In part two of our security blog, we ask three experts what’s next after next-gen security, and how can partners turn today’s security challenges into opportunities.
1. What’s next after next-gen security?
Damien: There’s a shift in the market where people are realising they’re going to be breached at some point, which means the future security model will be about speed and resilience. How fast you can detect malicious activity, how fast you can determine the nature of the data breach, the value of the data impacted and how fast you can remedy the situation and communicate with customers and regulators. The one thing often neglected is a communication strategy.
Cybersecurity is increasingly a case of risk management. The problem is that people in risk management don’t understand cybersecurity, and vice versa.
Seth: As companies begin to adopt a true next-gen security approach, there are two areas they will focus on. First, companies will begin considering the structure of their security team, using both internal and external resources to create dedicated focus on cybersecurity. Second, this security team will need to develop new metrics that quantify efforts around security, since the traditional measure of security success has simply been whether a breach has occurred or not. For more on these topics, see CompTIA’s new research report on security teams.
Cam: The reality is that the technology is there, and it will keep evolving to keep up with advancements in cybercrime. Where change is needed is the way that technology is implemented and managed. By following The Essential Eight business practices from the Australian Signals Directory, businesses have a reasonable chance of not only stopping a breach but actually containing the breach.
2. How can partners turn today’s security challenges into opportunities?
Damien: Channel partners can help reduce the complexities of cloud-based services by expanding their offering to include consulting-based services for monitoring, governance or insurance. There’s also an opportunity to gain new talent from various universities and TAFE to reduce cost pressures when hiring cybersecurity professionals. But the biggest opportunity for partners lies in education and advice, becoming their customer’s trusted advisor. Partners can facilitate education by co-hosting events with security experts for multiple customers to raise awareness of common pain points and the solutions needed to rectify them, keeping in mind some will be people-, process- and technology-based.
Seth: Partners should consider the three different aspects of modern security when engaging with their clients. An engagement certainly may start with general education on these three aspects, including a possible audit or review of the client firm to determine deficiencies in technology, process, or education. From there, the natural step for most partners will be installation and monitoring of security technology. But partners should also consider how to assist with required processes or how to provide workforce education. This will likely require training on the partner end to build these skills, and partners may find opportunity in focusing exclusively on security as they become part of their clients’ overall security team.
Cam: There’s a huge opportunity for non-security specialist partners to educate their customers on the unknown by partnering with security specialists to be able to offer a more comprehensive total solution with embedded security.
Security vendors have some amazingly sophisticated technology, but it’s a game of Snakes and Ladders; every time someone gets good at something, the opponent catches up.
But where there’s complexity and change, there’s margin and opportunity for the partner to engage with, explain and manage it for the customer.
Enabling security, today and Five Years Out
Arrow distributes some of the world’s most trusted security solutions that help businesses protect, deploy and maintain their critical infrastructure. Backed by our in-house team of experts, our portfolio of security solutions address the escalating security and compliance concerns faced by modern businesses.