Virtual Tradeshow: Compliance Drives Security Awareness, Opportunities

Compliance regulations are becoming more stringent but provide a starting point for SMB customers to enhance their IT security infrastructure.

During an Everything Channel Virtual Tradeshow panel Thursday hosted by Editorial Director Kelley Damore, security experts underscored that compliance regulations and an upsurge of data breaches are strong factors in driving security awareness, while opening up the door for channel partners to expand product and service offerings around data protection.

"We're seeing more threats are going from larger enterprise to the smaller enterprise. Now they want to steal the data for profitability," said Alex Quinonez, vice president of Americas operations for Cyberoam.

In general, panelists agreed that increasingly stringent regulatory compliance mandates, such as PCI, Sarbances Oxley and HIPAA have driven the awareness and demand for security across all market segments. However, compliance mandates are often just the beginning of a larger conversation about security, security panelists said.

"You've seen some of these regulations and rules of Internet policies drive a higher awareness," said Scott Lewis, vice president of partner marketing and enablement for Novell. "But never confuse compliance with security"

But although compliance was a factor in awareness, companies were increasingly enhancing their security posture and beefing up infrastructure in order to avoid being the target of a major malware attack or data breach, experts said.

"(Companies) are faced with that CNN moment, where they're forced to let everyone know that they just lost all their data," said Chris Doggett, vice president of global channels for Sophos. "That's where we're seeing security being driven by regulatory compliance issues and then turning to broader risk management issues."

Even still, security awareness is hard to instill in the lower market segments, panelists said. Subsequently, John McDonald, chief evangelist for RSA, the security division of EMC, said that mandatory compliance initiatives are useful to help drive awareness for smaller companies that lack a dedicated IT staff and security expertise. Compliance regulations also "open up a wider range of solutions that could reduce the size and scope of the problem, he said.

"A small- or medium-sized business generally looks at regulatory requirements as a check-off exercise," McDonald said. "The real question is 'what's the risk to my business?'"

One VAR on the panel said his company provided a two-page security checklist for his SMB customers, who often were more focused on running their business than securing their infrastructure.

Next: Focus On SMBs

"The whole thing starts with education at the SMB level," said Luigi Giovanetti, co-owner of CPU. However, that deficit at the SMB level opened up an opportunity for channel partners to drive value for the product by providing the necessary solutions and by educating their customers with a wealth of assessment, training and pre-and post-audit services.

Recent state-level data legislation, including one in Massachusetts, also serves as a starting point for businesses and helpes provide opportunities for partners to upgrade their customers IT security infrastructure.

"At least it's some sort of base. People need to be prepared in advance," Quinonez said.

"As a byproduct, you are getting a lot of benefits out of it, like awareness of what's happening in the infrastructure," McDonald added.

To make their SMBs customers compliance/audit ready, channel partners often have to start from the beginning, usually with some kind of risk assessment, then secure the perimeter, lock down the endpoint and network access and then move on to encryption and data protection at rest and in motion, panelists said.

But an abundance of consulting and assessment services tailored to every step of the regulatory compliance process could likely be one of the most profitable opportunities for channel partners, panelists said.

"There's a lot of service work to be done there, from the beginning and through the process," Doggett said. "That's a tremendous opportunity for VARs."

Meanwhile, as the marketplace becomes more competitive, VARs with specializations and certifications in areas such as PCI, HIPAA and health care security consulting, will be positioned to drive higher revenue, Lewis said.

"A lot of the broad certifications will serve you well," he added.

And security experts said that the uptick in demand for security services was, in part, driven by a noticeable increase in security spending and a greater demand for security as a whole.

"People are spending money now," Giovanetti said. "It's coming around and it's coming back."