ChannelTrends: Make 2012 Safe, Secure and Profitable

It seems like every couple of years the hot topic in the IT channel changes. Recently, the largest focus has been on the opportunities in cloud computing, with all eyes (and the industry attention) on enabling end-users with these services. There’s good reason for solution providers to adopt and emphasize this thriving technology delivery system: they are in a race for control of their business accounts, offering a portfolio that meets their clients’ needs before direct sales organizations get their foot in the door with their own solutions.

Before cloud discussions took center stage, managed services were all the rage. The adoption isn’t over yet, but remote monitoring and management, as well as other offsite services, are becoming more mainstream—in the channel, as well as with end-users.

While it’s difficult to project the next hot topic with solution providers, several experts suggest it could be a vital service that’s taken on an entirely new focus: security. The subject may not be new, but the needs of the business community and the resulting opportunities for solution providers have expanded exponentially over the past decade. Anti-virus and firewall protection no longer addresses the majority of issues in the business community, as mobility and compliance concerns have overtaken their basic network security needs. That’s not to say those issues aren’t addressed these days, but due to new data and legal concerns, their priorities have shifted and continue to change to meet new challenges.

Mobility

By 2014, Gartner predicts that more than 90 percent of organizations will support mobile devices in their network. Due to changing employee and employer technology expectations, previous risk prevention policies are being cast aside in favor of more open network rules. Business and efficiency needs are quickly overtaking the IT department’s desire for rigid protection, forcing the tech team to rethink their security strategy.

Allowing employees to use personal tablets, smart phones and personal computers in the workplace adds new challenges for those charged with protecting the company’s network and data. Expanded “right of entry” to the business’ systems requires the IT team to pay extra attention to each device and application on the network, continually monitoring log-ins and the files everyone has access to.

It’s not easy to balance a company’s mobility and security needs. That complexity creates a great opportunity for solution providers with the skills and knowledge to help. With the right mix of services and support tailored to the needs of business clients, VARs and MSPs can build a formidable practice.

There’s Value in Compliance Expertise

While mobility is an emerging security concern for businesses, an older issue remains a key factor as well. Most organizations are subject to a number of laws regarding the collection and protection of financial and other confidential data, but adhering to each and every rule isn’t easy for any company—especially those without a technical team. While it requires some effort for solution providers to become compliance specialists, the value of that service is immeasurable.

Regulations vary among states, industries and the size of the business; which is why those with a solid understanding of the data and network security requirements—and can implement the proper systems—often receive a premium rate. For example, Sarbanes Oxley dictates measures to protect financial data and electronic communications, including the retention of all relevant email. Compliance specialists must understand the archiving and security systems that will allow their clients to address the rules, and how to best implement them in the organization without creating major disruptions.

To accomplish that result, VARs and MSPs often provide more than the technology.  They must help their clients make the proper internal process changes to meet the regulations and offering end user training. These services are sometimes delivered through a partnership with other specialists, but the solution provider remains the master contractor.

IT security takes a central role with other regulations and standards as well, including HIPPA (Health Insurance Portability and Accountability Act) which ensures patient record confidentiality in the medical field. With incentives to implement EMR (Emergency Medical Records) systems in doctors’ offices and hospitals, network and data protection needs continue to escalate. Access control and layered security expertise is in high demand.

Similar proficiencies are needed for businesses who accept credit cards to address PCI (Payment Card Industry) standards. If a company’s systems and processes fail to meet the prescribed security rules during an audit, they may be fined or lose their acceptance privileges. A worse scenario is if their customer data is compromised through failure to meet the PCI standards: in addition to significant penalties, they may be held liable for all losses. That’s why businesses that accept credit cards benefit from working with qualified security experts—a great opportunity for solution providers with this expertise.

Start with Security Basics

The channel offers a number of options for those seeking to build a comprehensive IT security practice. Experts suggest starting with an assessment of current clients’ needs, either through a formal survey or through face-to-face meetings with their management team. The caveat is that some business customers may be unaware of every compliance issue and security threat, so the information gathered should be a baseline. The next step is to engage industry and local associations to fill in the gaps.

Solution providers who want to enter the EMR field often start by meeting with their region’s medical association to determine the needs of the community physicians, as well as competitors and what they offer. State and federal agency websites are also a useful resource, many times offering a wealth of related links and information for researching the market.

Vendors and distributors often host vertical market or security programs to bring their partners up to speed and the CompTIA Security Community offers a number of resources (including training), as well. Engaging and learning from peer experts is a valuable opportunity for those building a new practice, and membership in these groups can substantially decrease the time required to ramp it up—and increase the chances it’ll be successful.

When solution providers are ready to enhance the marketability, efficiency and productivity of their IT security business, a recently revamped business credential offers that opportunity. With a CompTIA Security Trustmark, they can ensure their customers that industry best practices are being followed to protect their business (and their clients).

If you’re looking to start 2012 off strong, take advantages of some of the many solution provider opportunities in IT security. Chances are your clients will appreciate the help!

Brian Sherman is founder of Tech Success Communications, specializing in editorial content and consulting for the IT channel. His previous roles include chief editor at Business Solutions magazine and industry alliances director with Autotask. Contact Brian at [email protected].