With the shift to a more distributed workforce in response to widespready Covid-19 restrictions, many customers faced significant challenges as their firewall-based approach for centralised office-based environments needed to adapt to securing the network for a dispersed workforce.
As Chris Martin, channel sales leader for Europe, the Middle East and Africa (EMEA) and the South Asian Association for Regional Cooperation (SAARC) at A10 Networks, acknowledges: “Few corporate functions shifted priorities so much and so quickly when the Covid-19 crisis struck as corporate cyber security operations and the technology providers that support them.”
He notes that with two-thirds of UK adults set to work remotely more often after Covid, “it’s clear the pandemic will create a larger surface area for cyber attacks, and with this will come increased opportunities for cyber security specialists”.
Terry Greer-King, vice-president for EMEA at SonicWall, says the “mass shift” to home working has made everyone inherently less secure without the protection of the corporate perimeter, ushering in the era of “boundless cyber security”. He adds that before the pandemic, 84% of customers were planning to move to a shared model or fully managed security model in the near future – a move which has been accelerated by the lockdown.
With many businesses planning to keep some measure of hybrid working, the need for remote access security remains. “This time, businesses can be better prepared to meet the needs of the new normal, and they will turn to trusted MSSPs [managed security service providers] that have helped them navigate the first and worst impact,” says Greer-King.
Alison Nixon, business unit director, security, at Tech Data UK, agrees that lockdown helped accelerate an already existing trend. “Before Covid, network security was already reaching well beyond fixed geographical locations and the internal workforce,” she says. “There had already been a steady move away from a perimeter-based approach – when the lockdown came, it acted as a catalyst for accelerated change.”
Organisations that had taken a more agile approach were able to adapt much faster, as they already had the appropriate security measures in place, she remarks. “Others found it more of a challenge, and resellers had to respond quickly to help those organisations provide secure access for home workers,” she adds.
Chris Martin, A10 Networks
But for many organisations, the rapid shift to a distributed environment with so many employees working from home led to a profound change in IT security priorities. “When the pandemic first hit, many customers reacted quickly to continue operating,” says Michala Hart, director of security UK and enterprise at BT Wholesale. “Thoughts turned to survival mode, with little consideration for the future. Now, as lockdown restrictions continue to ease, we’re entering into a ‘reassess phase’ of the crisis. Businesses are beginning to take stock of their practices and modify them in light of Covid-19. Adapting IT and security strategies to address the challenges of the new normal is a top priority.”
Andy Bogdan, head of UK SMB channel at Kaspersky, agrees. “Many businesses provided a limited perimeter security solution, which meant devices located within their premises were secure, but as soon as they were outside the perimeter this was no longer the case – which is inevitable with people working remotely from home,” he says.
Firewall vendors had to adapt to offer a more universal cyber security solution. “We are now seeing a trend in which many firewall vendors are acquiring endpoint technologies that provide a more universal solution,” adds Bogdan.
Paul Flannery, vice-president for international channel sales at Epicor, warns that the rush to roll out remote solutions and get staff online faster comes with the risk of a lack of standard policies and procedures, which could lead to security problems.
“There may be many customers which have low levels of protection or centrally managed systems, which meant it was more difficult to provide protection to the newly mobile workforce,” he says. “In addition, due to insufficient awareness training, many employees were unknowingly vulnerable to threats such as phishing campaigns.”
So what can channel partners do to help customers in their move to a distributed environment and to combat the threats associated with it?
Channel well placed for security sanity checks
Tim Brown, vice-president of security at SolarWinds MSP, points to the forced shift from a “clean pipe” for network security and protection where data came from outside an organisation to inside, and vice versa, on a secure network. “This ‘clean pipe’ mentality must change. Even if companies are using VPNs [virtual private networks] for corporate access, employees are working from different locations and carrying sensitive professional data wherever they go, which creates risk,” he says.
Endpoints have become the new battlefront, he argues, so securing them is more important than ever. It’s also critical that partners see the user’s home environment as part of their domain. “The good news is that the tools MSPs [managed service providers] use are perfectly designed for expanding their security offerings to support home devices. They act independently and enable MSPs to manage home security, just as they manage office security,” says Brown.
Stuart Taylor, channel director for western Europe at Palo Alto Networks, says customers have discovered that the “band aid” remote access solutions they implemented – often legacy technologies for a quick fix – will not deliver what they need for their business to be successful in the post-lockdown economy.
“They need to digitally transform their business,” he adds, pointing out that this creates a “significant opportunity for channel partners” because customers need guidance on what is available “to suit the way they plan to approach their markets and customers”.
David Park, UK and Ireland director of channel at Fortinet, agrees that many users, in a bid to maintain business continuity, switched to a dispersed workforce environment rapidly, but in doing so may have overlooked potential gaps in the security posture and exposure of data. “It’s important partners work with customers to ensure these deployments are sanity checked and as secure as possible,” he says.
Park adds that the ongoing expansion of these environments, as many people return to workplaces, will increase the complexity of management, resource overheads and potential security risks.
Michael Wood, chief marketing officer at Versa Networks, says: “Many companies were caught off-guard by the pandemic, without proper security services in place for remote workers, scalable access to cloud and datacentre applications, and a lack of visibility into the network and security on employees’ devices.”
