Page 1 of 2
Compliance regulations are becoming more stringent but provide a starting point for SMB customers to enhance their IT security infrastructure.
During an Everything Channel Virtual Tradeshow panel Thursday hosted by Editorial Director Kelley Damore, security experts underscored that compliance regulations and an upsurge of data breaches are strong factors in driving security awareness, while opening up the door for channel partners to expand product and service offerings around data protection.
"We're seeing more threats are going from larger enterprise to the smaller enterprise. Now they want to steal the data for profitability," said Alex Quinonez, vice president of Americas operations for Cyberoam.
In general, panelists agreed that increasingly stringent regulatory compliance mandates, such as PCI, Sarbances Oxley and HIPAA have driven the awareness and demand for security across all market segments. However, compliance mandates are often just the beginning of a larger conversation about security, security panelists said.
"You've seen some of these regulations and rules of Internet policies drive a higher awareness," said Scott Lewis, vice president of partner marketing and enablement for Novell. "But never confuse compliance with security"
But although compliance was a factor in awareness, companies were increasingly enhancing their security posture and beefing up infrastructure in order to avoid being the target of a major malware attack or data breach, experts said.
"(Companies) are faced with that CNN moment, where they're forced to let everyone know that they just lost all their data," said Chris Doggett, vice president of global channels for Sophos. "That's where we're seeing security being driven by regulatory compliance issues and then turning to broader risk management issues."
Even still, security awareness is hard to instill in the lower market segments, panelists said. Subsequently, John McDonald, chief evangelist for RSA, the security division of EMC, said that mandatory compliance initiatives are useful to help drive awareness for smaller companies that lack a dedicated IT staff and security expertise. Compliance regulations also "open up a wider range of solutions that could reduce the size and scope of the problem, he said.
"A small- or medium-sized business generally looks at regulatory requirements as a check-off exercise," McDonald said. "The real question is 'what's the risk to my business?'"
One VAR on the panel said his company provided a two-page security checklist for his SMB customers, who often were more focused on running their business than securing their infrastructure.
