Data protection will be an important, and potentially lucrative, effort for security solution providers in 2010....
Data theft has become a big business for attackers, and the best strategy for protecting customers' data is to help them implement a technology-based defense-in-depth program.
This tip will briefly look at three leading technologies supporting enterprise data protection and highlight how VARs can position their services to leverage opportunities within their customer bases.
Encryption data protection technologies
With increasing regulatory requirements for safeguarding information, it should be no surprise that encryption is in the leading group of data protection technologies. Encryption has become a priority for enterprises and is no longer a question of "should we," but rather, "how?"
IT infrastructure and operations managers will need to work together with VARs to understand which data needs to be encrypted and at what point in the process it needs to be encrypted, then identify which method and approach -- such as encryption in motion, in transit and at rest -- best fits the needs of the organization. VARs will need to position an end-to-end security approach, and demonstrate knowledge and expertise with a variety of encryption technologies. Service opportunities may lie in managing the enterprise encryption deployment program, ranging from laptops and smart devices to archived data storage.
Storage and backup data protection technologies
The ever-changing regulatory landscape and the overwhelming need to keep information secure will continue to lead to an increase in storage, and, in turn, security demands. These regulatory changes have led to a need to keep information indefinitely and to be able to produce any and all information on demand. This highlights the need for security and protection as well as storage technologies.
In order to reduce risk and better secure corporate information, organizations must look beyond traditional tape and implement disk-based data protection. Benefits gained by customers include improved local backup and recovery capabilities, longer media lifespan and affordable snapshot (remote) and replication functionality.
Security VARs should look to form alliances with their storage counterparts to bring turn-key deployments to their clients. Target opportunities may be capacity management and storage or space reclamation.
Some other opportunities for VARs specializing in data protection include offering data management services such as metadata management, plus data retention, destruction and archiving programs.
Virtualization data protection technologies
The adoption of server virtualization does not appear to be slowing down. This technology will continue to drive further server hardware consolidation with an expected acceleration on the return on investment from current rollouts. Some key enhancements being made within the virtualization world are live migration and running a virtual machine (VM) while the operating system (OS) and other applications continue to execute as if they remained on the original physical server. This last enhancement is like a knob that can be tuned to any level, precluding the need for high-reliability hardware, fail-over software and fault-tolerant hardware without sacrificing availability. While these enhancements don't shout out "open-door vulnerabilities," they represent physical footprint reductions, in effect increasing the likelihood that if a single server becomes compromised, the residual effect is far greater, therefore creating a serious data protection vulnerability.
Security in the VM realm is still a touchy subject, but one that could have significant ramifications if ignored. Virtualization represents one of the key emerging threat vectors that attackers will look to exploit. Any organization that isn't proactively considering virtualization security right from the start of an implementation is only setting itself up for a major security incident in the future. To that end, virtualization security service opportunities for VARs lie in partnering with security and data protection vendors to offer security management services such as access control management, system security monitoring, server management, threat and vulnerability management, change control and patch management for customers' VM rollouts.
Confidentiality, integrity and availability are the cornerstones of data protection. For security solution and data protection providers, what it all boils down to is ensuring that customers' information is secure, intact and available when it needs to be accessed. The leading technologies that we looked at -- encryption (confidentiality), virtualization (integrity) and storage/backup (availability) -- all play an integral part of data protection requirements. The opportunities for VARs to become involved are tremendous, but they will require effort.
Security VARs must work closely with their customers to better understand their challenges, stay on their radar screens, be able to respond quickly, and to be flexible when it comes to working within their customers' budgets.