Security will continue to be a hot practice area for resellers this year, as worldwide spending on security hardware, software and services rises as high as $44.8 billion in 2007, according to IDC of Framingham, Mass.
Factors driving increased spending on security include the need to comply with increasingly 'net-aware regulations, the move toward high-value but vulnerable networked applications such as unified communications, as well as refinements in network security such as an increased emphasis on gateway/perimeter security, and the gradual merging of security, system and storage management.
Just keeping up with rising volumes of spam, phishing, viruses and other threats is stretching the resources and patience of many end-user companies. It's the improvements in security implementations that will make one value-added reseller (VAR) more successful than another, analysts said.
One major market-development opportunity is something IDC calls "3S" -- the gradual merger of security, system and storage management.
The upshot is that VARs and integrators will have to take a cross-disciplinary approach to both security evaluations and implementations -- managing many aspects of security and integrating them, rather than working on or selling only one type of security at a time -- such as network access control or antivirus.
In the company's annual evaluation of and predictions for the worldwide security market, IDC analysts predict these functions will merge in security in much the same way many aspects of intelligence are becoming embedded in the network.
Another of IDC's predictions is the merger of physical and IT security in technology such as IP-enabled surveillance and door systems.
Being able to address all of these areas holistically is critical to the success of a VAR's security practice, especially in the way they approach customers during this year, according to Robert Packer, security practice manager at Networked Information Systems, a New York-based VAR.
"We've noticed that where a great number of threats coming through used to be borne by email, now there is a large basis of Web-based threats people are facing, and it's pretty much the same across all verticals," he says. "We've found great synergy in being able to look at both perimeter and internal security holistically."
The holistic approach is very hot right now, agreed Pat Scheckel, senior director of products and solutions for the Berbee business unit of CDW Corp. in Madison, Wisc.
While many security areas used to be addressed with point products, companies now want everything to work together, he said. "That was the story of 2006, and we see it as being even more mainstream in 2007 and beyond."
Voice over IP (VoIP) security also is a pressing issue for many companies, and the pressure remains in 2007.
"People are concerned that with VoIP, they are at greater risk of having calls intercepted, voicemails scrambled or erased; having their network brought down by things like denial of service attacks or having their IP telephony traffic jammed," Packer says. "Some are truer than others, but we have to address them up front and factor in solutions to resolve those concerns."
But because there has been no compelling event, like a virus or malware in the data world, that has caused companies to change their thinking and shore up their fortresses, the VoIP security market is still somewhat immature, notes Mark Sollazo, president of SynerComm Inc., a Brookfield, Wisc., VAR specializing in security and application infrastructure. "It's taking a while to ramp up, but it will get there."
In security, though, the demand is so high there is no bad segment of the market, channel companies agreed.
The SMB (small and medium-sized business) market, for example, is very hot, according to Forrester Research Inc. of Cambridge, Mass. In a November 2006 report, Forrester estimated that security is a critical priority for 20% of SMBs, while security software will be the top infrastructure software purchase for this group in 2007, and 13% will make a major security upgrade this year.
Other hot verticals include healthcare and manufacturing, mainly because they tend to be more application-driven than other sectors, from a unified communication and wireless perspective, Scheckel notes.
For healthcare, drivers include the move toward electronic records management and imaging, while drivers in the manufacturing world include supply chain and inventory management, which are driving changes at the application layer that require network infrastructure changes to both wired and wireless networks.
The distributed nature of business today, which has created more branch offices and home workers, is another reason for the growth of security solutions sales.
"More and more, we're seeing workers working remotely and they have to find a way to stay compliant and protect their data," said David Giangano, president of reseller Juma Technology of Farmingdale, NY. "It's about being able to have agents work from home while securely accessing core applications and work with VoIP remotely."
These trends, taken together, all come down to one thing, said Rose Ryan, an IDC research analyst for security products and services: the pressing need to mitigate risk at a reasonable cost.
"That's what is responsible for the rise of network access control (NAC), strong [security] management and treating compliance like any other risk factor," she says. "Because security is such a diverse area, enterprises and buyers are asking their VARs to provide the proper set of products and services to meet their needs. Vendors are even teaming up with each other and the channel to provide product sets that can cover the full spectrum of issues."
For VARs, addressing customers' security needs today means staying on top of the technology curve while understanding each customer's needs.
"You have to be able to talk about their overall business processes of what they need to do as an organization at the CXO level, and then drill down to the IT director and CIO about what the network needs to support," Giangano says.