In the interest of public security

With the public sector undergoing an unprecedented IT drive, security is moving higher up the agenda for many organisations. In part three of our five-part series, Martin Lynch investigates what has been touted as a potential goldmine for resellers

More than 70 per cent of public-sector bodies now have an IT security manager in place, according to a Unisys-sponsored survey. When you consider that the public sector is renowned for being understaffed when it comes to IT and communications technology, this gives you some indication of just how high security is on the public sector agenda.

In many ways, the public sector has little choice in the matter, thanks to a raft of government initiatives being rail-roaded through using technology to modernise most aspects of the sector. The bottom line is that lots of technology equals lots of security.

From education and local government through to central government, defence and healthcare, there has never been an IT drive quite like it. Whether it is overhauling outdated hardware, implementing new software systems, streamlining services, creating an online presence or getting to grips with mobile working, the public sector is a veritable goldmine, because nearly every aspect of IT implementation involves security.

In many ways, public- and private- sector customers are alike, but they differ in that public-sector customers are a lot more accountable. The level of public scrutiny, pressure to comply with internal security policies, the Data Protection Act and other guidelines means their security set-up has to be robust.

Other findings from Unisys concluded that while 80 per cent manage all of their own security systems, 40 per cent admitted that the lack of in-house skills has constrained the roll-out of IT security initiatives. Things have moved on somewhat since that survey, and while many public-sector bodies maintain a ‘hands-on’ approach to security, most of them admit to needing help in finding, implementing, integrating and maintaining a security solution.

The technology that was once viewed as an expensive and unwanted insurance policy has become a priority concern. So much so in fact, that security edicts n o longer come from the departmental IT managers, but are handed down from the highest-level decision-makers. The opportunity for the channel is considerable. Although it is being exploited by a growing number of resellers, it is certainly not an over-subscribed market. There is still lots of room for qualified resellers that are willing to do their homework and pitch a tailored security solution.

Ian Kilpatrick, chairman of distributor Wick Hill, says: “There are huge opportunities for the channel still in the public sector – from government itself through to education, health and a whole variety of the local authorities – thanks to the large number of e-government initiatives.”

David Ellis, director of e-security at distributor Unipalm, agrees.

“If you look at the security market in general, traditionally the public sector has not been at the cutting edge of the technology uptake,” he says. “But certainly in the past two years, public-sector sales have increased a lot on the security front.

“There are a number of reasons for this. There is a lot of legislation driving this behaviour, such as compliance with the Data Protection Act. The public sector has become a much better opportunity in the security sector, and resellers concentrating on these customers are reaping the rewards.”

Stuart Small, UK sales and marketing director at Sophos, says: “In the past few years there has been tremendous investment in public-sector IT. While it can be slower moving than the private sector, there is a tremendous opportunity for the channel.”

Labour has been ‘big’ on education and this has been demonstrated by the amount of cash that schools have been ploughing into IT.

“The Labour government has really put an emphasis on education, and it has certainly pumped in a huge amount of money,” explains Dave Hadley, product director at Equiinet. “Schools have come a long way in a short space of time, from 20 or 30 PCs per school to hundreds. The average secondary school has 300 PCs now. They even have IT teams in there. There’s still a big opportunity for resellers to support schools.”

The ease with which the public sector can be cracked depends on who you speak to, but the one thing they all agree on is the importance of knowing your market.

Tony Blair might have preached “education, education, education”, but if you’re a reseller the mantra is more likely to be “homework, homework, homework”. A public-sector customer might have the exact same security headaches as a private-sector business, but the route to securing that sale and the approach taken differ markedly.

Paul Prior, managing director of security reseller Foursys, says: “You have to be a lot more patient. The hard-sell approach does not work. Take a consultative approach. The biggest challenge is that you have to offer value for money and be very competitive on price. If you can offer some form of added value, that is how you set yourself apart but there is less opportunity to add value, because many of these customers are under a lot of pressure to get the best deal.”

Kilpatrick says: “The key difference from private-sector companies has to be some of the approval processes and the way their budget year works. Contracts tend to take longer, and you need to understand the approval process, the drivers and the key people involved. In an enterprise it’s easier to find an individual and drive through the sale, but not in the public sector because there is always more than one person to deal with and it can be much more administrative. Some bodies have accreditation processes for resellers that must be met: you can go through the sales process only to discover that you are not approved as a reseller.”

According to David Abbot, product marketing director at internet appliance vendor Equiinet, “the sales cycle is much longer. We started going to lots of events to try to figure out the language these people spoke and how they are structured. We saw that everything was built like a pyramid: government bodies, then regional broadband bodies, then the local education authorities [LEAs].

“We’ve done a lot of ‘people networking’, and if you are able to get someone on your team from the public sector in your company, it can help,” he adds. “One of our staff is a former deputy head teacher, and he understands all the pain and what worked and doesn’t work in the school environment. It really helps. If you try to sell using your IT security language and jargon, at least in education, it will not work: they simply will not understand.”

