In recent weeks there have been a number of high profile security attacks including RSA Security, Trip Advisor, Play.com and the data breach at Epsilon. Linda Endersby examines the effects on the channel
Significant security breaches are always big news; the reverberating effects across the community can go on indefinitely, particularly if highly sensitive data has been put at risk. Many groups within the channel are seeing a definite increase in security awareness and concern in their customers.
Ross Walker, director of distribution & small business UK & Ireland at Symantec, believes that security is at the forefront of customer's minds,
"Whether you're a social surfer, small business owner, public sector agency or corporate entity, security is the number one priority for 2011. With this in mind, the opportunity for growth and customer acquisition has never been greater for the channel. With an influx of mobile technology and social networking tools within the enterprise world, businesses have never been more aware of the potential security vulnerabilities. In our latest Internet Security Threat Report we looked into these issues. It revealed that 2010 saw 163 vulnerabilities in mobile device operating systems - a significant jump from 115 in 2009, so this really is an area businesses need to focus on."
Scott Tyson, EMEA channel manager at Bradford Networks, agrees there has been increasing awareness in recent months.
"There seems to be increasing awareness due to the frequency and variety of threats emerging out there and the publicity they receive. Of course, it's nothing new to IT security professionals, but awareness is increasing outside of those functions - within other departments of an organisation, and even outside the business environment altogether as consumers like you and I have received notices from our banks, healthcare providers, and internet service providers that some portion of our personal information may have been exposed."
Roy Pickard, Enterprise Channel Manager, UK & Ireland, SafeNet, adds that the recent high profile breaches have been a real "wake-up call" for some users.
"Securing only one part of the information lifecycle risks information breaches. They are asking themselves if their authentication security is sufficiently protected. A good outcome of the recent incidents is that they will make organisations raise the standard of their data protection strategies.
Understanding the threats
"It also questions the value of the perimeter defence model as an effective part of a data protection strategy. Already this approach was tarnished and we would regard the recent wave of security breaches as further eroding its credibility," says Pickard.
Indeed concern from many customers is the risk to their business. Understanding the threats, their vulnerability, and the best advice for protection is paramount. In addition to the concerns of the IT teams at board level there is increasing worry over the value of data and potential liability.
Paul Davis, Director of Operations Europe at FireEye that the awareness around security might be high but customers are looking for help cutting through the confusion.
"The issue is the ability to quantify and qualify the broad range of threats. They're looking for clarity - real insight into the nature of these advanced threats. Clarity that conventional defensive technologies fail to deliver
On 12 January 2010, Google disclosed it was one of more than 20 companies successfully targeted by a coordinated effort using Modern Malware to gain access to sensitive systems and confidential information. Companies known to be targeted were within a variety of industries, including the financial, technology, and chemical sectors. These attacks later became known as 'Operation Aurora' and are a very useful example of what modern attacks and malware actually look like--and how commonly used security technologies failed to combat these advanced, persistent threats. Every day there is another story highlighting a breach somewhere in Europe" Paul goes on to caution; "At the same time, more and more businesses and consumers are storing data on the network, or "in the cloud," and conducting transactions through the Internet making cyber crime more attractive than ever."
Johnathan Cooper the ArcSight EMEA Channel Manager advises those resellers that are treading a well-worn and familiar sales pitch to be aware it might not have the same impact in the current climate.
"Customers are becoming increasingly aware that the approach they've taken to security in the past is no longer sufficient to protect them going forward, and as a result are looking to the vendor and consulting community for help. The space in which ArcSight operate, which Gartner calls Security Information and Event Management, is one of the fastest growing security segments with a CAGR of over 20% according to IDC, while Information security itself continues to be one of the fastest growing IT market segments."
Channel players are placing emphasis on two areas with their approach to customers. Firstly communication and education, and equally, ensuring a strong link with partners to cover all concerns.
Paul Davis Director of Operations Europe at FireEye reports "We haven't adjusted our approach, but we're looking to accelerate the engagement and on boarding of new partners. We need that partner reach, the trusted relationships they have, to reach more organisations. Partners get it, customers are concerned, the threats are real. We need to ensure our revolutionary approach to addressing these advanced threats reaches more organisations."
