Security has always played a significant role in how the channel effectively services customers’ IT needs. And the issues of guarding the global gates are only growing for Fortune 1000 companies, which is why many are now incorporating managed security services into their overall security programs.
According to PricewaterhouseCoopers‘ Global State of Information Security Survey, 84 per cent of companies in 2006 said they were confident in the effectiveness of their information security activities. By 2011, that number had dropped to 72 per cent. This huge loss in confidence has significant ramifications for how partners can best help their customers.
Over the last five years, enterprise IT departments have been dealing with a rapidly growing global onslaught of security threats while, at the same time, budgets are either being frozen or slashed. In response, IT departments are looking to the channel for help in becoming more flexible and adaptable.
This often means replacing established technologies with lower-cost systems from multiple vendors, frequently including solutions found in the cloud. While those solutions effectively address cost, speed and risk management concerns, they also carry higher security and regulatory compliance issues than traditional enterprise applications. And these all need to be addressed while also incorporating a flexible and cost-effective approach to business continuity and disaster recovery requirements.
That makes the complexity of today’s enterprise IT environment more challenging than ever for companies to master. In today’s increasingly virtualized world, more systems connect through the cloud, opening up a multitude of entry points that need to be guarded. Also, today’s complex infrastructure is often overprovisioned, underutilized and difficult to manage. Just when IT organizations could use more resources to fight this security battle, they have fewer. This is where IT solutions providers ultimately prove their value.
Today, it’s taking more time, creating more risk, and costing more for even the best-funded enterprise IT departments to deliver projects that add value and enhance the business. Internal IT resources are stretched way too thin and often come to be seen as a cost centre, rather than a strategic asset that helps maintain and enhance competitive advantage by responding more quickly to the dynamic changes in today’s global business environment.
However, by including managed security services in the approach, the channel can help companies get beyond this security trap. Those providing these services take much of the burden of deploying prevention, detection and web-based technologies off of internal IT departments. That enables those departments to use their inherent knowledge of the business to add value across the enterprise.
While the past four years have seen a significant reduction in other IT investments, managed security services is one area where companies are still willing to invest. Why is this?
According to the 2012 Global State of Information Security Survey, a persistent reluctance to fund enterprise IT security during the economic downturn led to a degradation in core security capabilities, including identity management, business continuity, disaster recovery, employee Internet monitoring, and data protection. Enterprises are now realizing they’re living on borrowed time in terms of security, and are anxious to rectify the situation before a disaster occurs.
Adding to the urgency, mobile devices and social media also present significant threats. According to a recent Check Point survey, nearly half of all companies are victims of social engineering, having experienced 25 or more attacks in the past two years. That costs businesses anywhere from $25,000 to $100,000 per security incident. And McAfee reports that attacks on smartphones and other mobile devices rose by 46 per cent in 2010.
In addition, the Global State of Information Security Survey found that few organizations believe they’re equipped to deal with the nefarious Advanced Persistent Threat (APT) attacks that increasingly are targeting global enterprise IT organizations.
The situation certainly can become dire for an ill-prepared organization. The speed with which the security threats change in today’s globally connected and converging business world is the biggest barrier to any enterprise IT organization mitigating risk so it can focus on the company’s core business.
Yet the smart Fortune 1000 companies are finding that incorporating managed security services into their overall security program can help to effectively combat these threats. And with that, the Fortune 1000’s IT departments can get back to focusing on delivering business value, instead of guarding the gates.
Siobhan Byron is the president of Forsythe Technology Canada Inc., an IT infrastructure integrator headquartered in Toronto, with offices in Edmonton, Vancouver, Winnipeg and Calgary. Dragana Vranic is director of managed services at Forsythe Technology Canada.