The State of Security: Integration And Interoperability At Issue2:35 PM EST Sun. Jan. 21, 2007
Security software supposedly isn't the black art of yesteryear. GUI-driven management consoles, installation wizards and plug-and-play configurations have taken all the sweat out of the lockboxes, right?
"Most of the security products we install cause problems with all the network shares and the printer shares," says Lance Kivell, president of service provider Austin Network Services in Georgetown, Texas. "Out of the box, security blocks all of that stuff, and they're difficult to configure to let those things go through."
According to the VARBusiness State of Technology survey on security, integration and interoperability issues between security products and other parts of the IT infrastructure are major hindrances to solution providers' businesses. More than 57 percent of the survey's respondents cited interoperability issues as their chief obstacle to sales, narrowing out pricing by 5 points. Ranked third, at 44 percent, was lack of standards and poor interoperability.
"Better interoperability and integration would make our lives easier and our clients' lives easier," Kivell says. "That way, our clients wouldn't have to see us standing there for five hours trying to make things work."
Some might say that making disparate pieces of technology work together is the job of a solution provider. Midmarket and enterprise end users who participated in the VARBusiness Market Insight Report last summer rated technical expertise as the top value that solution providers deliver. Implementation time was fifth on the value list.
VARs, however, rely on repeatable processes to create efficiencies in their operations. The lack of standard-compliant security technologies, the numerous variables in configuring security software and hardware, and the associated problems resolving interoperability conflicts with network systems and applications simply slow solution providers down.
"You want a solution that fits everything," says Jerry Thompson, president of Memphis, Tenn.-based business document and bar code printing service company Proforma DMS. "When you're selling the product, it seems it doesn't work the way you proposed it to the customer. That softens your credibility, and you never want that to happen, especially when you're selling security products."
High Demand, High Hindrance
On all fronts, security is hot. In the VARBusiness Market Insight report of midmarket and enterprise IT spending and purchasing drivers, respondents named security and disaster recovery the top priorities for 2007. Regulatory compliance, which often includes heavy doses of security, ranked fourth.
Accordingly, VARs are reporting strong demand for security solutions. Increasing threats top the list of security sales drivers (73 percent), followed by loss prevention (61 percent), expanding customers' infrastructures (49 percent), regulatory compliance (44 percent) and industry requirements (37 percent).
The demand for security is pushing sales of top security technologies even higher. Solution providers report solid demand for firewalls, wireless security, data recovery, VPNs, network- and host-based antivirus, e-mail and VoIP security, application security and encryption.
Now's not the time to be slowed down or be incompetent in delivering security solutions. Naturally, solution providers generally seek the best technologies in terms of quality and reliability. High on their list of desired product attributes, though, are capability and ease of integration, and ease and speed of deployment.
"It isn't easy picking security products, because it seems like there are so many different pieces to the puzzle and there are no standards," says Sheldon Penner, owner of Amicus Data in Gladstone, Ore. "I have to do all this research, and most customers won't pay for me to find that information."
NEXT: Dealing with "some idiot" for tech support
The integration problem is so pervasive that many VARs will stick with the solutions they have invested time and money in. Along with that comes revenue from the services and integration work required to make security products work.
"The integration is difficult; there are so many software and hardware opportunities, you don't know what to buy," says Robert Brown, the general manager at Professional Technology Integration, a Seattle-based Symantec and WatchGuard Technologies reseller. "Then you look at profit opportunity, but does that really matter? I've been reluctant to make changes in our model because we have Symantec down and we know what we're doing."
Solution providers sang the same song about evaluating vendors to partner with or to purchase security products from. Topping the list of desired vendor attributes was quality of technical support, followed by presales and postsales support. This reflects the trouble and challenge solution providers have in deploying and integrating security solutions with other security products or with customers' existing architectures. When something goes wrong or if the product isn't working to spec, they want a vendor that can supply quick and accurate remediations.
"Whenever I call tech support, I get some idiot that keeps me on the phone for an hour and a half," Austin Network's Kivell says. "I want to talk to a person that can get the problem taken care of quickly."
The results aren't too shocking, considering security solution providers have consistently ranked integration and tech support at the top of the VARBusiness Annual Report Card evaluation criteria. These are also areas where major vendors, such as CA, Check Point, McAfee and Symantec, received low scores.
The integration problem is exacerbated by the fact that most VARs are implementing products without the help of vendors' field support. More than 60 percent of solution providers are selling and implementing security solutions on their own. Comparatively, only 41 percent are working with vendors on implementations, and 26 percent work with distributors.
Of the surveyed VARs, 37 percent said they lack the technical expertise to effectively implement security solutions; 32 percent said they receive poor vendor support. While many solution providers are selling security, it seems few have the depth or experience necessary to fully capitalize on the market opportunities.
In the Market Insight report, 40 percent of end users said it was important for their VARs to hold vendor security certifications. Chief among the security vendor certifications were Cisco's, McAfee's, Microsoft's, Sun Microsystems' and Symantec's. But 43 percent of VARs say they can't afford the expense of training and certifying their staff in security technologies.
The skill shortage and integration challenges are particularly troubling when you consider that the lowest revenue-generating security software technologies, according to the State of Technology survey, are federated identity management, auditing and forensics, compliance management, intrusion-prevention/intrusion-detection systems and endpoint-security-compliance products. Those require extensive fine-tuning.
"Building the stable of expertise has been challenging...you have to find the right people to work with customers in a consulting role," says Jim Bakic, sales director at Innovative Computer Solutions, a Milwaukee-based Fortinet partner and managed security-services provider. "Most of the people we've brought onboard are people we've had past relationships with."
Conversely, the top revenue-generating security-software technologies--storage security, security policy management, configuration management, patch management and security-information management--are relatively more mature. The more experience solution providers have with a technology, the easier it is for them to integrate and maximize their revenue.
NEXT: Profit remains a mystery
Based on the numbers, it appears that integration difficulties, the inability of VARs to get up to speed technically and poor vendor support put many security VARs at a competitive disadvantage. Lacking the resources to certify staff will cause solution providers to gravitate toward vendors with simpler technologies.
If solution providers are having a hard time sorting out the security technologies, their customers are completely in the dark on their security needs.
"My customers don't care about deployment difficulties; they only care about what they have to do to adopt the technology so they can finally get rid of the fax machine," says Greg Dumas, director of industrial IT services at DST Controls in Benicia, Calif.
While tech integration and configuration problems are challenging enough, solution providers say they spend an equal--if not greater--amount of time educating customers.
"The biggest thing that we offer as technology providers is education," Amicus' Penner says. "I get so caught up in running from one fire to another, education isn't what I should be doing."
But it's education and awareness that prove beneficial to solution providers. Those who make the initial entry to a customer site with an elementary technology--such as unified threat management for a small office--are finding that ongoing conversations with clients are opening up new opportunities.
|Search our 2007 State of Technology: Security Research|
|Select a question:|