Security Opportunities Abound for VARsBy Pedro Pereira | Posted 2005-07-11 Email Print
Re-Thinking HR: What Every CIO Needs to Know About Tomorrow's Workforce
Opinion: VARs and integrators must advise customers on security threats and how to address them if they are to seize one of the most promising ongoing IT business opportunities.The term "security" is thrown around frequently in the IT channel these days, and with good reason. Security is one of the most promising business opportunities for VARs, integrators and service providers.
But figuring out how to seize the opportunity is where it gets complicated. The perception of many end users notwithstanding, security is not just anti-virus and firewall.
A lot more goes into protecting data. Depending on the size of the network and the data within it, security may even involve sophisticated identity management and data-access systems that employ single sign-on technology, smart cards and biometrics.
Securing data is, in fact, so important to today's businesses that Congress has passed several comprehensive laws to protect data from improper disclosure.
Those laws, such as the Sarbanes-Oxley Act and the Health Insurance Protection and Accountability Act, typically have more relevance to large companies, which have to make sure they comply with the regulations.
Small companies, particularly in health care, also may have to comply with those regulations. But a lot of small businesses that fall outside the jurisdiction of these regulations may not realize they, too, need to protect their data. If they use the Internet in any way as part of doing business, they are at risk.
VARs, integrators and service providers must make sure their customers understand this.
A breach can lead to the loss of business-critical data, the repercussions of which can be catastrophic. According to research firm Gartner Group, about 50 percent of businesses that face data loss from an attack or system failure go out of business within three years if they fail to restore the lost data within 24 hours.
IT trade association CompTIA, of Oakbrook Terrace, Ill., reported in June that 56.6 percent of 500 organizations surveyed said they had suffered a browser-based attack during the past year, up from 36.8 percent of those polled the previous year. It was the third consecutive sizable year-to-year leap. Two years ago, the number was 25 percent.
By comparison, CompTIA found that the number of virus and worm attacks leveled off to 66.6 percent, down two percentage points from the previous year. Despite the slight drop, these attacks remain an enormous problem; it is estimated that one in every 100 e-mails contains a virus.
For channel companies, the constant security threat opens opportunities to provide technology and services to customers, ranging from desktop security to firewalls to data protection in complex environments that require setting access policies specific to groups of users and applications.
It is up to VARs, integrators and service providers to spell out to customers the magnitude of the security threat, and recommend courses of action for implementing the appropriate security architecture, setting policies and installing the necessary equipment and software.
And keeping in mind that the security threat evolves constantly as hackers get more sophisticated and new viruses and worms become immune to existing anti-virus systems, the VAR's involvement in a customer's security infrastructure does not end with the implementation.
Ongoing monitoring, auditing and updating of the security infrastructure are imperative, and can be accomplished efficiently through managed services. Managed services allow the service provider to take over remotely part or all of a customer's IT functions. Managed services have the appeal of recurring revenue; a VAR or integrator could earn from hundreds to tens of thousands of dollars monthly for delivering IT services as a utility.
VARs and integrators that lack enough security expertise or the resources to invest in it should partner with others who do.
As long as there is data accessible through the Internet and unauthorized people trying to figure out how to get to it, security will remain big businesses for the channel.
The trick is to get customers to understand the need and allocate enough resources to take care of it.
Pedro Pereira is a contributing editor for The Channel Insider. He covered the channel from 1996 to 2001, took a break, and now he's back. He can be reached at firstname.lastname@example.org.
Check out eWEEK.com's for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzer's Weblog.