When it comes to security, danger lurks everywhere. threats come in the form of garden-variety viruses, worms and spam, as well as more sophisticated forms of intrusion such as spyware and hacking. But thats not all. IT security these days also requires formulating strict data access policies to comply with federal regulations to protect sensitive information. And when remote access and wireless connections are at play, additional layers of security and access control become necessary.
End-user organizations are beginning to get a sense of the full scope of the security need, and some are even allocating more of their IT budgets to security, say VARs and integrators. But many, if not most, still have a limited understanding of the need for airtight data protection.
"For many customers their consciousness stops at needing to install a firewall, implementing virus protection and e-mail security," said Bill Riddick, president of Computer Service Partners Inc., in Raleigh, N.C.
Riddicks company is one of the many VARs and integrators evangelizing the need for customers to think of security as an ongoing project that entails assessment, prevention and remediation.
Often customers buy a security solution, have it installed and assume that by doing so they have disposed of their security issues, said Chris Redshaw, president of Future Vision Inc., also in Raleigh. Then a new virus hits or a more sophisticated hacker exploits a breach, and customers wonder if theyve been had.
Future Vision conducts assessments free of charge and recommends actions and time frames for addressing issues. If the assessment turns up six issues, it may be that only one or two represent an immediate need, while the others can be solved later, Redshaw said.
The assessment is important because it exposes problems the customers dont even know they have. Through assessments, a VAR can determine if a customer has appropriate protection against outside intruders, locate where data resides and travels, and ensure that internal users access to data is restricted according to their need to know, said Ray Morton, director of technical services at Daly Computers Inc., in Clarksburg, Md.
"The security for a computer is only the tip of the iceberg," Morton said.
Customers often dont realize they need these assessments, or they put them off for budgetary reasons. The result is exposure through breaches that can be exploited by outside intruders or even internal users who may or may not be acting maliciously.
VARs and integrators see security as one of the major ongoing business opportunities in the IT channel. Security projects help move product, including software, storage and servers.
More important, security opens the door to recurring revenue potential for VARs and integrators that bundle security installations and maintenance with managed services contracts.
"We offer customers several layers of network defense and solutions that scale to their businesses," said Tommy Wald, president of Riata Technologies, in Austin, Texas. "Managing these solutions [for] customers has become a mainstay in our managed services practice."
PMV Technologies, in Troy, Mich., also offers security as part of managed services, said Executive Vice President Scott Goemmel. Under managed services contracts, PMV takes over all or part of a customers IT department and, therefore, is responsible for running and protecting the customers systems.
"Were accountable, and weve structured our program so we share the risk with our customers," Goemmel said.
For small and midsize customers, having security handled as a managed service is a cost-effective way to ensure that experienced engineers with the proper certifications are watching over their systems, Goemmel said.
For PMV, it is also cost-effective because managed services afford the company a level of install-based consistency that would not be possible in traditional settings. So when an anti-virus update or firewall patch is needed, getting it to managed services customers becomes easier, Goemmel said.
VARs and integrators have identified the SMB (small and midsize business) market as a growth opportunity for security. As the level of technology that SMBs adopt increases in sophistication, so does the need for data protection.
Be it biometrics or smart cards to control access, regular software updates to fight viruses and worms, or increasing server and storage capacity to accommodate security needs, protecting data is critical to business. And while too many organizations havent done enough to protect themselves, VARs and integrators are pleased that awareness is increasing.
Pedro Pereira is a contributing editor for The Channel Insider.