Chris Cesio, VP Worldwide Channel Sales at Imperva advises that business has increased dramatically with the new threats "Our adjustments to our customers have been to increase our partner support team, increase awareness and education programs and most importantly be proactive in helping our customers solve their security concerns"
But that growth in the awareness of threats and the subsequent pleasant knock-on in business comes with its own challenges for channel partners.
"The key challenge is to make sure there is effective communication to customers without creating panic within the customer base. In the first instance customers want to be able to make informed decisions and radio silence is not an option. In the case of security compromises, no news isn't good news," says Etienne Greeff, Professional Services Director, SecureData.
Simon Leech CISSP CISM, Manager, Solution Architects EMEA, Enterprise Business, HP TippingPoint Group agrees; "We have certainly used the attacks as an opportunity to share information with our customers, and have published a number of blog entries regarding different aspects of various attacks. These have served to provide a different viewpoint on the attacks, as well as suggestions on how organisations can protect themselves from falling prey to such attacks"
With these concerns in mind, what can customers and indeed, those within the channel do to best protect themselves?
The Information Security Forum suggests "Recent high profile security attacks have certainly raised awareness both amongst security providers and customers of the need to take responsibility for personal and business data irrespective of whether this is held on-site or by a third party. Whilst many organisations may have previously felt that their data was in "safe hands" these recent attacks demonstrate that there is no such thing as totally safe and it is incumbent upon organisations that hold such data to ensure that they are applying the most appropriate controls to manage risk in this area. For organisations that have outsourced or handed over data to a third party, then the time is now right to re-assess and review the security processes being applied by that third party."
The ISF goes on to advise its members and other organisations to "review its critical supply chain providers and conduct third party assessments on these key organisations in order to be aware of the risk profile that may or may not be acceptable to them. With any provider we propose members work through the ISF four-step approach to working with external suppliers: identify and classify the suppliers you wish to work with, agree the security parameters that are acceptable to both parties, validate the third party's security and agree the termination process."
In addition many partners are again emphasising the three main areas of risk and how to assess and strengthen them leading by example and many resellers will have to accept the need to have their own security policy is under constant review to make sure it adequately protects digital assets.
Accepting the huge impact of new technologies and the cyber-criminals that research them, Vinod Chamdal, Sales Director, UK and Ireland, Astaro agrees that looking at people and processes are also vital to protection"With new technologies like cloud or mobile computing advancing, it is getting more challenging for IT departments to effectively protect a company on all angles as a single Firewall in the main office is not enough anymore. "Astaro has analysed and evaluated most of the latest security issues that have occurred, as well as having talked to hundreds of partners and customers to better understand their needs and pains.
"We have developed guidelines for our channel partners and their customers to ensure that every important aspect of IT security is evaluated and a plan put in place to ensure they can achieve best possible protection for their company, employees and data, while making sure all areas are on the same security level.
"Each of the listed areas needs to be taken care of in order for the wall to be stable: If one block is disregarded, the whole wall can de-stabilise and collapse. If you do that, you are farther ahead of the average company when it comes to IT security."
BOX: Keeping up
The common view is that with the speed of change and development in the IT world the challenge of security and the mitigation of risk is huge. No single area can be seen as lacking, nor can any one action protect against threats now and in the future. Organisations across the channel and individuals at home will be reviewing their security as a result of every high profile issue and the ISF advise that the size and scope of reviews will vary widely but offers the following advice:
"Such attacks are a very real challenge for security departments everywhere, and it is causing them to reflect I think on the way they need to adapt to become more proactive and aligned with the reality of business today. The days of blocking and stopping are gone - as security professionals we need to adopt a much more strategic, visionary perspective and put in place policies and controls that take this forward looking approach and allow us to anticipate and plan for the unexpected."
The ISF would offer these three guidelines:
1. Evaluate contingency arrangements - plan for the worst and hope for the best
2. Undertake business impact assessments
3. Introduce common risk language and understanding by the business of the threats posed to the organisation, whilst seeking pragmatic ways to assess and manage risk holistically."
So the channel and governing bodies agree on the holistic approach. However while the cybercriminals seem to be working on similar lines there seems to be much work to do to keep these stories from hitting the headlines.
This was first published in April 2011