IT security has always been a moving target for businesses. The end result: Some do, some don’t and many don’t do enough.
However, as companies adopt mobile and cloud IT delivery models, and come face to face with privacy and compliance requirements, there’s renewed interest in IT security and new opportunities for channel partners. But providing security solutions will require that many solution providers rethink their posture, according to CompTIA’s recently released report, Trends in Information Security.
For starters, the industry association’s report noted that partners must thoroughly understand the regulatory climate for IT for both the benefit of their own business liability and that of their clients.
Today, 56% of channel partners offer some type of embedded security solution and 17% provide a standalone product or service, while 27% of 300 U.S. IT firm respondents cited offering no security solution.
The security report results revealed that the products offered by channel partners are in line with the way customers approach security, meaning that they commonly offer the core pieces of a security strategy such as network security, business continuity and email security. Many partners also noted that they offer data protection solutions. But according to the report, there are multiple types of data protection products on the market and those offered by any provider might not be as comprehensive a solution as necessary.
This means that partners should consider expanding their data protection solutions to offer customers a more comprehensive solution. There’s also room for partners to expand their security practice with compliance management, risk management, cloud security, identity access management, mobile security and security information and event management, according to the report.
So not only is there an opportunity for channel partners to broaden their security portfolio, there’s also an opportunity to create a more robust security posture for their clients.
Gartner predicted that the global IT security market would reach $71.1 billion in 2014, a 7.9% increase over 2013, and grow 8.2% in 2015 to reach $76.9 billion.
At the same time, the CompTIA report stated that security is growing in importance to businesses – 74% of U.S.-based firms said that security has a higher priority today than it did two years ago and 85% said that they expect it to have an even greater importance two years from now.
If channel partners aim for a bigger piece of the IT security spending pie, they’ll need to think about building out a more vigorous security practice, which, according to the CompTIA report, will become more of a necessity as businesses demand a soup-to-nuts approach to security that includes products, processes and people.
According to the security report, 19% of partners expect security revenue to grow significantly, 44% expect security revenue to grow modestly, 24% expect security revenue to remain flat and 2% expect security revenue to shrink.
About one-third of channel partners today offer either security as a service or managed security services. Looking ahead about 12 months down the road, approximately one-fifth of respondents, or 20% on average, have plans to offer one of these types of services, while almost 50% have no plans or don’t know if they’ll offer these types of recurring revenue services in the next 12 months.
Discussing security with customers
When it comes to having conversations about security with customers or potential customers, the report suggested that partners move away from talking about the need for security and, instead, discuss security incidents that made headline news and how these security attacks are becoming more commonplace. Then, partners could talk about the need for a comprehensive security strategy to plug common security vulnerabilities and a present a road map to creating a security plan.
According to the Trends in Information Security report, partners reported that as a result of security breaches making headline news, 33% of existing customers made inquiries about security, 31% reported new customer inquiries, 21% reported that headline events broadened the audience for security discussions, 18% engaged in proactive outreach and 48% did none of the above.
The topic of security remains complex at the customer level and requires education in order for businesses to understand the potential impact of security incidents and what mitigation strategies can do for them.