VARs Prosper By Providing Compliance Solutions To Verticals

Along the way, they helped create a brand-new market for solution providers.

Today, technologies that facilitate compliance with federal regulations, particularly in the health-care and financial-services industries, are among the top sellers for solution providers.

"We can't provide these [compliance] solutions to customers quickly enough," said Ed Smith, director of security solutions at Forsythe Technology, Skokie, Ill. "Enterprises are struggling to keep up with this stuff, and when they need help, our business booms."

Projections indicate that public companies are expected to spend $6 billion in 2005 to become compliant with various regulations, according to AMR Research.

Solution providers said they are working with a variety of vendors to build compliance solutions for customers. Don Kirk, president of Secure Computing, Marietta, Ga., has been making money "hand over fist" by reselling managed encrypted e-mail services based on technology from Voltage Security, Palo Alto, Calif.

Voltage formally launched its channel program at the RSA Conference earlier this month. The company's technology bypasses complicated public key infrastructure (PKI) encryption, instead employing a simplified schema that bases encryption on a person's identity. The technology addresses privacy requirements stipulated by HIPAA, making it popular among customers in the health-care field, Kirk said. "Many of my health-care customers say there could not be a better solution in the eyes of HIPAA," he said. Mark Williamson, vice president of strategic programs at Patriot Technologies, a solution provider in Frederick, Md., is tapping a new mainframe security product from SSH Communications Security to help customers comply with regulations.

Earlier this month, Boston-based SSH launched a new version of the SSH Tectia security administration system for IBM mainframes that provides secure system administration, application connectivity and file-transfer functionality while protecting data through identification and authentication of users.

"The product meets all of our customers' regulatory requirements," Williamson said. "It offers a balance of management, operational and technical controls." Computer Associates International, Islandia, N.Y., recently entered the compliance market, too. The firm's eTrust Policy Compliance is a version of its eTrust security suite that implements vulnerability-assessment tools, develops and enforces enterprisewide security policies, and provides appropriate audit-ready documentation.

Elizabeth Mann, managing director at Mycroft, a solution provider in New York, said the eTrust compliance tool integrates with other aspects of the eTrust suite for a complete security solution. "Customers want to see a real integration of products," she said. "It's nice that it is not an all-or-nothing process."

Shaq Khan, CEO of solution provider Fortifire, Hayward, Calif., said the LX products from LogLogic, Sunnyvale, Calif., are among his best-selling compliance tools. The LX line offers rate-based anomaly detection, root-cause correlation, and support for VPN log analysis. It also boasts domain virtualization for ad-hoc analysis on any log source or group of sources, regardless of the physical location.

"The LogLogic solution makes an organization be aware of the network in realtime and take action for all alerts," Khan said. "The product saves customers time and money while it helps them comply with regulations designed to secure personal information."