Use Security as a Deal Maker

Written by Michael Vizard 1
August 10, 2015

Every solution provider now needs to be able to address security issues just to land the deal – a change from IT security being the realm of a few specialists. In effect, every solution provider now needs to be an IT security solution provider.

With each new security breach that finds its way into the headlines, organizations of all sizes changing how they think about IT security. Instead of thinking about IT security as an afterthought, security issues are now starting to be addressed when applications are actually deployed.

That means every solution provider now needs to be able to address security issues just to land the deal – a change from IT security being the realm of a few specialists. In effect, every solution provider now needs to be an IT security solution provider.

The challenge is that IT security technologies are evolving rapidly. Whereas once customers were content to rely primarily on anti-virus (AV) software and firewalls, these technologies have expanded their reach and scope considerably over the last couple of years. Case in point, firewalls now often include intrusion prevention and virtual patching capabilities, while AV software as evolved into anti-malware software that includes advanced heuristics engines that link back to threat intelligence services to apply countermeasures against known and presumed threats in real time.

While that affords the end customer more protection than ever, it creates a challenge for solution providers that need to address security issues because there is a chronic shortage of IT professionals with security skills need to apply these and other forms of advanced security technologies.

The good news is that organizations such as CompTIA are making security training a higher priority. For example, Stephen Cobb, a senior security researcher for ESET, a provider of AV software, said certifications such as CompTIA Security Trusmark+ now align with the best practices for security as defined by the National Institute of Standards and Technology (NIST).

In general, Cobb said ESET is seeing a lot of organizations these days putting a lot more emphasis on mobile security, which inevitably winds up exposing business processes to external customers. As such, the attack surface that IT organizations are now trying to defend is much wider in an era where there really is no defined network perimeter to defend anymore. In fact, given the rapid rise in the number of breaches, Cobb noted that political pressure that will require organizations to add additional layers of IT security is rising.

The challenge solution providers will face in terms of meeting that demand is how to deliver IT security services as efficiently as possible. In many cases, IT organizations will increasingly rely on managed security services. For that reason, Francois Daumard, vice president of global channel sales for AVG Technologies, a provider of both AV software and a managed service platform (MSP), said that solution providers will be looking for vendor partners that not only provide access to high quality security products, but also the means to deliver and manage them. When it comes to security, solution providers need to consider how easy it is to do business with any given vendor as much as the quality of the security technologies they provide, said Daumard.

Daumard also noted that solution providers should also take note of how open the ecosystem is around an IT security vendor. All those partnerships developed by the vendor create opportunities for solution providers to generate additional revenue, said Daumard.

No matter what path solution providers take, these days there is no getting around the simple fact that solution providers will need additional IT security expertise to close most deals going forward. The challenge is not only acquiring that expertise as soon as possible, but also in a way that enables the solution provider to actually still deliver IT services profitably.