Providing IT security has never been an activity for the feint of hearts, which is one of the primary reasons that many IT services firms are reluctant to engage in providing IT security unless they really specialize it.
The core issue, of course, is that when something does go wrong, the cost of repairing the havoc wreaked by a particular breach can be enormous in terms of not only the impact on the customer, but also the amount of time and energy the IT services provider has to devote to the problem.
In fact, a new survey of 120 IT services firms and resellers attending the Dell Peak Performance Conference last week found that 82 percent of the respondents ranked profitability as one of the three most important elements of a successful partner program in security.
Of course, profit margins from selling IT products plays a role in determining that profit, but in general profits generated from selling a product pale compared to the profits generated by providing a managed security service. For that reason, it’s little wonder that training, at 71 percent, was identified as the second most important element of a vendor partner program.
Since there is no such thing as perfect IT cyber security, training is indeed the difference between success and failure. Not only are attacks of all types increasing in volume; those attacks are becoming more sophisticated. In fact, those attacks are increasingly being launched by organized criminals that in some instances are acting on behalf of nation states that are willing to pay top dollar for access to a wide variety of valuable intellectual property.
The challenge that creates for IT services providers is that they have to be right all the time versus hackers that often only have to guess right once to succeed. Worse yet, many of those hackers have access to advanced analytics and sophisticated botnets that make it a whole lot easier for them to make that right guess at precisely the worst time possible.
In fact, right now it seems like there is a major security breach being reported every few days, which probably only serves to make IT services firms that much more gun shy when it comes to investing in building an IT security practice.
None of this means there isn’t money to be made in IT security. But it does mean that IT security service providers need to proceed with extreme care. After all, the days when organizations could feel relatively secure after deploying anti-virus software and a firewall are clearly over. IT security firms now have to master a bevy of IT security technologies as part of an arms race with hackers that no one is quite sure will ever end.
Marvin Blough, vice president of worldwide channels and alliances for Dell Software, says given that climate it behooves security vendors to be a little more aggressive when it comes to product rebates. After all, an IT security services vendor never really knows just how profitable any customer engagement is really likely to ever be.