Chicken, Egg or Omelette?

Just how distinct are security and compliance from each other?

Written by Jonathan Mepstead

CRN, 25 Feb 2008

Let us be honest, you do not refuse to drive 110mph on the motorway just because you have a fear of crashing; that consideration does not register anywhere near as highly as being pulled over, fined £500 and having nine points put on your license. In the same way, it’s not just fear that drives customers to seek protection for their applications and networks. Yes, they demand solutions that keep any bad stuff out and all the good stuff in, but what are they really concerned by? I would be inclined to wager that the desire to meet regulatory compliance is at least as strong as the need for security.

It is time more resellers understood that achieving IT security accomplishes little more than personal satisfaction for your clients if they cannot prove it to their external auditors. Trends have turned 180 degrees. It’s as if compliance earns more brownie points that IT security. An IT manager that achieves his 1000th successive day of suffering no intrusions will hardly be thrown a tickertape parade on his way out of the office. But if his actions put a tick in the right box on a compliance matter, then the chief executive might become his personal friend, take him out to lunch, laugh at his jokes…

Security and compliance are completely distinct, or are they? If security is the driver, then compliance will end up rearing its head. On the flipside, if compliance auditing seeks visibility and ends up highlighting a lack of security control then – hey presto - a security project with an available budget and an urgent timescale will likely arise. Is this one of those ‘chicken and egg’ situations, or could it be an omelette?

Now that compliance and security seem inexorably linked, the benefits of one solution over another are no longer just how much it can save your customers’ time, and your customers’ money. Now it’s about saving your customers’ neck.

The real question is, how can security and compliance work together without processes and resources being replicated? Since separation of duties and audit independence are also important issues, when should they be kept apart?

Resellers need to demystify the convergence of security and compliance, and explore winning strategies that will enable them capitalise on a market worth hundreds of millions of pounds. Every vendor touts a wordy datasheet or two about the role their technology plays in meeting PCI, Basel II and MiFiD etc., though little of it makes this challenge any easier. Instead, what will be critical to resellers are solutions that address security and compliance on a unified front and that simplify the issue in the minds of customers, whatever their priorities.

Jonathan Mepsted is managing director EMEA at Imperva

  • Have your say
  • Send to a friend
  • Share
  • Print

See also:

reader comments

related articles

latest news

IBM gets tough on ‘black sheep’

Persistent sources of grey market kit could face expulsion from Big Blue's partner programme 12 Mar 2010

Tories pledge to open procurement to SMEs

Technology Manifesto promotes smaller contracts and reveals plans for more open source IT 12 Mar 2010

FPB offers smaller firms a helping hand

Forum of Private Business aims to help SMEs handle issues on areas such as HR, finance, marketing, legal and health and safety with latest package 12 Mar 2010

More news

analysis and reports

Wireless LAN systems for the healthcare industry

The goal of a paperless hospital driven by wireless access that improves patient healthcare, expedites administration and streamlines operations.

A technology solution to align sales and marketing

Presenting best practices around people, processes and technology, this paper will help you produce more valuable customer relationships.

poll

Setting the standard

Setting the standard

Should the IT industry have a formal accreditation process?

View poll results

David Critchley

PROMOTIONAL VIDEO - Accelerate your business with Cisco

Watch this Cisco promotional video to hear how the vendor can boost your business

money

CRN Web Seminar: Convincing Customers to Spend their way out of Recession

Join CRN editor Sara Yirrell and a panel comprised of Tim Black from sponsor Intel, Sam Routledge from VAR Softcat and Antony Young from analyst Demuto to find out how to get customers spending in 2010

More CRN TV

events

Reseller Business Academy

Reseller Business Academy: Sales Fundamentals for Resellers

This workshop is designed for anyone who is new to sales or who is already in sales but has had...

Expo 2008 entrance

Channel Expo 2010

The only UK exhibition dedicated to the channel is coming to London, Olympia on 12 and 13 May 2010

More Events

Newsletter signup

Sign up for our range of FREE newsletters:

Existing User

Newsletter user login:

Primary Navigation