Unbelievably in this era of converged complexity and high-profile attacks, security is often an afterthought and seen as the responsibility of an incumbent infrastructure partner. Westcon-Comstor MD, Tony Nevill, believes communications providers are ideally placed to resolve this seeming paradox, start an upfront security conversation and grasp a major opportunity.
All the benefits of the modern IP-based world come at a cost. Security. IP networks were not developed to tackle today’s stringent security demands and, given their inherent vulnerabilities, there is a paradox. Historically most security spend has been on the infrastructure, mainly perimeter protection. Yet vulnerabilities are exploited, by and large, via the applications that run on, through and in and out of the network. The integration of voice and video into the data network and desktop is commonplace and these applications are no more immune to exploit than any other, as a gateway to other network resources or as a specific target. Cybersecurity is a global, border-busting industry of opportunists, organised crime and (allegedly but believably) nation states, all hell bent on profit, disruption and theft. The need for deeper and tighter security has never been greater.
So, in a market where UC is pervading more organisations of all sizes, security must be a conversation had right at the start of scoping and quoting. Not at the end, not by someone else and certainly not not at all! We’re aware of UC specific threats (system compromise, end-point hijack, eavesdropping, toll fraud, vishing, service denial attacks) but customers want more than standard ‘out of the box’ protection. They will ask for help either when they want to know more about the fearmongering or, crucially, when they’ve been hit. Witness the recent high velocity, global scale WannaCry and Petya ransomware attacks. Reputational damage and operational disruption are huge and commercial losses common. Whether the attackers are in it for the reward or the data is largely irrelevant, they got in and exploited a vulnerability. As providers of feature-rich and enabling communications technology, we must help protect customers and their data. We must talk more broadly about security (web application firewalls, access controls, DDoS mitigation, availability strategies, visibility and reporting) in our UC project meetings. Don’t wait to be asked, take the lead and become not just a trusted UC partner but a trusted security partner.
Everyone has everyone’s back
To become that trusted adviser is beyond the capabilities of many partners. Large enterprise resellers and SIs have in-house expertise, but even these organisations struggle to keep abreast of security and infrastructure developments that impact UC installations. For partners working with SMB customers who are tackling skills shortages, constrained resource bandwidth and budget restrictions the overhead is often too much. The key is to collaborate. Working together as a cohesive force, the channel can accelerate the security of customers, and diminish rewards of cybercrime. Distributors with expertise across the key areas of infrastructure, UC and security have a unique value and role to play. They can advise, support, and work with customers to engage in conversations they may have been unable to entertain previously. Backing up leading technology with fully accredited, multi-skilled professional services extends a partner’s capabilities, capacity and coverage. Customers can lean on their partner who in turn can lean on its distributor, one with unique access to their vendor partners. It’s a potent proposition.
Think outside the office
All partners need do is think outside the office. Complementing their UC expertise with market leading security expertise is a mindset and driven by legacy – ‘someone else does security’. The opportunity is enormous. The market is measured in billions, is growing, and is one where CTOs can’t keep pace with the digital tsunami and rapid threat development. Plus, the odd human ‘say-do’ paradox means most organisations say security is a key concern, yet few do anything strategically about it (GDPR a case in point) and just have a reactive posture. So, why wouldn’t a partner adapt and engage with this UC complementary world of security?
The answer is not a paradox but one we can all work together to easily solve. Customers will thank us for doing so.