Selling data security not rocket science
Terry Greer-King maintains that getting security sales right should be straightforward for most resellers
Data security offers VARs a tremendous opportunity, if selling these products is approached in the right way.
Reports over the past two years suggest space agency NASA has either lost or had stolen 48 mobile computing devices. The space agency itself has admitted this resulted in the unauthorised release of sensitive data and third-party intellectual property.
NASA further conceded that it has been slow to implement encryption on the notebook computers and mobile computing devices it provides to its employees. In fact, by February this year, only one per cent of NASA laptops and portable devices used encryption. US government bodies as a whole have encryption on 54 per cent of their devices.
It appears that we as well as NASA have a problem. This level of penetration is typical of organisations in developed countries. About half of the organisations we talk to in the UK are using encryption. This should give the channel a fantastic upsell opportunity.
Most employees, from CEO level down, are at least partly aware of the security risks of losing a device, transferring data to unencrypted computers or devices, sending work files to webmail accounts and so on. The fact is that people take chances all the time when transferring data, and are typically focused on being efficient workers and getting their jobs done, rather than whether or not their actions might create a security risk.
Most of the time, there is no malicious intent and the data remains in the proper hands, which only reinforces such behaviour.
Organisations need to become more secure by stages. First, there should be an audit. Companies need to know which devices they have on their networks. VARs can help by working with customers to get a picture of all the active devices on their networks – whether those devices are authorised by the company or not.
Then it is time for an amnesty. All the computing devices identified should be brought to the IT department and updated with the appropriate security applications. This includes USB sticks and other removable media, as well as PDAs, smartphones, tablets and laptops.
At the same time, staff should be informed that unauthorised devices will be locked out of the network. VARs can again help with the formulation of security policies and any preparations for deployment of further security products.
Although data breaches often involve a laptop or memory stick, all end points can offer access to sensitive data so all devices should have data security controls installed.
Full-disk encryption with pre-boot authentication, port and device control software, and removable media encryption can protect USB sticks and DVDs. Products selected should also allow IT administrators to have central visibility and control over every end point.
Rocket science is believed to be a real challenge, but security does not have to be.
Terry Greer-King is UK managing director of Check Point