Antivirus software companies have often been accused of writing viruses to keep themselves in business, rather like a bouncer starting fights at a nightclub so that he can then break them up.
But regardless of where the threats to security come from, you will always need someone at the door to deal with the problem.
Today, access routes to company systems are becoming more complex. Greater mobility, remote access and wireless technologies, and the increased use of always-on broadband links, are contributing to the dangers.
And where there are dangers there is a need for security. It's not scaremongering, it's fact.
For resellers, the increasing interest in security products has represented a good sales opportunity but, as in most areas of this business, margins are eroding and you have to keep moving to keep making money.
Convincing SMEs that there is more to security than antivirus software is one hurdle, while corporates are starting to face information overload in security-related data.
This has lead to a greater diversification within the security industry. While generally demand for security products has been growing, not everyone is biting.
Industry analyst IDC is not convinced, for example, that the SME sector is well serviced in security products beyond the installation of antivirus software.
The problem, according to IDC, is that "IT security is not regarded as a fundamental part of effective business models". The analyst also pointed out that there is a distinct shortage of policies covering data security.
With spending on IT in the SME sector growing at a snail's pace, the prospects are not that bright for the security sale.
But in the corporate sector, where spending on IT is growing at tortoise rates, the recognition of the need for IT security is greater.
According to IDC's report on spending in the corporate sector, "Investment activity in security, both current and in the short term, is very intense in all sectors."
This is a view supported by David Ellis, director of e-security at Unipalm, who claims that the IT security sector is continuing to grow at a healthy rate, in particular at the enterprise level.
"Here most companies already have a perimeter firewall installed, but now we are starting to see enterprises deploying firewalls within the organisation to segment different business functions, protect individual users' workstations or provide secure virtual private network [VPN] connectivity for remote workers," he explained.
"The same is happening with intrusion detection systems and antivirus. A multi-tiered approach to security is now normal for larger companies."
So it is not just a case of spreading a few scare stories then waiting for customers to turn up at your door demanding security products then?
"Using scare tactics was popular in the past, and undoubtedly in some cases it was a useful way of highlighting potential weaknesses and therefore sales opportunities," said Ellis.
"But now resellers are having to build stronger arguments to justify expenditure.
"This normally involves illustrating return on investment, which is obviously easier in remote-access VPNs versus traditional methods or Quality-of-Service products.
"A useful tool for VARs is to highlight how much security breaches have cost organisations similar to your customer."
Justifying expenditure is always tricky for IT managers, but security is a sale that has now gone beyond the IT department.
It is an integral part of business development, especially for corporates where a greater reliance on digital information, and a greater use of online and mobile technologies, has meant greater risks of intrusion.
Security resellers have had to evolve with this, recognising the need to broaden the security solution to cover the demands of an increasingly wired-up and mobile world.
For this reason, the security sale is more than just an IT concern. Decision-making can now include human resources, business managers and company directors, mainly as a result of some high-profile cases involving breaches in legislation such as the Data Protection Act and the Obscene Publications Act.
As a result, companies want to be more secure. They want to identify areas of risk and put up barbed wire fences to protect themselves, and they need help.
Resellers need to address their customers' fears and offer a mix of security products that can be integrated to suit customer security demands, and this could also mean management.
The rise of the managed security service provider has not happened without reason.
Bernie Dodwell, sales and marketing manager at security distributor Allasso, said: "Resellers now have a huge challenge ahead of them in helping customers monitor their security data in real time, as opposed to pouring over endless logs."
This way, customers get to react to potential security problems immediately, but it is no small task.
Corporate security systems are churning out masses of information, and in some cases companies would have to employ at least one full-time member of staff to manage the data, a resource too far for many businesses.
Teams have to wade through massive amounts of raw event data. In many cases this has led to organisations ignoring important security alerts and events, or simply turning the devices off, which is not a good way of ensuring they are protected.
