End-To-End Solution A Must For Total Security
Security solutions must be rooted in a thorough understanding of todayâ€™s intricate threats and paired with strong vendor support.
Business Solutions, January 2009
Avoid Common Security Solution Mistakes
Perhaps the biggest challenge for security VARs is keeping abreast of the constantly evolving threat landscape. David Roberts, senior VP of Americas sales at Websense, says understanding cutting-edge threats is a necessity for VARs selecting the appropriate solution for their customers. "A VAR needs to install security technology that actually protects against today's threats that target data," says Roberts. "Firewall and antivirus/antispam solutions [traditional perimeter security] are simply not enough for today's blended attacks." Roberts has a short list of must-haves for malware protection that every VAR should consider. The technology must protect the customer's data, protect against dynamic Web 2.0 threats, and integrate across Web, email, and data.
In fact, one of the most common missteps security VARs make is not considering the impact of malware across interlocking portions of a network. "It can be tempting for VARs to plan a solution that addresses only one threat at a time, rather than the threat landscape as a whole," explains Marcella Mazzucca, senior director of worldwide marketing at Webroot Software. Software as a Service (SaaS) and Internet-based ('in the cloud') security solutions are two ways to resolve that challenge. Jan Hichert, CEO of Astaro, articulates another common mistake made by VARs and end users alike. "They overlook what is known as a feature's depth of field, or the ability of the feature to address the problem it is targeting," says Hichert. "Some solutions include a bare minimum of functionality in order to include the feature on a datasheet, and the quality of the component is clearly lacking when tested against the problem it is intended to fix. VARs need to make sure that the solutions they choose include proper depth of field to provide effective security."
Lastly, VARs must remember that not all threats are external. Whether by chance or through subterfuge, data leakage is potentially as damaging as any malware. Sanjay Mehta, senior VP of Breach Security, says, "Most network-centric security solutions focus on inbound attacks and pay no attention to potential data leakage. A security VAR must consider robust solutions that include full inspection of outbound traffic."
Look Beyond Technical Support With Security Vendors
Avoiding the common security installation mistakes often starts with the right vendor partner. "It's imperative that VARs find a technology vendor that understands the complexity of the current threat landscape and offers a comprehensive security solution," says Mazzucca. Hichert adds that VARs' vendor partners should offer a balance of good solutions with good support and value. Since no solution can provide every possible function, it is important for VARs to prioritize each customer's security needs and select a solution that provides top functionality for the highest security priorities. As part of that, VARs must consider vendor support such as frequent updates and product revisions, which means added functionality.
As with many solutions, the product you select as a VAR can make or break your relationship with a customer, so be careful and do your research. Mehta recommends evaluating products that are a logical addition to your existing portfolio and looking for those with high margin service engagements. He adds that shabby vendor support in terms of training can doom an installation.
While most VARs would consider 'support' to encompass technical issues, Hichert considers marketing and sales tools another important component of support. "Consider which vendors will provide you with the best margins, the most effective marketing materials and sales tools, as well as a responsive customer service department — those are all important factors," he says. He also urges VARs to look for vendors offering managed services options. "SMBs are increasingly moving to managed security services to simplify security and cut costs during tough economic times, so offering managed security services will give VARs an edge."
Think Big Picture To Provide Better Security Solutions
As mentioned above, overlooking an element of a total network security solution is a common problem. A VAR must drill down to discover all the factors involved before recommending a solution. "The most common mistake or area overlooked when planning a malware protection solution is that VARs set up perimeter security, but overlook the element of data protection," says Roberts. "VARs need to concentrate on setting up a data-centric security strategy that encompasses both keeping the bad malware out and keeping the good, essential data in."
To determine the full breadth of a customer's needs, VARs must fully assess not only the business needs of the customer, but also evaluate the infrastructure supporting the proposed solution. "VARs need to treat each installation individually and understand the infrastructure behind the solution being installed since complex operational systems may combine variables such as bandwidth, network applications, and gateway applications, and the solution needs to align with each of these variables," says Mazzucca.
It is also incumbent for VARs to supply guidance beyond the installation. "A customer can have the best security solution on the market, but it is not going to protect the network if services providers do not update it in a timely manner," says Hichert. Mehta agrees, adding that VARs often view security as a product installation rather than an ongoing solution. "Selling a piece of software or a security appliance should not be the end of the customer engagement. The ultimate goal should be building a lasting relationship with the customer, which leads to more product and service sales," says Mehta. "VARs should focus on ensuring successful customer adoption of the products sold, including complete installation and configuration, ensuring the correct operational procedures are established, and providing ongoing professional services to deliver real business value."
Find Opportunity In Web 2.0 Security Threats
The popularity of Web 2.0 has ushered in an entirely new generation of dynamic threats, leading to a silver lining for security providers as vendors provide more and upgraded products to battle these new threats. "As businesses use Web 2.0 more for legitimate business, attackers have taken note," says Roberts. "VARs absolutely must look for malware protection technology that is able to protect customers against dynamic content as it is happening." Providing that level of security can only help reinforce a VAR's position as trusted advisor, and keeping your customers at the forefront of security levels is a prime way to build a long-term relationship. Hichert stresses that new security applications, such as those hosted in the cloud can support a VAR's ability to quickly respond to new threats. Mazzucca suggests that VARs get on the cutting edge of SaaS offerings. "Existing on-premise security solutions are no longer enough to combat the changing threat landscape, and businesses that do not adopt total security solutions in the cloud will be exposing their networks to the increasing number of Web-borne threats," says Mazzucca. "It is imperative that VARs align themselves with the right vendors, become trusted advisors to their customers, and lead the shift to SaaS."
The vendors agree that today's threats are not met with yesterday's protection. "Instead of fighting for sales of commoditized products that do not comprehensively protect customers' data, VARs must move with the dynamic threat shift to grow their businesses," says Roberts. "By keeping their customer's information safe from malware and other threats, they will be a trusted advisor and their customer's hero."