The coming months will be dominated by customers wanting ICT providers to manage more of their security processes. Here, Ian Kilpatrick, EVP Cyber Security at VAD Nuvias, explains why this is an unprecedented opportunity for the channel.
The message from Kilpatrick is clear and simple: Opportunities in security are palpable as more organisations tilt towards security specialists. "The next year will see customers look to their IT providers to manage more of their security processes, and there is a host of opportunities to provide point management around a particular need or activity, as well as provide the full range of managed security services," he said. "Devoting the necessary time and resources is a challenge for many businesses, but adopting security as a managed service not only puts their security requirements in the safe hands of specialists, it also frees them up to focus on core revenue-generating activities."
Security specialists acting as advisors are in pole position to impose controls on the risks faced by organisations, which can be internal as well as external threats. "Many companies have ignored the personal cyber habits of their staff, failing to challenge and improve cyber hygiene in the office," added Kilpatrick. "There is now a significant movement towards cyber education for personal and business security, coupled with testing, measuring and monitoring of behaviour in the office. This involves training and automated testing and includes exercises such as simulated phishing and social engineering attacks. There should be processes for monitoring, reporting and remediation, as well as disciplinary consequences for failure."
According to Kilpatrick, the next five years will see cyber hygiene become one of the primary growth areas in security. He says resellers are in a strong position to offer suitable products and act as trusted advisors when outlining the issues and providing security training and solutions that give companies the knowledge and awareness they need to avoid becoming victims of common malicious attacks such as email phishing and ransomware.
"More than 60 per cent of all network intrusions stem from compromised user credentials, so education, training and the use of appropriate identity access solutions provide opportunities for resellers," said Kilpatrick. "Furthermore, board members and finance directors are becoming more aware of the need to manage security risks and are prepared to shift their thinking on the importance of security. They are increasingly demanding a clear picture of the threats to their company and the potential impact on their own roles and responsibilities, as well as looking for advice on what action to take in the event of an attack."
Never has the channel been in such a powerful position to gain a stronger foothold in meeting the growing security demands of organisations. Why? Because taking a proactive approach and being extra vigilant is the order of the day for those at risk. But the challenge for resellers is to pick the technologies that are going to grow, rather than the technologies that are well known (where the margins are typically lower), pointed out Kilpatrick.
"The market is overcrowded with an excess of VC-funded vendors," he claimed. "The place to start is with a value added distributor that knows the market and has selected the most likely high growth, winning security vendors."
The security market is a boon to ICT resellers who also have the power to harness the course of technological innovation in areas such as mobility, IoT, wireless and the cloud, observed Kilpatrick. "While there are lots of new risks such as IoT and AI security, the first place for any business to start is to examine the key areas that need to be protected such as critical data, customer lists and financial information," he added. "This should be the starting point for any security strategy. Companies should begin by putting together a plan and implement it by degrees over time to help protect their key assets."
Kilpatrick also noted that organisations should avoid getting side tracked by short impact high profile threats such as wannacry. "While responding in knee-jerk fashion to well publicised threats such as wannacry is not recommended, there will continue to be a regular stream of such high profile breaches in the next 12 months," he said.
"They get managers thinking about whether their own systems could suffer the same fate, prompting them to re-examine their current security measures and seek to improve them. Senior managers do not want to be publicly scrutinised for security failures, which often come with a call for those responsible to be sacked. And there is more willingness to view security as a business risk which needs to be managed alongside other risks, and to take action on improving security."
A big talking point is the potential impact of the General Data Protection Regulation (GDPR) which is due to come into force on 25th May next year but has only just started to blip on the radar screens of business leaders who are now becoming aware of the tough new law and the hefty penalties for non-compliance. "With the real threat of significant fines hanging over their heads and the possibility of being named and shamed, companies are going to be galvanised into action on security," commented Kilpatrick. "There is an opportunity for the channel to help customers get ready for GDPR, notably around solution selection and implementation, code of conduct management and compliance certification."