Three ways for security and compliance

There are three ways to achieve security and compliance goals, according to Jennifer Jabbusch, network security engineer and consultant with Carolina Advanced Digital: use what you have, buy stuff, or get someone else to do it.

Buying stuff, she says, should be low on the list.

That, ordinarily, would be a rather depressing statement to the channel. After all, selling stuff is what resellers do.

During her talk at the SecTor security conference in Toronto in early October, Jabbusch told her audience that making use of what you have is often the best solution. But in order to do that, she said, you need to know all of the equipment’s features and understand how to use them. And you need to know what the stuff you’re not planning to buy would do, and figure out how the existing gear can perform similar functions.

That should make channel partners smile.

Once you sell a box, you’ve, well, sold a box, often with a teeny-tiny margin that barely pays for the sales effort. But selling expertise, with its much higher margins, can go on for a long time, providing a tidy revenue stream.

It’s not easy or fun to integrate products from multiple vendors, said Jabbusch. And in any case, customers don’t know how to enable security if they don’t know what they have.

Oh, sure, they know they have a router or a switch, and they know the brand name attached, but they often don’t know the advanced feature set that many of today’s sophisticated devices conceal within their bland grey cases.

You, on the other hand, have likely had vendor training, and have had experience in wringing the most functionality out of each unit (and if you don’t, learn – it can be lucrative).

Many networks, for example, are huge, and flat, and virtually impossible to secure. People wanting to segment those networks would be tempted to buy a box to do the work.

But judicious use of VLANs on existing equipment will work just as well, no new stuff required.

Similarly, a properly configured switch can do the same work as a NAC appliance according to Jabbusch, and effective use of logging and reporting using a free tool such as Splunk can take care of a lot of management tasks.

A smart reseller can leverage his or her knowledge of the ins and outs of a customer’s equipment to provide services such as doing an inventory of the existing gear and licenses, checking out their infrastructure’s configuration (and documenting it), and gauging its effectiveness in fulfilling the customer’s goals.

Once you’ve determined how each piece of equipment fits into the grand scheme of things, you’re in an ideal position to assist the customer in setting it up to optimize the network.

Jabbusch suggests that customers use industry resources to acquire some expertise for their staff – user groups and peer industry groups, for example – but she also recommends the use of a consultant, especially one who can also do some knowledge transfer, as an objective third party. From there, it’s not a huge step to an ongoing relationship.And all without selling a bit of stuff.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Lynn Greiner
Lynn Greiner
Lynn Greiner has been interpreting tech for businesses for over 20 years and has worked in the industry as well as writing about it, giving her a unique perspective into the issues companies face. She has both IT credentials and a business degree

Related Tech News

Featured Tech Jobs


CDN in your inbox

CDN delivers a critical analysis of the competitive landscape detailing both the challenges and opportunities facing solution providers. CDN's email newsletter details the most important news and commentary from the channel.