Finding the right people to deal with in the public sector can be tough. Just because you manage to get hold of an IT manager does not mean you are dealing with the person, or people, holding the purse strings.

“Where possible you try to get to the higher levels like regional broadband consortiums. After that you go to the LEAs and lastly, you go to the individuals schools,” advises Abbot.

Kilpatrick remarks: “It’s tough for a lot of resellers to get to people at the right level. It’s all down to their skill level. They not only have to learn all about potential accounts, but also a new way of selling.”

Small believes there is a need for more enterprise-style selling from the channel. “Traditionally, the reseller and vendor would talk to the department, but the decision-making web is much wider in the public sector,” he says. “There is a need to try to move up the decision-making chain.”

So, is size important when it comes to succeeding in the public sector?

Not according to Prior. “Typically our competitors are larger than us [at Foursys],” he says. “In fact, they all are. You just need to be proficient in what you can supply.”

Ellis agrees. “For the bigger projects you do need the accreditation and procedures in place to win those deals,” he says. “However, there are always small pockets that smaller resellers can service, as well as teaming up with bigger players.”

According to Small, a certain level of size does help, but expertise counts for more.

Kilpatrick claims: “There are barriers to entry, but typically they are not based on size, instead mostly on knowledge and expertise. In some cases size can help, but only on the really big deals, where you have to keep on it for months, or even years, before getting anything.”

There is very little difference in what products are in use between the private and public sectors. They have many of the same needs, from basic firewall, anti-virus/spam/email protection, through to web site protection, intrusion detection and prevention systems. On top of this, public-sector bodies have to deal with the implications of newer technologies such wireless networks, and a move towards mobile working and the security headaches they entail.

“Probably the biggest single shifts they have to handle are with mobility, wireless networking and home working,” Kilpatrick says. “There are teleworking initiatives from the government, while the impact of wireless networking is massive. The latter is so much cheaper for them. There are huge drivers for this, but the issues to secure this technology are considerable and exacerbated by the need for data protection. Identity management is another key area, especially with larger public-sector groups.

“The government has pronounced some big edicts on the public sector regarding teleworking. I mean, the cost of providing desks in a building is so much more than allowing 5,000 civil servants to access the IT systems from home or on the road. The government has both rewards and penalties in place to encourage certain public-sector bodies to do this. This is a huge culture shift for them, and the reseller has a role to play here.”

Ellis comments: “There has been a move towards home working, but giving people the ability to connect from home creates a large number of security issues. Public-sector groups tend to be a lot more proactive online, having moved from static web sites five years ago to highly interactive, service-oriented sites today that have introduced the need for greater security.”

The practice of flexible working, which includes working at convenient times, ‘hot-desking’, mobile working and working from home, is growing fast among local authorities, according to a report from the Society of Information Technology Management, the professional body for IT staff working in the public sector. The report found that there are many reasons for the growing popularity, including the potential to provide better services by taking them to customers’ homes using mobile technologies, make savings through the disposal of redundant office space and to improve the quality of employees’ working lives.

One of the channel’s key advantages is expertise. From pre-sales consultation through installation and post-sales support and maintenance, the reseller can offer what public-sector bodies tend to lack most: in-house skills.

Prior says: “The public sector has a very limited IT resource internally to support new technology. Ease of use and administration are important factors in what they buy.”

Small agrees. “Resellers can work here to help support those limited skills,” he says. “For instance, there are some excellent resellers that deal in the school-level education sector that do a lot of handholding.”

Abbot says that in primary schools there is a lot of opportunity for adding value, because there is very little networking and IT knowledge. “Resellers have an opportunity here to help with the real revenue opportunities from installation, maintenance and monitoring,” he says.

On the technology front, the public sector has not been slow to adapt to the ways in which security solutions are now offered. Security appliances and Unified Threat Management devices are fast replacing the traditional, separate software and hardware solutions from many disparate vendors, a trend that has also helped to change the way the public sector now buys security solutions.

“Security appliances are a big area now,” Ellis says. “Security products have gone from software-based to being appliance-based, and beyond that again to being able to run multiple products on one box. Those products are fitting in well in this sector. If you can get 85 per cent of the functionality for 20 per cent of the cost, the public sector will look at that.”

Small adds: “Appliances should make things easier to manage. They should be ‘set and forget’ devices, and they do tend to deliver the results.

“There’s also a change in how IT is being bought in large government organisations. There is a move to dealing with a smaller numbers of vendors. A few years ago, there was an approach that favoured different security vendors at different parts of the network, but now that approach has been turned on its head. They now want less companies providing their security, in a sort of ‘one back to pat’, or ‘one throat to choke’ scenario.”

CONTACTS:

Equiinet (01793) 603 700

www.equiinet.com

Foursys (01223) 423 311

www.foursys.co.uk

Socitm (01604) 674 800

www.socitm.gov.uk

Sophos (01235) 559 933

www.sophos.com

Unipalm (01638) 569 600

www.uniplam.co.uk

Wick Hill (01483) 227 600

www.wickhill.com