In-depth: Pitch cuts in cost and complexity

Resellers must be sensitive to budget-strapped businesses facing sophisticated threats, writes Amro Gebreel.

business concept.jpgResellers must be sensitive to budget-strapped businesses facing sophisticated threats, writes Amro Gebreel.

It will come perhaps as little surprise that, when you ask security vendors how their reseller partners should be pitching to customers, the initial response is that it involves talking about consumerisation and the cloud.

Security concerns about the cloud have never really disappeared and still need to be dealt with by resellers and consumerisation is an issue that employers of all shapes and sizes are having to deal with.

Talk about those two areas and doors should open if the pitch is informed and backed up with accreditations and the right solution.

"Customers aren't going to come to you and say 'I have a problem with consumerisation', more likely it will be 'I've got a problem with iPads, or Dropbox'. This is an opportunity for you to broaden the conversation and help your customer deal with all the consumer technologies his users are bringing into the workplace," says Peter Craig, senior product marketing manager, EMEA at Trend Micro.

"Consumerisation and cloud solutions enable agile security resellers to get in front of a new set of security buyers, the datacentre team, and grow their business by solving these prevalent challenges," he adds.

The cloud debate is also twinned with customers' desktop virtualisation ambitions but when it is considered alongside consumerisation, the feeling is that whether data is going into the cloud or being accessed via staff iPads, it presents a less secure environment at the moment.

That view is echoed elsewhere and, in the face of the unstoppable tide of consumerisation, the emphasis is on achieving the right balance to ensure employees have a degree of flexibility without compromising the network.

"Network security and IT professionals recognise the importance of striking the right balance between security and accessibility, but it's down to companies like ourselves and our channel partners to support them as they work through the many challenges and advise them on the opti-mum approach for their business," says Tom Murphy, head of marketing for Bradford Networks.

"Even at the most basic level, security resellers need to be able to understand these new threats and challenges and should be looking for any opportunity to offer advice, knowledge and support to proactively manage the challenges and support the IT department's ever-increasing workload," he adds.

Consumerisation complexity
One of the phrases repeated time and again in this discussion about securing consumerisation is the need to make it easy to manage. No one is denying that bring your own device (BYOD) will grow but, in all probability, so will the complexity of dealing with more devices.

"Feedback from all our strategic partners show that, more than anything else, customers want a security solution that is easy to manage," says John Bartholomew, UK channel manager at Sophos.

Stepping away from cloud and consumerisation, there are still other things for resellers to talk to customers about, with security moving so swiftly that there is a real danger those that have rested on their laurels will be exposed to threats.

Recent research from Teneo reveals a significant number of customers using first-generation firewalls which no longer cut the mustard, leaving them open to threats.

"A lot of customers will have neglected digital security over the past 18 months as they've been too busy just keeping their heads above the water. In that time though, the threats have moved on and become more sophisticated," says James Harris, product manager UK & Ireland at ZyXEL Communications.

"Basic firewalls, AV and IPS protection at the gateway is just not good enough anymore - you need unified protection on every ingress point across the network."

"Last year, we saw more sophisticated threats like the Duqu and Zeus Trojans and the various DroidDream [the collective term for the scores of malicious Android apps] cause havoc. The BYOD explosion has made matters worse," Harris adds.

"You really do need real-time web defences now - it is the only way to protect networks from dynamic web links designed to by-pass reputation filters and commonly-blocked types of web traffic."

He advises resellers to warn against complacency because the risks are simply too great.

There are also other opportunities in areas around disaster recovery and business continuity, with many customer suffering data loss in the last year. Data protection policies appear to be stretched to the point of failure for a lot of companies and resellers could find a door opening if they address that problem.

"Resellers should be pitching a hybrid approach when it comes to data protection - combining on-premise resources for fast backup, with a form of cloud storage for secure off-site protection and archiving of critical files.

"This hybrid approach is increasingly popular for all organisations, but is particularly appealing for SMBs as they can successfully protect their growing volume of data with limited budget  constraints," says Chris Ross, vice-president of data management at CA Technologies.

"With a hybrid or cloud-based solution, organisations can get fast, reliable off-site protection of critical data on a straightforward subscription basis that keeps costs low and predictable," he adds.

The way resellers approach conversations with customers needs to avoid concentrating on the speeds and feeds and manages to work with the customer.

Management consultancy
Terry Greer-King, UK managing director at Check Point, talks of the need to pitch consultative and problem-solving skills.

"So many companies have built up piecemeal security solutions over the years, precisely because they've bought products to deal with specific issues and just bolted them on. They've now got the problem of managing all these different products and devices, while keeping up with the latest threats and changes in their organisations. While this is going on, the board is telling the IT team to cut costs," he says.

"This complexity, and the internal and external pressures, is causing more risk and creating vulnerabilities. My advice would be to listen to what the customer's issues are, and then propose solutions to deal with those - which could be based around products, or managed services, or both," he adds.

Listening is going to be vital because customers have quite a lot to talk about. It's not just about the need to be secure but also about the reality of the current economic situation.

Customers recognise they have to keep security defences high and protect themselves, but that is happening against a backdrop of continued tight budgets.

Resellers have to walk a tightrope between pitching the solution but not making it look too complicated and expensive.

"Resellers looking to pitch security solutions need to demonstrate they understand these evolving customer needs and they're able to work with vendors to successfully deliver solutions using the budget that customers do have available, effectively solving their  challenges in a simplified way," says Bartholomew at Sophos

smartphones.jpgThe BYOD problem for the SME
Paul Shlackman, PR manager, SMB and Channel, at AVG, told MicroScope that as SMBs increasingly favour using their personal mobile devices for work, they are opening their businesses to new security risks.

"Independent research confirms that SMBs have so far done little to protect themselves from these risks, in the process handing solutions providers a tremendous opportunity to help them take adequate precautions against an unfamiliar, yet as the figures show, all too real threat.

"A study by leading research analysts GfK published in Q4 2011 reveals 19% of SMBs are using Android smartphones and an equal proportion use BlackBerrys. Today's employees spend an average of one day a week working away from the office.

"The study also shows that very few SMBs are currently using antivirus or internet security for smartphones (16%) or solutions for mobile workers (2%). And there is plenty of evidence that this is having costly consequences. As many as one in six SMBs reported having experienced a security breach in the past year. The average cost of fixing these breaches was estimated at £3,790. This is explained by the combined impact of both short-term, logistical issues resulting from an IT security breach, such as time and cost to replace damage; as well as longer-term impacts, such as loss of sales and revenue opportunities."

The conclusion for resellers is that this area of the market is already a challenge for customers and is set to become an even bigger one. IDC is forecasting that global spending on mobile security will climb from $407m in 2010 to $1.9bn by 2015.

Read more on Data Protection Services