By Tom O’Hagan
The problem of network security is once more making the headlines. The news has been awash of late with horror stories around the latest security threats: children coding malware, unblockable new virus threats, even of gangs in China using social media as a means to spy on, and hack, the world’s biggest organisations. Indeed one gang in China is so successful it has not only been named as one of the top threat’s by the USA, it is reputed to have prevented a multibillion acquisition by Coca Cola of a Chinese drinks manufacturer. Legitimate or not, that is quite some clout. Worse still, the stories come at a time when businesses are becoming ever more culpable for not protecting their customer’s data properly – note the £250k fine handed out to Sony in the UK after their PlayStation Network was hacked and millions of users’ data was made available online. Whilst this has been one of the biggest fines, Sony has not been alone in being found culpable. And the fines aren’t down to simple non-compliance: if a business deemed to have been negligent with customer data, or with its own security – even within the boundaries of compliance – then the same fate applies.
Put bluntly, the message to businesses is clear: if your network is compromised, the fault is yours and you will be made to pay. Of course that is to say nothing of the damage to brand, customer confidence and potential sales that a highly publicised network breach can cause – let’s not forget that hackers are anything but modest about their achievements, even if fraud was not the prime motivator. It is unsurprising then that poll after poll of CIOs and CTOs is revealing that network security and data protection are now one of the biggest concerns. Case in point, a recent a poll by TechTarget completed in January this year revealed that data protection is the top priority for more than 50% businesses in the UK. 2013 is the Year of Security.
Of course, the demands of network security have changed dramatically over the past 24 months. Not only has the number of remote workers seen a considerable rise, but those workers are often accessing the network through their own devices, such as smart phones or tablets, ie devices that the company does not own and therefore over which it has no control. At the same time businesses have begun a serious adoption of cloudbased services – both public and private – providing another new risk of compromise to be addressed.
So what does this mean for the Channel?
Well, I believe that these business woes are actually good news. Why? Because for those resellers in the Channel who are savvy enough, this network security issue opens up a whole new potential revenue stream, another value add product to help differentiate a proposition for prospects or to upsell to existing customers to help make them more ‘sticky’ – and, of course, more profitable.
But there is a danger here for the Channel too. We must not be naïve enough to think that the answer to all security concerns is to “plug a firewall in and hey presto!” As security risks have diversified, so there has been a corresponding diversification in the types of security products available to businesses to help them protect themselves. But selecting the right solution from the sheer breadth and depth of products available can be likened to negotiating minefield – something to be done very carefully and preferably by someone who knows that they are doing. And thus the second key opportunity for the Channel presents itself: businesses need a trusted partner to help them understand the new security landscape and the best solutions available for the specific security needs – and resellers are in an ideal position to fill this role.
A final point to consider is this: much of the time, security comes down to people, not devices. The hackers in China have seen success not because they are expert at breaking firewalls but because they use personal information gained through social media to create emails that look and feel authentic to the recipient – who then has no compunction about clicking the malware links contained within the email.
This means that – for all the products and solutions – effective security demands stringent adherence on the part of users to company policy and company culture surrounding the protection of data, which is best achieved through the education of employees as to the potential dangers. All the security software in the world can be undone by a thoughtless click on a link – a fact of which your customers are all too aware.