RSA channel unrest emerges
Resellers reveal frustrations as rivals report RSA partners have itchy feet
RSA stands accused by some of sowing the seeds of channel discontent by remaining tight-lipped on the ins and outs of the attack on its systems earlier this month.
Last week, its top UK partner Armadillo Managed Services showed solidarity with the embattled vendor, praising its response to the attack.
But other resellers appear less content. Some 60 per cent of respondents to ChannelWeb's poll this week report that the incident has damaged RSA's reputation to the extent that customers are actively looking to migrate away from the vendor. Just seven per cent do not expect the breach to have a negative impact on the security firm's reputation.
Shortly after news of the breach emerged, RSA reseller Network Technology Solutions faced a raft of calls from concerned customers, according to managing director Jonathan Lassman.
"My phone did not stop ringing from 8am to 10am, with customers saying: ‘Should I jump ship? What do I do? Am I vulnerable?'," he explained. "We now have six customers saying: ‘Get me a good quote on something else'."
However, Lassman stressed that the risk to end users remains slight.
"If someone accesses your network at the wrong time, other systems will flag that up," he explained. "You can manage your risks by having other solutions in place."
Simon Aron, managing director of Eurodata Systems, claimed that he had heard the news from distributor Arrow ECS, who also offered some guidance.
Resellers knew as much as anyone else following developments online, he added, claiming the episode had been "a pain".
"As soon as we heard about it, we began contacting customers," said Aron. "They are still worried and want to know what the outcome will be. We have to wait for more communication from RSA."
News of the attack emerged on 17 March, when chief executive Art Coviello published an open letter on the security vendor's web site. He admitted that the vendor was combating "an extremely sophisticated cyber attack in progress".
The EMC-owned company swiftly launched an investigation, he added, and was "working closely with the appropriate authorities".
The attack, which was classed as an advanced persistent threat, led to the theft of information related to the vendor's SecurID two-factor authentication product. Such information could be used "as part of a broader attack", warned Coviello.
In the wake of the attack, independent security research and testing specialist NSS Labs was quick to publish a damning report on the events and RSA's response to them. The company pointed out that RSA customers "are the most security conscious in the world" and include "military, financial and governmental" organisations.
"NSS Labs expects a string of breaches stemming from this event," added the report.
RSA was also scolded for the "limited and vague information" it has provided so far, and end users were advised to remove any remote access in the short term.
Ultimately, "RSA clients should consider alternative two-factor authentication solutions," said NSS Labs.
Mike Bienvenu, technical director of distributor Softek, which works with rival vendor Deepnet claimed his firm has received a rash of calls from unsettled RSA resellers. The lack of information is the main sticking point for VARs and end users, he said.
"In the past, whenever we have contacted them, we have found them to be very loyal," added Bienvenu. "RSA were the de facto choice for one-time password tokens - you never got fired for buying RSA. But there are a lot of people that are now concerned."
Andy Bryars, security consultant at security integrator Sysec, said: "It is certainly damaging when a security vendor has its information taken in this way. But it will have very little practical difference in the real world, as the information taken doesn't provide any additional vulnerability to the actual product."