Channel players are queuing up to have their say on the Council for Ethical Data Security Integrators (CEDSI) the UK’s first governing body for security VARs.
The concept came to life last month after a small band of specialist security resellers including GSS and Secon decided it was time to up the ante against generalist rivals.
They argued that the lack of a governing body meant end users had nowhere to turn to guarantee a solid level of service. Unskilled box-shifters were poaching deals at the eleventh hour, which was driving down profit margins for everyone else and damaging the security channel’s reputation, they argued.
Their answer, CEDSI, was only registered as a domain name in November. The exact shape the body will take and its code of conduct are yet to be decided.
The idea has garnered widespread support, with 55 per cent of respondents to a recent CRN poll saying they believe that the security channel needs a governing body. Just 26 per cent thought it did not.
Ash Patel, UK country manager at security vendor Stonesoft, was among those to give CEDSI his full backing. “As a security vendor in the UK market and having worked for the reseller community and in distribution for many years, I think this is a great idea to help differentiate able security partners in our community from the ones that are in it just for a quick buck,” he said.
Paul Prior, managing director of security VAR Foursys, said: “This is an interesting idea and we will certainly look to contribute once it is off the ground.”
However, industry figures warned the exact structure and character CEDSI takes could be critical to its chances of success.
CEDSI’s founding members have suggested its code of conduct could be based on benchmarks around customer references or technical skills.
But Bob Tarzey, analyst at Quocirca, urged CEDSI not to take a broad-brush approach to accreditation and advised the body to seek the backing of security standards organisations such as ISO and ISACA.
“It is off to a good start with those guys behind it and if there is a need for it in the market, it will succeed,” he said. “But I cannot imagine it will achieve its goals if there is just one level of accreditation."
“If a business handles credit card data on a regular basis, it needs a different level of security than a media web site. There are different resellers with skills to address those different markets and, for instance, a reseller specialising in finance needs higher capabilities in IT security than one selling into schools. Also, without the backing of security standards organisations it would be weaker.”
The extent of vendor involvement in CEDSI is another point up for debate and the body’s inherent vendor-independent nature means they may be kept at arm’s length.
However, David Vella, director of product management at security vendor GFI Software, urged CEDSI to take on board the vendor community’s opinions.
“During the development of the governing body’s structure and processes, it would be wise to incorporate, though only to a reasonable degree, provision for vendors’ views and feedback, such that they can provide recommendations for policies or membership and pass on complaints and queries,” said Vella.
He also called on CEDSI not to blacklist reputable resellers that do not join, but focus instead on promoting its members.
Onlookers also argued that CEDSI would be destined to fail unless it sets aside a significant budget to convey its message to both the industry and end users.
“One area of concern is that it will not get the exposure it needs,”said Tarzey. “It has to put money into promoting itself, initially among its own community at shows and in magazines, and then among end users.”
Stuart Reay, managing director of security distributor Arc Technology, echoed
those concerns. “CEDSI may have a difficulty getting end users to buy into it,
especially in these times when everyone wants to buy at the best price,” he
Paul Anderson, UK country manager for Trend Micro, urged CEDSI to be as inclusive as possible to help get the word out.
“CEDSI needs to incorporate as many touch points to the market as possible,” he advised. “Vendors can bring it value because they have a different touch than resellers.”
Anderson added that earning the endorsement of user group forums such as Baptie, could also help CEDSI’s cause.
CEDSI will canvass interest from potential members before implementing a consultation period early next year.
Security firm set to become part of acquisitive Shearwater Group
Distributor merges three northern sites into one new hub in Warrington
Activist investor puts forward five director candidates as turmoil continues at security giant
Nima Green asks what is driving public cloud uptake in Germany