VARs See Big Opportunity In Regulatory Compliance
Solution providers are trying to capitalize on opportunities to satisfy compliance regulations for laws such as Sarbanes-Oxley, Graham-Leach-Bliley and HIPAA, as well as recommendations from the Federal Financial Institutions Examination Council and a growing number of individual state laws for data security breeches.
According to Tom Gobeille, president and CEO of solution provider Network Computing Architects (NCA), Bellevue, Wash., 2006 is the year of compliance. “Look for smaller projects and build your expertise,” he said earlier this month during a panel discussion at the 1NService National Meeting in San Jose, Calif., for members of the national services network.
Solution providers can&'t afford to get in over their heads because there are serious liability concerns if an auditor finds that the customer fails to be compliant, Gobeille said.
Ross Toole, president of Applied Microsystems, an Anchorage, Alaska-based solution provider, said his company sells a Sarbanes-Oxley compliance tool, stressing that it is important to partner with other VARs and share in the expertise and opportunities for compliance solutions.
Compliance solutions can be a tricky business because it takes time for new regulations to become clear, said Christopher Labatt-Simon, CEO of D&D Consulting, a networking infrastructure solution provider based in Albany, N.Y.
“I don&'t think there&'s a good answer because it&'s driven by the auditors,” Labatt-Simon said. It took years before all of the HIPAA privacy regulations were understood, he said.
Pat Grillo, CEO of Atrion Communications Resources, Branchburg N.J.-based solution provider, said that the problem with trying to understand how to sell compliance solutions is that the regulations are not static.
“Compliance is ever-changing,” he said. “Once you think you&'ve got it figured out, you don&'t.”
Tim Hebert, COO of Atrion Networking in Warwick R.I., said that compliance is not only about selling the right types of software or hardware tools that companies need to be compliant. Another key piece is to educate customers on best practices.
“It&'s an odd beast. Compliancy is really about people, and helping them put those tools in place,” Hebert said.
Compliance regulations are causing other challenges as well for solution providers.
Some VARs said they are reluctant to pursue the compliance opportunity because of potential lawsuits that could spring up should customers fail to reach compliance. No solution provider should tackle compliance offerings without up-to-date liability insurance, panel speakers said.
Others are finding that customers want to separate the product and services aspects of the project across multiple VARs.
Gobeille said that his company has recently heard from customers that want NCA to provide either the consulting service or the hardware and software solutions, but not both.
“I think it&'s new territory for everybody,” he said. “Some companies are telling us we have to choose, and some are telling us they&'re getting uncomfortable.”
“This is just one more way for them to say they&'re doing everything they can to safeguard their company, Gobeille said.