Outsourced enterprise security management is gaining popularity, mainly on the back of healthy financials and the lack of internal resources to cope with the sheer volume of security data.
Companies such as Ubizen are developing rapidly, offering customers a security data management service that "takes away the pain of boring jobs" from internal IT staff, according to Guy Vancollie, the firm's chief marketing officer.
Vancollie says that businesses are heading towards information overload, claiming that there are not enough trained security staff to read data from areas such as firewall reporting, vulnerability testing, intrusion detection and web filtering reports.
Ubizen has invested heavily in its security expertise and, while it does work with a few partners, the bulk of its business is through direct relationships.
It is, however, a good indication of the way corporate security is going. The lack of internal resources and knowledge, and the willingness to pay for outsourced services, suggests a potential opportunity for a well-skilled reseller.
"There is an emerging breed of software vendor that is targeting security information management," said Vancollie, referring to companies such as Net Forensics, Internet Security Systems, Symantec and NetIQ.
"However, while this helps companies to cope with the stream of information, it does not solve the problems that dealing with a volume of information can cause. There is also the problem of finding someone with the appropriate security knowledge."
For resellers the best route to helping customers with this information mountain is to offer solutions based around one of these management software packages.
These companies have started to open up this opportunity, although Vancollie argues that it is not yet a reseller thing.
"There is a big opportunity to extend the integration of security products with information management systems that offer real-time analysis capabilities," explained Dodwell.
"Monitoring security products individually is difficult and expensive, and this brings the management to one watchable window."
As far as SMEs are concerned, all-in-one security appliances are being touted as an affordable way to cover the bases.
Clive Hailstone, general manager of the enterprise and networking division at Computer 2000, said: "Over the next year I think we will see a lot more security appliance devices, more emphasis on intrusion prevention, rather than detection, and specific protection of key devices with firewalls.
"Homing in on these key areas is probably the best way to win security business this year."
It is a view supported by Ellis, who claims: "One of the limiting factors has always been the price point, but vendors such as Check Point and Symantec can now deliver management infrastructures built around appliance products that address this market at the right level.
"For the reseller channel, all-in-one security appliances are ideal for SMEs, as they provide all the key security components, such as firewall/VPN, intrusion detection, antivirus, Quality-of-Service and URL/content filtering."
The key driver for these appliances, and in fact security as a whole, is still secure email and antivirus protection.
"Email is probably the biggest single threat to business existence if it is not managed effectively," warned Ian Kilpatrick, chairman of Wick Hill.
"It needs to be one of the key elements of a security policy. IDC predicts that by 2005 there will be 1.2 billion email boxes and 36 billion person-to-person emails daily.
"Instant messaging will grow at a rate of 100 per cent compound, with 150 million business users by 2004."
It is no surprise, then, that the key to most organisations' security policies is email security, as it is both the bearer of viruses and a potential cause of defamation and loss of intellectual property.
According to Via Net.Works UK, one in every 145 emails sent and received by SMEs in January this year contained a virus.
There is, according to the likes of Via Net.Works and Sophos, still an opportunity here for VARs, especially as they believe there are about 800 viruses being written each month.
"IDC predicts the market will grow at a rate of 15.3 per cent annually between 2001 and 2006, so there is clearly an opportunity for VARs to capitalise," says David Stanley, UK general manager at Sophos. "A key part of any security solution is antivirus protection."
According to Harry Gostling, UK country manager at SonicWall, 85 per cent of UK businesses have antivirus software installed, while 71 per cent have a firewall.
ISPs also have virus screening software, so it seems that this is not a market with great mileage for resellers as a standalone sell.
The market for VPNs offers a little more hope in the short term, though. Gostling believes that two-thirds of UK businesses are untapped in terms of secure VPN installation. If it is sold alongside an information management service it represents a respectable revenue stream.
"Managing this today need not cost a fortune in investment," he said. "For an outlay of about £5,000 resellers can acquire everything they need to remotely enforce security, antivirus and VPN policies for up to 25 firewalls.
