By Dr. Lucy Green, Managing Director, Larato
Cyber-crime is here to stay. Hopefully the scaremongering about it will subside as we adjust to the fact that protection against cyber-attacks is simply a modern requirement for doing business.
Security is a growth opportunity for the channel and adding security services to your portfolio may not be as hard as you might think.
This article provides insights into buyers’ needs as well as expert tips from security specialists about building a portfolio.
Buyers want security
Demand for secure IT, Voice and Data services from UK businesses is growing. Over the past 3 months, Larato has spoken to over 200 small and medium Enterprises about their cyber security needs and what they are prepared to invest in protection.
We found that there are three key reasons for growth in demand;
1.Firms are increasing their use of cloud-based services and security remains a concern
2.Companies need to comply with changing and more complex regulation
3.Enterprises of all sizes are being attacked and their awareness of the risks they face is accelerating
Buyers are investing and ready to invest more. According to Ernst and Young, one in two British businesses is set to increase investments in cyber-attack protection by 25%. This figure correlates very well with findings from Larato’s direct conversations with buyers.
Buyers want cybersecurity protection and damage limitation
Unsurprisingly, buyers want protection from threats and to be able to limit their financial and reputational exposure to the damage that cyber criminals can do. Consider a simple example for data. Protection is delivered by securing data access. Damage limitation is delivered by automatically rendering data useless if it is stolen. This blend of protection and damage limitation is a compelling value proposition for the buyer.
Buyers want assurance from standards
According to the Cloud Industry Forum, buyers won’t buy without the assurance that certification against relevant standards and codes of practice provides.
Jonathan Rodwell chairs the Federation of Communications Services SIP Fraud Mitigation Mark of Excellence group. He agrees with CIF’s findings; “Customers are paying more attention to the accreditations of their suppliers. Adopting the work done by the FCS to protect against voice fraud is a sensible first step for the industry to take. Many industry experts contributed to developing the standard as a practical solution that protects Service Providers, resellers and their customers”.
Standards also need to be fit for purpose. If a standard endorses a company for conforming to a specific operating practice but that practice is flawed, then everyone loses. The same applies if a standard is too complex and expensive to adopt. Standards need to keep pace with the practical challenges and the best technologies.
A UK Top Secret!
Perhaps it isn’t surprising that the Information & Communications Technology industry is relatively unaware of the UK’s strength in cybersecurity; vendors’ steady streams of fear-inducing statistics leave little room for good news.
The UK cyber security sector has world-leading capabilities and is worth over £6 billion, employing 40,000 people. Players in this space have proven products that protect from the most targeted advanced attacks. For example, email cybersecurity specialists Glasswall Solutions operate on the principle of ‘known good’. This is the state of a file when it is known to be safe. Anything that does not conform to the ‘known good’ state is removed. Rather than blocking out the bad, this approach only lets in the good. It’s a simple but powerful technique.
Large Providers could lead the way
The UK’s larger Providers have an opening to help the industry think differently about security. Much of today’s security relies on having layers of protection and teams ready to react. This reactive approach isn’t enough anymore. Effective cybersecurity protection needs proactive measures.
By becoming smarter at cybersecurity, the larger Providers could gain material benefits for themselves, their resellers and their customers. There are some early signs of this happening; BT now protects its network with DarkTrace. This cybersecurity technology enables BT, BT’s customers and some of BT’s partners to manage advanced and sophisticated cyber threats proactively. Services like these are an important way to make money for the IT and Communications industries.
Chris Dye, Vice President of Alliances at Glasswall Solutions, observes; “There is an opportunity for the IT and Communications industries to change the way they think about security, progressing from traditional arrangements to incorporate proven innovation. Taking this step would lead to better protection and more revenue streams, particularly from SaaS and supporting consultancy services. Larger Service Providers in particular could advise their customers and their resellers on best practice and proactive security”.
It doesn’t have to be complicated for the reseller
Many resellers I have spoken with have the view that adding cybersecurity protection to their portfolio is just going to be too hard. Although providing cybersecurity expertise can be complicated it doesn’t have to be.
Jens Puhle (pictured), UK Managing Director of 8MAN, explains; “Customers need their Value Added Resellers to help them safeguard their businesses. Building a suite of cybersecurity services does not have to be difficult for the reseller. 8MAN’s product converts complex data access rights management into a simple drag and drop activity. It’s designed to enable resellers to deliver quality data protection services to their customers without having to invest lots of time and money in becoming experts”.
Top concerns for buyers and some straight forward solutions
Larato talked to over 200 companies about their security concerns. Protecting data, email and telephony came up at the top of their lists. So I went out to find out whether resellers could add solutions to meet these needs in a straight forward way. What I found was that plenty of cybersecurity companies are designing products or services with resellers in mind. This is good news because it opens up this huge market in a way that is accessible in practice.
Because buyers want to safeguard their data, email and voice, I asked three experts for their advice about how resellers can sell to these needs and keep things simple.
Data
At the recent “Leaders in Security” conference, IT leaders and security experts were clear about the risk that employees pose to data security. Business people at the Institute of Directors’ seminars about protecting against cyber-attacks echoed these concerns. There is nothing critical in these comments. Cyber criminals are becoming highly effective at obtaining sensitive information from employees and even the most careful employees are being tricked. Restricting individual workers’ access rights is a good way of protecting the data and the person. With the reseller market in mind, 8MAN has made this previously complex task simple; “We focussed on making access rights management a visual and straight forward process. The overhead for resellers needed to be low too – so the software takes 30 minutes to set up and requires no specific expertise to run.” He continues; “It’s beneficial for a reseller to have a solution for this problem in the portfolio. Customers want it and the margins are high compared with other channel products and services”.
Businesses are being caught out by malware, ransomware and other nasties coming in via email attachments. Glasswall has designed a solution that stops this problem by restoring attached files to manufacturers’ standards without touching or looking at the content. This is an example of a ‘known good’ solution. A manufacturer’s standard is a state of ‘known good’. Removing anything that breaches this removes problems and renders businesses safe from attack.
Glasswall’s Chris Dye; “We regenerate files to meet the definition of ‘known good’. No file will enter a business if it does not meet these standards which means hackers are blocked before they get through the door”.
Providers selling managed email through the channel have an opportunity to add this type of protection to their platforms, give resellers a distinct competitive advantage and uplift the price points that can be achieved. Buyers are ready to pay more for this type of secure email. Not providing it is leaving money on the table.
Voice
Business buyers are becoming more aware of – and more worried about - voice fraud. The FCS Fraud Mitigation Mark of Excellence offers ‘known good’ protection on two levels. One is recommending ways for known fraudulent numbers from being used. The other is enabling business users to manage the amount of money spent at any time on different call types to destinations all over the world in a granular manner.
There are various ways for resellers to become accredited with the standard and provide their customers with Mark of Excellence protection. The simplest way is to purchase SIP trunks with the standard built into them. These are supplied with a simple graphical interface that resellers can use to deliver fraud protected voice to their customers’ ‘phones and mobiles.
Importantly, if adopted, standards like this can perform the vital role of protecting the reseller-customer relationship.
Next steps
A myriad of revenue earning opportunities is out there for the channel to embrace. I suggest that there are two steps to success;
1.IT and voice resellers explore the range of security solutions that have been built with them in mind.
2.Larger service providers add proactive security protection to their own best practice and make the resulting benefits available to their resellers.
Find out more by coming to the “Protect your customers from Cyber Attacks” seminar at the Convergence Summit North on March 16th at 13:45.
Register for the Convergence Summit North here.