be solved later, Redshaw said.
The assessment is important because it exposes problems the customers don't even know they have.
Through assessments, a VAR can determine if the customer has appropriate protection against outside intruders, figure out where data resides and travels, and ensure that internal users' access to data is restricted according to their need to know, said Ray Morton, director of technical services at Daly Computers in Clarksburg, Md.
"The security for a computer is only the tip of the iceberg," Morton said.
Often customers don't realize they need these assessments, or they put them off for budgetary reasons. The result is exposure through breaches that sometimes are exploited by outside intruders or even internal users that may or may not be acting maliciously.
Managed e-mail security providers woo VARs. Read more here.
VARs and integrators see security as one of the major ongoing business opportunities in the IT channel. Security projects help move product, including software, storage and servers.
But, more importantly, security opens the door to recurring revenue potential for VARs and integrators that bundle security installations and maintenance with managed services contracts. Such contracts are increasingly popular in the small and midsize market space, where companies that can't afford their own IT departments outsource those functions to a solution provider.
"We offer customers several layers of network defense and solutions that scale to their businesses," said Tommy Wald, president of Riata Technologies Inc. in Austin, Texas. "Managing these solutions on behalf of customers has become a mainstay in our managed services practice."
PMV Technologies of Troy, Mich., also offers security as part of managed services, said Executive Vice President Scott Goemmel. Under managed services contracts, PMV takes over all or part of a customer's IT department and, therefore, is responsible for running and protecting the customer's systems.
"We're accountable and we've structured our program so we share the risk with our customers," Goemmel said.
For small and midsize customers, having security handled as a managed service is a cost-effective way to ensure that experienced engineers with the proper certifications are watching over their systems, Goemmel said.
For PMV, it is also cost-effective because managed services afford the company a level of install-based consistency that would not be possible in traditional settings. So when an anti-virus update or firewall patch is needed, getting it to managed-services customers becomes easier, Goemmel said.
VARs and integrators have identified the SMB market as a growth opportunity for security. As the level of technology that small and midsize companies adopt increases in sophistication, so does the need for data protection.
Sometimes that need doesn't become evident to the company until a breach occurs. Market research firm Yankee Group Research Inc. reported that up to 33 percent of SMBs have experienced business disruptions because of security issues, and 87 percent suffered a security breach in 2004.
Click here to read about how VARs are making the transition to managed services.
For an increasing number of customers such as VARs and integrators, be they smaller businesses or large enterprises, controlling access is becoming a priority.
A lot of business is being driven by Federal regulations such as the Health Insurance Portability and Accountability Act, which deals with the confidentiality of medical records, and the Sarbanes-Oxley Act on financial disclosures.
Health care providers, government agencies and financial institutions have embarked on identity management projects to control access to critical data, in some cases making use of smart cards, single sign-on solutions or biometrics. A new crop of ThinkPad notebooks from the Lenovo Group (formerly IBM Personal Computing Division) includes a fingerprint scanner.
"Biometrics are starting to catch on. The big thing is the price, and that is coming down," Daly Computers' Morton said.
Riddick of Computer Service Partners believes products such as the biometrics-equipped ThinkPad hold a lot of promise. "It's an interesting alternative," he said.
Be it biometrics or smart cards to control access, regular software updates to fight viruses and worms, or increasing server and storage capacity to accommodate security needs, protecting data is critical to today's business. And while too many organizations haven't done enough to protect themselves, VARS and integrators are pleased that the level of awareness is increasing.
Tech Analysis 