He believes channel partners are in a good position to “step in and advise customers on how to ensure they are never caught flat-footed again by enabling them to extend security to the home, increase application performance and gain necessary visibility to the user, all at scale”.
According to Wood, channel partners “are in the best position to advise clients on how to exploit technologies such as secure SD-WAN [software-defined wide area networking], cloud and digital transformation to keep the business running regardless of the situation”.
Perimeter security a thing of the past
BT Wholesale’s Hart says one consequence of a remote working world, where the vast majority of employees need to access resources from outside the corporate network, is that what was left of the perimeter is well and truly gone. “For channel partners and their customers, this means adopting security tools that focus not only on keeping the bad guys out, but on detecting and responding to post-compromise activity before it erupts into a full-scale breach,” she adds.
There is a need to place more emphasis on hygiene and compliance best practices such as patching, says Hart. “There’s also the human component,” she adds. “With everyone connecting from home offices and home Wi-Fi networks, the old maxim ‘security is everyone’s job’ has never been more true. Organisations now, more than ever, need to train and equip employees themselves to avoid security pitfalls.”
Michala Hart, BT Wholesale
Antony Byford, managing director of Westcon UK and Ireland, agrees that what was fit for purpose in March is unlikely to still be fit for purpose today, as one perimeter has quickly dispersed into many. “A prevention-first approach is good, but serious breaches will inevitably still happen, so having the ability to detect and respond is essential now more than ever,” he says.
“Partners should lead with next-gen security solutions capable of managing cloud data and workloads, logging and inspecting traffic, and leveraging machine learning/artificial intelligence to take automated remedial action at speed,” suggests Byford.
Westcon has boosted its security portfolio to meet this change by adding disruptive security vendors via its NGS (Next Gen Solutions) emerging vendor programme.
Rory Duncan, security GtM leader at NTT UK and Ireland, believes governance will be a strong area of focus going forward. “If you consider the challenges of BYOD [bring your own device], even prior to the pandemic, and compare it with the situation now, where everyone has their own device, we can expect to see businesses struggle to manage this arena. We’ll see a spike in shadow IT, managing this process, and in some cases locking it down will be a key challenge.”
Remote workers require remote security provision
Kaspersky’s Bogdan says the security opportunity for the channel going forward lies in how partners can help businesses redefine and reorganise their operations to accommodate remote working. “Spreading awareness, educating and empowering the wider channel is an opportunity that shouldn’t be missed by vendors,” he adds.
“The reality is most homes aren’t ready to accommodate truly secure remote working, so there’s an economic opportunity for the channel here to ensure they are,” says Bogdan. “The easiest place to get into any corporate network is through a person’s home.”
Amanda Adams, senior director for European alliances at CrowdStrike, argues that in the new world of remote or hybrid working, it’s important to have a solution that works virtually, rather than on-premise. “The ability to install, update and manage solutions to ensure customers are protected has to be delivered via the cloud,” she says.
Andy Bogdan, Kaspersky
This point is echoed by Nixon, who says customers will want their security to be provided “on a zero-touch basis, without physical meetings or installations”, so partners need to be able to set up, update and implement security solutions and managed services remotely and to monitor networks and traffic.
“That might not have been the ‘normal’ approach before March this year,” she admits. “It’s seen as entirely normal now. And just as we are operating in this virtualised manner, so are resellers and their customers. Going forward, ensuring they can continue to work effectively and securely, no matter how workers and teams are distributed, is going to be a core part of every reseller’s security value proposition.”
Nick Umney, services and solutions director at Storm Technologies, agrees that ease of deployment and cost-effectiveness are going to be the golden standard. “In the midst of a recession, and while businesses strive to recover, only a small fraction of the overall budget will be freed up for cyber security solutions, so the channel must be ready to help customers go through their recovery swiftly and without breaking the bank,” he says.
Reseller expertise vital in new normal
There is widespread agreement that partners are in a strong position to help customers with their post-Covid security challenges. James Munro, channel director at Trend Micro, is unequivocal. “With the skills gap in the UK IT sector and further pressures from Covid-19, partners have a unique opportunity to be a trusted advisor and offer value to ensure workforces, applications and business processes are secure and accessible,” he says.
Guy March, Tenable
Todd Palmer, head of global partner sales at Tanium, predicts that more and more organisations will seek “to outsource at least some portion of their security operations, either to an MSSP, or by looking to channel partners to essentially deliver a security operations centre-in-a-box. For channel partners, identifying not just point solutions, but looking at platforms that can deliver cross-functional efficiency and strong integration capability, is going to be key.”
Tunç Günergun, EMEA channel sales engineering lead at Netskope, describes the opportunity for the channel as “vast”, claiming businesses are going to have to “rethink their infrastructures as legacy security architectures will no longer work in the new working environment – but they need help with how to do it”. That help will come from the channel.
Guy March, EMEA channel director at Tenable, is equally adamant that resellers will “play a vital role” in aligning security and business leaders to better manage cyber security as a strategic business risk. “Channel partners that are able to speak the language of both business and security leaders will have the edge in helping organisations navigate the growing number of relentless cyber attacks in our post-Covid world,” he says.