Service provider takeaway: Value-added resellers and systems integrators can weather a recession by following market trends toward integration and services and helping their customers do more with less.
The last few years have been good for security-focused value-added resellers (VARs) and systems integrators. Regulatory compliance kept wallets full and projects moving forward. But 2008 has brought with it a headwind that will impact the information security business over the course of the year, and that means change. To recession-proof their businesses, customers need to change their approach to information security, and the channel needs to shift its focus accordingly.
Based on indications from the stock markets and the U.S. Federal Reserve, we'll be spending at least part of 2008 in a global recession. As a result, customers will be tightening their belts. Discretionary expenditures will fall off the plate and some projects previously deemed critical will be hard to push through. When positioning information security products, you need to help customers understand how the expenditure will either help them make or save money. In a capital spending freeze and most likely a resource contraction (yes, that means layoffs), companies think less about making more money and more about how they can shave expenses to recession-proof their business.
That means you'll need to play into the integration wave. The past few years have resulted in a lot of security products being acquired and end users not knowing how they can/should work together. There has been no leverage and that means companies are spending a lot more than necessary to manage all of this stuff. Let's dig into three technologies that will benefit from a security integration trend.
- Unified threat management -- UTM has been a catalyst for security spending over the past few years and I expect that to accelerate in 2008. A lot of organizations have budgeted for firewall/VPN and perhaps intrusion prevention system (IPS) upgrades, and that means they are ripe for an integrated unified threat management solution to decrease operational costs and increase leverage.
- Integrated endpoint suites -- Antivirus (AV) is making a comeback this year. Actually, not AV, but what AV has morphed into -- a broad antimalware suite. This includes virus signatures, antispyware, rootkit detection and increasingly full data encryption. The big AV players have been busy acquiring everything that isn't tied to the bedpost, and now they are finally in a position to deliver a broader suite that will justify an upgrade and more significant customer investment.
- Security management platforms -- When resources are tight, customers can throw automation at the problem to get more output from fewer people. Operational tasks like log correlation, monitoring and compliance reporting can be further automated with next-generation security management platforms. These are built on top of a log management engine, adding attack correlation (security information/event management) and monitoring (network behavioral analysis).
The second major wave that the channel needs to get behind is outsourcing. When things get tough, customers are more likely to focus on their core competence and let someone else (you) handle operational tasks. As a result, the trend toward VARs expanding into information security services will continue. Many VARs have already been moving in this direction and are well-positioned to deliver on bids for firewall and IPS monitoring, log management or content security (spam and Web filtering) service offerings.
I hope you've noticed what was conspicuous by its absence: the overhyped network access control (NAC) and data leak prevention (DLP) spaces. You may as well throw virtualization security into the mix as well. I think these spaces will struggle in 2008, as customers focus on cutting costs as opposed to investing for the future.
Take, for example, network access control. How does NAC help customers save money? There are lower-cost alternatives to protecting the network against insecure clients, like keeping the existing switch infrastructure intact and maybe routing all conference room traffic through an SSL VPN device. That may not be as elegant or functional, but it's certainly feasible and doesn't cost any money. The same arguments can be made for DLP and lots of other emerging categories.
We've seen economic downturns before. You know what to do. Act as a partner to your customers and help them streamline their security operations, and you'll be fine.
About the author
Mike Rothman is president and principal analyst of Security Incite, an industry analyst firm in Atlanta, and the author of The Pragmatic CSO: 12 Steps to Being a Security Master. Get more information about the Pragmatic CSO at http://www.pragmaticcso.com, read his blog at http://blog.securityincite.com, or reach him via email at mike.rothman (at) securityincite (dot) com.