As IT oversight becomes a boardroom responsibility, security is achieving unprecedented credibility. For CRN's second annual Security Roundtable, we gathered solution providers representing a cross-section of the industry, from network VARs with burgeoning security practices to services-only companies completely dedicated to the field. The discussion was far-reaching, touching on the outbreak of application port viruses such as Blaster, the security appliance phenomenon, vulnerabilities in Microsoft software, and the challenge of how to sell a security solution without overplaying the fear factors. The following represents excerpts from the roundtable; there is also a separate story on Microsoft's security issues.
 | |
| |
Return on investment is an elusive concept when selling security solutions: It's widely acknowledged that this technology will save more money than it will generate. Given this reality, our experts have clear strategies for helping convince prospective customers to buy.
Gary Morse: We try to educate our clients that security is a process, not
a product. There is no shrinkwrap that they can take off the shelf and install and you are finished. First, all our clients have firewalls. So what? We are showing them the screen shots of the CEO's laptop [taken] from the outside to bring the point home. Clients realize that there is an entire security process there. People, products are certainly involved in it. But all too often we will get the CEO giving us the one-word buzzword answers about security. So we ask, 'What is your security plan?' And we get the answer: 'Well, we have a firewall. We have a VPN. We use encryption. We have a password.' We tell them if that's your plan for security, chances are you have already been compromised and you don't even know it.
Pat Grillo: Instead of calling it an ROI sale, which it's not, we call it an awareness sale. %85 It takes simple questioning, like if for some reason your network goes down 10 minutes, what's it going to cost you? How many people are hired [that need the] network that you are paying $50, $100, whatever, $1,000 that are not going to work for 10 minutes [if the network goes down]? How many orders aren't you going to get for that 10 minutes? So there is your ROI.
Robert Cohen: Your traditional buyer has also changed. The days of the discretionary budget in the IT manager's hands is long gone. Most purchases are pushed up the corporate ladder. The requirements and the explanation and sometimes the additional ROI product white papers that have to go with the sales are changing because the person reading it and approving it has changed. %85 Education to me is the key.
ON SECURITY APPLIANCES
This fall, the channel has been inundated with all-in-one security devices intended to provide an integrated approach. Our roundtable questions whether ease of use is a worthy trade-off for features.
Morse: Generally, the all-in-one appliance type, this is basically the opposite of the best of breed. I want to secure my network, I want to have the best architectures, best design, best firewall, the best of everything. Combining one thing from one company that supposedly does everything, I lose that best of breed.
Adam Lipson: They are clearly not for the large enterprise. They clearly let the smaller companies get in the game.
Cohen: No matter the size of the customer, this remains a thought-out, planned solution. It's really not going to be driven by a product or an appliance. Might there have been an appliance that's part of the solution and the recommendation and the long-term planning strategy? Sure. But that comes way down the food chain.
PRODUCTS VS. SOLUTIONS
Our roundtable participants firmly believe that security involves process, not just products. Given this context, they weigh in on the challenges of representing security vendors or taking a more independent approach.
Grillo: I visit all my manufacturer executives at least twice a year. %85 I reaffirm to them, 'Yes, we sold a few million dollars of your product last year, and you guys are all right, but I want to sell my services.' That's what is going to make my company grow; that's what's going to make me profitable.
Lipson: I think a sale could include all those services and could very well incorporate technology that already exists. But I may not have a need for products. A customer hit by a virus, they may have an adequate virus solution. They might not have a policy or procedure or methodology, audit trail or someone checking their log, which impacts their ability to use that technology.
Cohen: An interesting trend: The planning budgets for next fiscal year, the fiscal after, are having line items for security where a substantial amount of companies the previous year didn't, or they were small. So these are actually dollars that are planning to be allocated because of the things going on in this industry, and you can go after it.
|
Symantec's Code Red: The Law Enforcement/Anonymous E-Mail Exchange Law enforcement officials negotiated via e-mail for more than two weeks with an Anonymous group member trying to extort $50,000 from Symantec to keep stolen product code off the Internet. |
|
How To Sell IT Security Services To Your Customers Cyberattacks can cost a business thousands, even millions, of dollars, and can deal a death blow to some. Here's how IT solution providers can help guard against malicious attacks. |
|
Cybersecurity Experts: What They Know Could Scare You A recent report based on interviews with security experts in government, business and academia finds more than half in agreement that a worldwide arms race is taking place in cyberspace. |
 More
Slide Shows |
- Insider Threats: The Next Frontier for Security Resellers and SMBs
- Complete Security and Your Bottom Line: Sophos, Value and the Channel
- Tough Threats, Tougher Security: How You Can Leverage New Solutions To Combat A “Targeted Attack” Landscape
- Dark Clouds Ahead: Why the Mid-Market Needs To Ramp Up Cloud Security and How You Can Help Them Get There
