Jamie Bodley-Scott of AppGate discusses how resellers should look beyond traditional point security solutions to a multi-layered approach, to better serve clients, ensure incremental sales and reach new customer markets.
Firewalls, SSL VPNs and other point products? Whod have them? Low-margin products in a mature market hardly the sort of reseller opportunity youre likely to get excited about.
However, the security market is changing. Where once it was focused on perimeter solutions such as firewalls, anti-virus and intrusion detection, its now about protecting every device where company information is stored, processed or communicated wherever that device happens to be.
Influential bodies such as the Jericho Forum are showing that securing against latest-generation threats isnt just a case of putting a big wall around the enterprise. An integrated, multi-layered approach is required, managed application-by-application, device by device and over any connection. Its a process that has been described as re-perimeterisation followed by ultimate de- perimeterisation and Boundaryless Information Flow.
The future is about secure mobile data access the ability to pick up email on mobile phones, access the office from your home network, 802.11 wireless roaming, or giving controlled third party access for contractors. All of these contribute towards increased productivity and efficiency in businesses, but equally, need to be controlled in order to maintain security across the organisation.
So the market is moving away from traditional solutions to a de-perimeterised approach. How do you adapt your business model and find vendor solutions that can help you capitalise on this evolving need and sustain healthy margins?
Resellers need a solution which secures the information flow across the organisation not just the perimeter of the network, a solution which enables secure access from end-point device across network boundaries with controlled roles and rights management for access to the core application and data services.
Here are some pointers about what to look for when you are evaluating vendor solutions.
First, look at them from the user viewpoint. What devices, operating systems and connections does the vendor solution support? The more the better, and the easier the sale to your customers. Solutions which support multiple applications and end point devices will give your customers greater business flexibility not only in terms of internal operations but also in communications with customers, suppliers and thrid party contractors.
Second, look for network management capabilities. Is it easy to manage and enforce policies? The easier it is to integrate into the customers existing infrastructure, the more they will welcome it. By offering a solution which does not just provide perimeter security, but which also takes a more holistic approach - providing rules-based network access control for users inside or outside the perimeter you will be providing your customers with an easily managed network which is secure by default.
Third, look at the network core. Does the solution help improve security of data and application servers, for example reducing or preventing the the possibility of internal attacks whether by a user of some sort of malware, segmenting servers used by 3rd parties from ones used by employees may be important, or segmenting types of network maybe separating wireless from wired networks?
By looking beyond the boundaries of traditional solutions providers, your business can deliver real added value and benefit from the extra margin as customers move from the very competitive product (hardware) based security model to a service (policy) based security one. And you will open up the prospect of future years of incremental sales. Now that is something to get excited about.