Security resellers should look to the long-term risk management pitch

Customers have reached out for security support in their droves as they scramble to set staff up to work from home, but beyond that initial response there are more long-term consequences of the Covid-19 coronavirus.

Most firms have started on a digital transformation journey, where providing workers with greater mobility and flexible access to data is likely to be on the wish list of things to achieve during that process.

But the coronavirus lockdown has expedited that process, with more employees than ever now working from home. But if that is the initial phase, then what follows will involve a more detailed conversation between resellers and customers about risk management.

Ben Desjardins, vice-president of solutions at RSA Security, said it was encouraging partners to look at risk management as part of the digital transformation discussion, and to help customers look beyond their immediate needs.

“We have seen a wave of demand from organisations as they do the best they can to maintain a reasonable security posture,” he added.

RSA has seen strong demand for multifactor authentication (MFA), both physical keys as well as its software products and apps, as customers look to secure remote workers.

But beyond that, said Desjardins, there were conversations to be had with users as they adapted to what in many cases would become “the new normal”.

“The areas in which we see increased activity with partners are around the RSA SecurID Suite,” he added, “as users take those early mitigating steps and [reach out for] mitigating technologies they can put in place quickly.”

Desjardins said another immediate impact of cornonavirus was a surge in phishing attacks. The criminals are not only trying to exploit the uncertainty around the crisis, but also take advantage of workers who have never worked remotely before and been targeted by attacks.

Other vendors have also charted a significant rise in Covid-19-related phishing attacks and scams, with some purporting to be connected with legitimate sources such as the World Health Organisation.

Looking to the longer term, with remote access secured and users educated and protected against phishing attacks, Desjardins said it was already starting to have more conversations about how some of the current disruptions could be secured and incorporated into general working practices.

That will involve talking about risk management and crisis management platforms to help customers cope with a fully digital workforce.

He added that it was also encouraging partners to be empathetic to customers and not resort to fear, uncertainty and doubt (FUD) selling techniques.

“On the customer front, everyone has a lot going on, so it is a matter of being empathetic and sympathetic,” he added. “We are asking people to follow security standards for crisis management and plan-do-check-act [PDCA].”

Desjardins could not comment in any detail abo the recent divestment RSA underwent from Dell, but said the feeling was one of excitement as it looked to demonstrate what it could achieve as an independent company.

Towards the end of February, a consortium of investors led by Symphony Technology Group (STG) agreed to acquire RSA in an all-cash transaction for $2.08bn.