In a world of security scares and almost daily reports of hacking, extortion, crashes or just plain oversights, it seems that selling security products to corporates should be easy. But, unfortunately, the attitude of a lot of corporate purchasers is one of locking the stable door after the horse has bolted.
One of the main reasons for this is that asking a finance director to approve a purchase order for something that 'might' one day save the business is likely to get short shrift. By their very nature, finance directors are much more likely to want to invest in something which will offer a clear return on investment.
So how do you go about selling security without coming across as a hysterical lunatic who should be wearing an 'end is nigh' sandwich board?
The main selling point for security is the rise of ebusiness, and within this the areas that will see most growth are firewall appliances and public key infrastructure (PKI), the security system that provides the standards for establishing and maintaining a trusted network environment through the creation and distribution of encryption keys and digital certificates.
Corporates are investing in ebusiness, but a natural fall-out of the high-profile failures is a more cautious approach to moving everything onto a digital footing.
Market researcher IDC found that European companies are lagging behind their US counterparts and that their approach to investing is baffling. IDC carried out a survey of European firms and found that the approach taken by many companies suffers in two key ways.
Sandra Baccari-Edler, European business infrastructure and technology services programme analyst at IDC, said: "First, companies tend to focus on keeping the bad guys out without considering the needs of legitimate users from both inside and outside their organisations."
"Second, and perhaps more important, companies often implement one or more individual security measures and believe themselves secure when in fact a cohesive, holistic security policy is required to create a truly secure environment," she said.
So a huge opportunity exists for education, supply and services and those most likely to invest are the businesses with most to lose. An ebusiness strategy is one that should be underpinned by a proper security investment programme. It is here that the market needs to be educated.
"When we examine the reasons for investing in security, it is clear this investment is still very much aimed at barricading access to resources rather than allowing controlled access. If ebusiness in Europe is to be successful, this approach will have to change," said Baccari-Edler.
Keeping a watchful eye
Simon Webb is vice president of international sales at Watchguard, a Nasdaq-listed supplier of firewall appliances which includes internet service providers such as UUnet and PSI among its client list, and uses Wick Hill for distribution in the UK.
Webb warned that the threats can come from various sources, such as inquisitive students seeing how far they can get by nobbling a website, to employees with a grudge or dedicated hackers. He said the market had changed hugely recently because of all the high-profile attacks, and that picking up the tools to attempt this kind of attack on corporate websites is becoming easier. Webb claimed that on his travels he has picked up a CD for $5 called How to Hack, and said the availability of this kind of information can only proliferate.
"Resellers should be looking at bundling products, offering managed services and, more particularly, specialising in security. They should seek to get a range of suppliers on board. The other area is education. There is still a huge amount of education to be done among the corporates," he said.
The advantages of selling security are the opportunities for more sales which Watchguard provides through a subscription service. "Ninety per cent of our customers renew their subscriptions. The firewall market is essentially like the antivirus market: updates are what give customers peace of mind. Resellers have moved into this area because of the extra margins to be made from managed services," he added.
Webb believes the security market in the UK is growing at 40 per cent every 90 days, and that a lot of this growth is coming from the appliance sector.
On the distribution side, Allasso claims to be the only specialist web security distributor in the UK and in its four years of trading, its turnover jumped from £2m in its first year to a predicted £24m this year.
Bernie Dodwell, sales and marketing manager at Allasso, said the issues are complex and that corporates have a whole raft of technologies at their fingertips but need lots of hand-holding in what to deploy and how to deploy it.
Dangerous on the inside
Dodwell also cites the total lack of understanding of the web-based threats to any business as a major opportunity for resellers. "The threat of external attacks is small. The real threat comes from inside companies in which employees do not know what they are doing or what they are allowed to do or who is malicious," he said.
"Firms are giving their employees more direct access to the web and should be monitoring everything that happens with that access because they have a duty of care to their investors and shareholders to ensure that they have taken all of the necessary steps to protect the integrity of the company," he added.
Aside from the liability issues, Dodwell said there are also productivity issues that companies need to address. "Most online activity during business hours is not for company work and it's not just people downloading porn like those people who were sacked at Orange. People are either surfing to check the cricket score or booking holidays online when they should be working. And that does not take into account the abuse of email where people can say libellous things about rivals or customers," he said.
Dodwell echoes the notion that corporates need to be educated in how to let their employees use the web or email and that there exists a tremendous opportunity for resellers. But he adds a warning that only those resellers which look credible will win.
"A lot of resellers see security as a great bandwagon to jump onto. And it is a bandwagon that is shooting down a hill. We have had dealings with resellers that come from a hardware background where they have been shipping Sun Microsystems's, HP's or Compaq's servers and have been putting in a network to support them. They think, 'Great, let's get into security', but have failed because they themselves failed to realise the implications of the market," he said.
Dodwell cites the misunderstanding of the firewall software market as an example. "A firewall is an application, not just another piece of kit - it needs to be tuned to a customer's needs. Company rules need to be changed, and often traditional resellers end up not giving the customers what they want and making a failure of network security," he said. "Successful [resellers] take the time to understand the issues such as Java and ActiveX controls. Does the customer need a virtual private network? These things need to be looked at."
Dodwell said one approach that works is for resellers to invest in the education of their people and then present themselves as consultants before talking about selling products. "Remember, most customers won't even know that they have a problem, so if you can present yourself as a credible, accredited and reliable company, then you have a chance to build up a relationship which should wield lots of business and very good margins," he said.
Ncipher is one company that operates at the PKI end of the market where it provides hardware and software based products for secure sockets, layer and key management. It is currently looking to ramp up its channel presence. In the UK, it uses Morse and Tolerant and partners other vendors to deploy its high-end solutions that operate by offering total integrity to online transactions without any slowing of transaction speed.
Key to protection
Expertise is lacking in this sector, said Colin Bastable, vice president of international sales at Ncipher. "Some resellers stick to their knitting, but those that already sell services should be looking at this area because a lot of sales come down to one specialist being up against another," he said.
Rolling out a large PKI infrastructure is on the same scale as a SAP roll-out, but that should not put resellers off, he said. "From the channel perspective, it is a good thing that these decisions are being taken at board level and that some of these guys are spending millions of pounds on this stuff."
"The threat to companies is that they are putting their jewels on the web and they have to be able to control who has access to them. The big guys are spending millions to protect themselves. Cut through the smoke and you can succeed. You can see that this market is already there and the return on investment can be mapped," he added.
The recent scares at online banks when people were able to access other users' account details are embarrassing and show that security will be a huge growth area from now on. "Even in the corporate sector, not many firms employ full-time security managers. These firms are relying on outside suppliers to deploy, monitor and upgrade their security systems," said Dodwell.
- Security sales such as PKI-based products require investment in education and training of reseller staff and commitment to security.
- Resellers can tap into a growing appliance-based security market, but they must understand the issues concerned.
- A credible strategy should be based on consultancy, followed by product and service.
- Ebusiness should be monitored to see which verticals are ready to make large security investments.
- Security services are in their infancy, but demand will surge and there is a lack of expertise which is likely to continue.
Alexa for Hospitality will link with existing systems so guests can order room service and control the air con
Massive volcanic eruptions could have warmed Mars' surface sufficiently for oceans to form
Examination of fruit flies' brains generated more than one billion data points for scientists to analyse
Hinge-based 'Project V' never got released