Data protection services offer revenue for security solution providers

By Nicole D'Amour, Site Editor 27 Feb 2009 | SearchSecurityChannel.com

Security Channel Update Digg This!     StumbleUpon     Del.icio.us

Data protection services will be a top-priority initiative for security customers in 2009, according to a recent TechTarget survey of more than 900 security professionals. The results come in the wake of the recent catastrophic Heartland Payment Systems data breach, the effects of which have yet to be fully realized

As companies face increased pressure to ensure their sensitive data is secure, it's clear there are plenty of opportunities for security solution providers to come to the rescue.

Approximately 70% of survey respondents considered data protection to be of the utmost importance, including laptop, desktop and drive encryption.

"There's a big market for assessments and penetration testing," said Andrew Plato, president of Anitian Enterprise Security, a security solution provider headquartered in Beaverton, Ore. According to Plato, these are the basic data protection practices that customers are letting go by the wayside. Plato went on to say that solution providers need to educate customers about these basic security processes, which sometimes get left behind in favor of more exciting technologies, such as NAC and application whitelisting, that may be more interesting to research and deploy.

"There's a big market for assessments and penetration testing." Andrew Plato President and principal consultant, Anitian Enterprise Security

Security solution providers can create additional revenue by helping customers with systems management. Many data protection systems, such as endpoint encryption, are complicated to install, Plato noted, and require management.

"The opportunity there is good and definitely growing, but keep in mind that the margins on the product side are getting slimmer," Plato said, noting that as products become more commoditized, the need for the services of security solution providers will wane. Until then, however, the management of data protection systems is a necessity.

A solution provider cannot consider data protection management without thinking about compliance. Ever-changing rules and regulations ensure that compliance will continue to drive security activities in enterprises and SMBs alike. Roughly 72% of respondents indicated that compliance regulations are the reasons behind their data protection interest.

"While I think compliance is probably a driver, it's more about trying to stay out of the papers," said Allen Zuk, president and CEO of Sierra Management Consulting LLC, an independent technology consulting firm in New Jersey. "Nobody wants to have a security breach and then find out that they could've avoided that."

This presents a significant opportunity for security solution providers specializing in compliance regulations, including HIPAA and PCI DSS. Customers will need constant consultation to remain compliant, as there are no products that will make a company compliant outright, as Plato discussed in a recent SearchSecurityChannel.com FAQ guide on PCI compliance.

While compliance is the main reason behind building interest in data protection, the importance of preventing or decreasing insider breaches was also a factor noted by 59% of respondents. Whether the insider data loss is intentional, companies can no longer afford to ignore such problems, which solution providers can help solve.

Zuk stresses the importance of education in keeping customers secure. Customer education, which should take place on a regular basis, plays a big part in data protection. Solution providers cannot expect to simply tell customers about new products, Zuk said. Rather, they need to be prepared to help with implementation and upkeep.

More on data protection Wireless encryption: Know your customer's options Network Access Protection enforces security on Windows networks How to prepare for network penetration testing services

"It's really a matter of a solution provider being able to come in and say, 'Look, I can work with you,' and become more of a trusted advisor," Zuk said. Solution providers, he added, need to be well versed in all products on the market, as well as how to deploy and maintain them, and answer any questions their customers may have.

An area that 71% of respondents noted they need to improve upon in the coming year is data leak prevention (DLP), specifically via flash drives and USB tokens. Zuk said that customers who do not have a policy in place to secure such portable data will have trouble going forward. This presents yet another revenue opportunity for solution providers. Furthermore, the implementation of DLP technologies, like endpoint security products, is not a straightforward process, Zuk noted, so solution providers should be involved from start to finish.

Another area of data loss prevention that respondents consider important is preventing data loss via email and the Web. Nearly three-quarters of respondents indicated that they are concerned with email and Web security.

Zuk, however, believes that email and Web security will not be as problematic for customers as portable media, noting that the security level of the two technologies are often intertwined.

Tags: Data breach and leak prevention,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Data breach and leak prevention Data protection fueled by data leakage prevention products and services Security channel can't ignore full-disk encryption products, services Vulnerabilities, regulatory compliance drive data protection market Sophos integrates encryption into endpoint, email security Maintaining your customers' security amid layoffs Making the case for 'live' incident response Mass. data protection law 201 CMR 17: How to get customers ready Data breach prevention techniques: Helping customers avoid data breaches PGP partners with Avnet to boost channel play SenSage tapped to participate in McAfee's Sales Teaming Program Regulatory Compliance Red Flags Rules compliance: Are your customers informed? PCI compliance guide: A resource for solution providers PCI DSS pre-assessment services: Prelude to a QSA The impact of PCI compliance on the channel Compliance drives opportunities for security integrators How to turn the HIPAA compliance changes into opportunities Agiliance and McAfee partner for better governance, risk and compliance services SonicWall announces partnership with Western NRG Building a framework-based compliance program HIPAA privacy regulations get some teeth: Be prepared

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary