Data protection services will be a top-priority initiative for security customers in 2009, according to a recent TechTarget survey of more than 900 security professionals. The results come in the wake of the recent catastrophic Heartland Payment Systems data breach, the effects of which have yet to be fully realized
As companies face increased pressure to ensure their sensitive data is secure, it's clear there are plenty of opportunities for security solution providers to come to the rescue.
Approximately 70% of survey respondents considered data protection to be of the utmost importance, including laptop, desktop and drive encryption.
"There's a big market for assessments and penetration testing," said Andrew Plato, president of Anitian Enterprise Security, a security solution provider headquartered in Beaverton, Ore. According to Plato, these are the basic data protection practices that customers are letting go by the wayside. Plato went on to say that solution providers need to educate customers about these basic security processes, which sometimes get left behind in favor of more exciting technologies, such as NAC and application whitelisting, that may be more interesting to research and deploy.
Security solution providers can create additional revenue by helping customers with systems management. Many data protection systems, such as endpoint encryption, are complicated to install, Plato noted, and require management.
"The opportunity there is good and definitely growing, but keep in mind that the margins on the product side are getting slimmer," Plato said, noting that as products become more commoditized, the need for the services of security solution providers will wane. Until then, however, the management of data protection systems is a necessity.
A solution provider cannot consider data protection management without thinking about compliance. Ever-changing rules and regulations ensure that compliance will continue to drive security activities in enterprises and SMBs alike. Roughly 72% of respondents indicated that compliance regulations are the reasons behind their data protection interest.
"While I think compliance is probably a driver, it's more about trying to stay out of the papers," said Allen Zuk, president and CEO of Sierra Management Consulting LLC, an independent technology consulting firm in New Jersey. "Nobody wants to have a security breach and then find out that they could've avoided that."
This presents a significant opportunity for security solution providers specializing in compliance regulations, including HIPAA and PCI DSS. Customers will need constant consultation to remain compliant, as there are no products that will make a company compliant outright, as Plato discussed in a recent SearchSecurityChannel.com FAQ guide on PCI compliance.
While compliance is the main reason behind building interest in data protection, the importance of preventing or decreasing insider breaches was also a factor noted by 59% of respondents. Whether the insider data loss is intentional, companies can no longer afford to ignore such problems, which solution providers can help solve.
Zuk stresses the importance of education in keeping customers secure. Customer education, which should take place on a regular basis, plays a big part in data protection. Solution providers cannot expect to simply tell customers about new products, Zuk said. Rather, they need to be prepared to help with implementation and upkeep.
"It's really a matter of a solution provider being able to come in and say, 'Look, I can work with you,' and become more of a trusted advisor," Zuk said. Solution providers, he added, need to be well versed in all products on the market, as well as how to deploy and maintain them, and answer any questions their customers may have.
An area that 71% of respondents noted they need to improve upon in the coming year is data leak prevention (DLP), specifically via flash drives and USB tokens. Zuk said that customers who do not have a policy in place to secure such portable data will have trouble going forward. This presents yet another revenue opportunity for solution providers. Furthermore, the implementation of DLP technologies, like endpoint security products, is not a straightforward process, Zuk noted, so solution providers should be involved from start to finish.
Another area of data loss prevention that respondents consider important is preventing data loss via email and the Web. Nearly three-quarters of respondents indicated that they are concerned with email and Web security.
Zuk, however, believes that email and Web security will not be as problematic for customers as portable media, noting that the security level of the two technologies are often intertwined.