2006 was an interesting year in security. The constant consolidation in the security market brought a number of multi-billion dollar deals as ISS and RSA were acquired, creating uncertainty as to their continued commitment to the channel. Spyware
It's pretty clear that we will see more of the same in 2007, but security VARs will prosper by staying ahead of the curve. Here are four areas to focus on to see profits soar over the next 12 months:
- Awareness training – It's no secret that users are the weakest link in any customer's security environment, but most companies devote precious few resources to train end users on proper computing behavior. This creates a huge opportunity for the channel to get into the awareness training game, which can be sold as a service and creates a constant presence within customer environments.
- Integration – There are opportunities for customers to rationalize their defenses on both the perimeter and the endpoint. Whether it's reducing operational costs or making the products work better, migrating customers to integrated security "systems" like unified threat management and endpoint security suites will be a big opportunity.
- Application layer – Many customers have spent all their time ensuring their perimeter and endpoints are protected. But by neglecting the path of least resistance for the bad guys – the application – customers found themselves at risk all year. By looking at Web application firewalls and database monitoring solutions, you can close down these exposures.
- Automated penetration testing – Vulnerability management only tells customers what is potentially at risk; automated penetration testing tells the story of what is REALLY at risk. Commercial solutions are available that can also test the ability of users to avoid social engineering attacks, so you can help your customers increase their security posture on multiple levels.
But not all will be roses in 2007; security resellers will need to start making some big changes to their line cards that will involve tough decisions. Why? Because as consolidation ran rampant in 2006, a number of security vendors now have comprehensive product portfolios. Those vendors are going to increasingly demand loyalty from their resellers, which means you'll be expected to pare down the number of products you carry.
Flexibility has always been the watchword of the reseller, and the manufacturers forcing line card contraction has the potential to impact flexibility. So it'll be an interesting year in 2007 as resellers figure out whether their value is in bringing a diverse set of offerings to customers, or whether it's about integrating a full product line from a small number of bigger vendors.
About the author
Mike Rothman is President and Principal Analyst of Security Incite, an independent information security research firm. Having spent over 15 years as an end-user advocate for global enterprises and mid-sized businesses, Mike's role is to educate and stimulate thought-provoking discussion on how information security contributes to core business imperatives. Prior to founding Security Incite, Mike was the first network security analyst at META Group and held executive level positions with CipherTrust, TruSecure, and was a founder of SHYM Technology. Mike is a frequent contributor for TechTarget and a highly regarded speaker on information security topics.
This was first published in December 2006