Managing information vulnerability and compliance
Brent Thurrell gives his view on getting customers to address the changing security threat landscape
Information security has been pushed up the boardroom priority list, and we are seeing these projects being turned around more quickly from specification to deployment.
The way that organisations view security is changing too. After years of buying security offerings that don't solve their problems, customers are realising that they need to take an overall view of security to see how threats evolve from external attacks and – should they get through the perimeter – how they then evolve and migrate within the corporate environment.
Companies have also accepted that security is not the sole responsibility of security managers. IT operations and all employees have a role to play. While a security department may provide the tools, the onus is on the IT department to create an environment with minimal vulnerability, for instance by managing passwords better or restricting user rights on the desktop.
Tools for privilege management and targeting compliance or auditing processes are therefore understandably of interest, particularly in some vertical markets, such as energy, or financial services.
Potential RoI can be difficult to calculate. But vulnerability management can give a customer the ability to see the whole threat landscape in context.
Security tools can throw up an alarming amount of data that can seem hard to interpret, let alone administer, so it is imperative to have a way to locate the real weaknesses.
And while it is hard to apply financial metrics to information security, analytics tools can help customers evaluate improvements in their defences as well as help the channel prove a case for investment.
The channel may need to target security specialists, network managers, operations managers and anyone responsible for risk management within a customer organisation. Obviously no security technology will do everything, so integratable, compatible tools should be chosen that will both suit the task and are likely to still be useful in future.
Vendor partners can help, especially since security will never be an off-the-shelf purchase for larger customers. This last point is something I feel passionate about, having worked in an IT channel environment. Yet for resellers that can attract the right prospects, partner the right vendors and harness the right technologies, the ever-evolving security market is likely to remain profitable for years to come.
Brent Thurrell is EMEA, India and APAC vice president at BeyondTrust