"Not only do resellers have an opportunity to gain valuable new revenue streams, but they can turn themselves from supplier to indispensable business partner."
Simon Hollister, managing director of Radware reseller Citadel, said: "Until now, most of the market has been centred on securing email with antivirus solutions.
"But we believe that by the end of this year, there will be more business in security weaknesses beyond email than in the traditional email market. Solution providers have a lot of headroom for adding value and making profits."
So are resellers doing enough to satisfy the demand for security products? Not according to Jackie Groves, managing director of Utimaco Safeware.
"Mainstream resellers neglect to offer anything further in the way of security than firewalls and antivirus," she explained.
"This is primarily because security is a complex area. Dealers are unwilling to invest in training until they have sold a product, yet without prior knowledge it isn't possible to give informed advice.
"By its nature, resellers' business is mostly led by demand. However, where security is concerned a more proactive approach is needed which takes into account customers' individual needs.
"The resellers that take an holistic view of security, and how security can be applied to business applications, will grow the fastest and win the business."
It is damning stuff, but training and investment takes time and money, something many resellers don't have.
So unless they can afford to buy in the necessary skills, there is little resellers can do. This is where vendors and distributors should come in.
Stuart Okin, Microsoft's chief security officer, is aware of the need to train resellers.
"We need to do a lot more," he said. "Certification needs to be wider. It is still too easy to get into security selling with a little knowledge, and that can be dangerous."
Dodwell claims that the skills base among VARs is growing, and that Allasso helps its resellers in the early days of development with on-site security consultants.
It is a typical specialist distributor approach that has to work hard at helping resellers create market demand while ensuring that the skills are in place to meet demand.
Ellis is, not surprisingly, supportive of specialist distribution in this sector.
"It is important that resellers look to work with distributors that understand the market and can help them supply their customers' total solutions," he said.
"More and more distributors are selling security products, but I am not sure as a VAR I would feel comfortable with securing my customers' infrastructure with advice from someone that sells everything from digital cameras to inkjet printers to intrusion detection systems."
So what of the future of security technology? Most vendors and distributors see a greater use of wireless networking and remote-access VPNs as key issues for resellers to confront.
They are expecting a shift towards a more server-centric approach to security. It is not about intrusion detection, it is about intrusion prevention.
Given the sheer numbers of security companies out there, picking the right product mix is tricky, and resellers will need a sound distributor relationship to help them ensure that an Avril Lavigne or Kournikova cannot scale their customers' perimeter fences.
- Decision-making for security is encroaching on other management areas.
- Businesses face increased security information management problems, leading to the rise of the managed security service provider and off-the-shelf management software.
- Cost-effective all-in-one security appliances are being aimed at SMEs.
- Email security is still the main issue for businesses, as they try to avoid viruses and misuse of company information.
- Virtual private network installation is still a big opportunity, along with mobile security.
- Distributors and vendors recognise the need to train resellers in the face of a security skills shortage.
Allasso (0870) 366 8511
Computer 2000 (0870) 060 3344
Check Point (01223) 713 600
Ideal (020) 8286 5000
ISS (0800) 085 2976
Microsoft (0870) 601 0100
Net Forensics (NSC Global) (020) 7808 6300
NetIQ (01784) 454 500
Radware (0118) 981 7335
SonicWall (01344) 668 090
Sophos (01235) 559 933
Symantec (01628) 592 393
Ubizen (020) 7549 8040
Unipalm (01638) 569 600
Utimaco Safeware (01784) 224 225
Via Net.Works (0845) 330 4975
Wick Hill (01483) 466 500
MSP plans to use new acquisition to expand its security offerings
Reseller also saw its operating profit fall five per cent in its financial 2017
Wendy Bahr to bring 18-year spell at networking giant to an end
AdEPT says latest purchase will push revenue beyond £50m