CompTIA Report: IT Security Practices to Shift From Products to Processes

Companies increasingly are ready to take action on security, and they’re going to start asking more complicated questions, wanting more pieces of technology and demanding an overall “solution.”

That’s according to CompTIA’s new Security in the IT Channel report. It is based on an online survey of 400 IT channel professionals conducted in January and February.

IT channel companies that highlight processes and education along with the products they stock will be well positioned to seize new opportunities in the increasingly complex world of enterprise security, according to the report.

Seth Robinson, CompTIA’s senior director of technology analysis, tells Channel Partners the channel is beginning to recognize the changing demand with the emergence of more MSPs, and more traditional business models deciding either to focus more on security or solely on security as a managed security service provider (MSSP).

“So you see a little more interest in channel firms trying to specialize, and I think that reflects this momentum behind companies wanting to take action of some sort,” he said. “What that action is is a place where I think channel companies need to grow and learn, and make sure that they’re building out the correct offerings.”

Education of end users – the weakest link in the security change – requires greater emphasis, according to the report.{ad}

“Companies definitely recognize … that they can put all the technology that they want in place and have some of these processes, but at the end of the day, they really need to improve the education of the workforce as well,” Robinson said. “What channel partners have to do is … fold it into that whole discussion about what is going to be the cost of security and what is going to be the investment for security. And then as they’re exploring education options, look for options that can provide some metrics or try to build in their own metrics, some way that shows the company that’s investing in their workforce education that the workforce is actually getting educated.”

From the product perspective, a modern approach to security will require a broad mix of tools, according to the report.

Overall, more than one-third (38 percent) of the companies surveyed said that firewalls are their biggest seller, while 20 percent of firms place antivirus at the top of their bestseller list. By comparison, only 9 percent of companies report that …

{vpipagebreak}

… security information and event management (SIEM) offerings are their biggest revenue producers.

“Channel partners need to really get up to speed on the different technologies and the way that they get put together, but also be very conversant in the way that the process of deciding on security goes about, and what processes a company might have to put in place that go beyond the technology to improve security,” Robinson said. “So these could be things like reviews of cloud providers or formal risk analysis, or compliance management, things that wouldn’t necessarily have a technology product, but need to be part of ongoing operations to be part of security.”

Channel partners still overwhelmingly rely on the reputation and strength of the vendor products they sell when making a sale, according to the report. Just one in 10 firms relies primarily on the strength of its own services or innovation.

“Good marketing certainly requires strong products, but for channel partners to successfully build their own brand they must identify and highlight the unique strengths they have to solve business problems and help customers overcome obstacles to success,” Robinson said.