Attention CIOs: Here's how to make sure customers buy security products wisely.

December 11, 2017

4 Min Read


Hal Lonas

By Hal Lonas, Chief Technology Officer, Webroot

As we near the end of 2017, many of your customers are practicing some form of what I call “security therapy.” It’s similar to “retail therapy” in the sense that they are spending money on something they think they want, but don’t actually need.

IT professionals have budget to spend by the end of the quarter or year, and rather than lose it, they’re going to use it.

The problem is, they’re crunched for time wrapping up various projects. Who has the bandwidth to really research what’s effective and what’s not? Let’s face it, customers hear lots of conflicting and confusing messages about new products and technology. Is it worth the money, or is it just the same old thing with a fresh coat of paint? Independent testing of security products is hard to come by.

Yes, everyone likes to make some unexpected sales to close out the quarter. But you don’t want customers with a bad case of buyer’s remorse come January.

Here is my advice on how to help them get the most bang for those end-of-year bucks:

Step 1: Conduct a coverage audit: Make sure that the customer’s current security solutions are protecting the entire business, not just offering partial coverage. Given the rise of multivector attacks, that’s critical. Make sure endpoint-security systems support all the operating systems and devices in use, including those from Apple, which are not immune to attack and are making more inroads into customers sites. Solutions that look at attack behaviors are often more effective against ransomware, spear phishing and polymorphic malware.

Don’t forget physical security: Spending on video surveillance is up, driven by increased demand for higher-quality video, integration with physical security systems, IoT-driven smart building and city growth, and global trends toward enhanced security. And from provisioning connectivity to making sure storage systems and networks are prepped for video, this is a hot market for channel partners. Get the report now!

If you have equipped a customer with network security, such as DNS protection or secure web gateways, are all their office locations covered? Do employees have protection even when they are traveling? Can you add some new managed security services?

Step 2: Layer security solutions: It is important for any organization to have a layered defense system. If you’re currently selling only network security, consider adding endpoint protection. Again, make sure each of the security layers you supply is using modern technology. Talk to others in your industry, your distributors and suppliers, and take part in CISO forums to understand best practices.

People are often the weakest link, so an important layering aspect to consider is security awareness training for all users. Some industries require compliance practices that mandate this kind of training, but considering the sophistication of …

… modern phishing attacks, recommend training whether it’s mandated by law or not. And don’t forget mobility management.

Step 3: Declutter legacy security solutions: Look at security products and practices already in place and remove those that are ineffective. That can be the most difficult discussion — sometimes it seems easier to go with the flow than to put effort into removing a legacy solution. But over time, the customer will save money that can be better spent on something else. Additionally, it’s one less thing you or the customer’s IT staff has to monitor and in the process, you may speed up your network and streamline users’ machines.

When you’re considering removing a solution, remember to do your due diligence on the protection it’s providing. Noise coming from alerts and flashing screens may not indicate the efficacy of a product. You’ll have to make time to dig into the logs and see what’s been blocked and automatically remediated.

I hope this gives you some pragmatic guidance for advising customers on how to spend the remainder of the IT security budget this year and in years to come.

Hal Lonas is chief technology officer for Webroot, an industry leader in endpoint security, network security and threat intelligence. Hal has more than 25 years of experience in enterprise software and engineering.

Read more about:

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like