Louis Rabon remembers a time when a security box cost $100,000 and carried a 40 percent margin. As one of a handful of RSA resellers in two- factor authentication, there was little competition and reasonable demand for security specialists such as Rabon’s Loop Technology. Now a box can be virtualised and take up one core of a 10-core processor – and the prices have come crashing down.
“The margins are smaller and the price is smaller. That $100,000 box might be $10,000, and the margin is not 40 percent it’s 17 percent, if you’re lucky,” says Rabon, Loop’s services manager.
Rabon’s security practice has shifted further into services as a result. Where the company once made 95 percent of its revenue from hardware and 5 percent from services, the goal is now an even split.
“We’ve gone into higher-level consulting services now. We realised the value in being the trusted adviser and we bring them on a journey to increase their security posture and that they continue to mature their security infrastructure,” Rabon says.
Competition has also picked up. Security is easier to implement and sell, and there are many more vendors in the market. Security-as-a-service sold by vendors is challenging established service providers.
“Not only are these services available everywhere, sometimes you can go direct to the vendor. McAfee are offering cloud services now so rather than a managed services solution McAfee will do it for you,” Rabon says.
Despite such growth, appliances still have a strong future, at least for the next few years. Knowing how to sell and what to sell is less clear after an explosion in vendors selling security products. Some of the new entrants are networking vendors who have built security features such as firewalls into their switches. Security vendors have returned fire by moving into networking and blowing open the definition of a security appliance.
And while security as a service will change the market, it won’t spell the end for security resellers who are savvy enough to modify
their business models. BridgePoint Technology business development director Tim Smith says such services haven’t had an impact on his business, “but it will do”. He says most cloud services focus on mature areas such as anti-virus which is already subscription based.
Even so, often there will be an on- premise component around which the reseller can wrap services.
“The key is embedding ourselves somewhere in that link between the customer and the provider. We need to be showing our value in different areas, (such as) integrating multiple vendors and providing those to our clients. That’s the business model that’s evolving as the industry evolves,” Smith says.
Security-service integration is not a simple proposition, however. Most services tend to be proprietary; the vendors publish interfaces for their software that gives integrators the opportunity to create brokerage services. “It’s a bit Wild West at the moment,” Smith says.
A finger in the cloud
Nearly every security appliance is billed as “cloud- enhanced”. The first action taken by dedicated mail security appliances is to check the reputation of the source e-mail address on the vendor’s database. Many security vendors have built reputation services that draw intelligence from a global network of threat sensors, including the field of the vendor’s installed appliances. The reputation service calculates the quality of a website or an email sender’s reputation based on the sum of the appliances’ experiences with the source.
When judging websites, analysis doesn’t just occur at the web address or URL. The domain name, paths and objects below it will have their own reputation score. This counters the practice of planting malware on the website of a legitimate and popular business.
And reporting attacks and their outcomes is also quite data intensive. Often hosting the logs has to be done on another server just to manage the reports. Vendors are starting to move the logging in the cloud.
“A number of vendors are starting to see that as a point of difference,” says Scott Robertson, Watchguard’s Australian managing director. “It’s something that we’ve looked at
as an option to lessen the cost to the customer by providing it as a service in the cloud.”
If cloud-based reputational services are so important in providing crucial doses of security, is there any disadvantage to using security-as-a-service instead of an on-premises appliance?
“Not really,” says Sean Duca, enterprise solutions architect at McAfee Australia and New Zealand. He says more than 40 percent of the top-200 ASX-listed companies have been using cloud email filtering for several years.
Small and medium businesses without dedicated IT security staff are well suited to such services. IT managers who want a view of the security posture for a company may want the convenience of having an appliance on premises.
It can be harder to get detailed information from a security service if it was provided by the cloud. There’s also greater scope for tinkering with the settings on an appliance than a cloud service.
Duca says a company generally needs 50 employees to justify buying an appliance over a cloud- based service.
And yet take-up of cloud services is far from across the board. There are some areas where appliances retain a strong advantage. BridgePoint’s Smith says only e-mail and some URL filtering happens in the cloud and often an enterprise will have a security appliance from the same security vendor on premise.
Resellers CRN spoke to said that data-loss prevention provided by cloud services was inadequate because it lacked features or exposed data to interception in transit. “If it’s a large enterprise that can’t afford to have something leaked you need to enable that on the gateway – it’s the easiest place,” says Distribution Central’s John Labza, technical manager of Firewall Systems.
“All the vendors that we represent have a variety of options for doing that. If you don’t want the information to leave the premises then you’ve already failed” if it is scanned in the cloud.
One of BridgePoint’s enterprise customers decided to drop such a cloud service because it couldn’t offer fine control to buy an .
“The data-loss prevention side of things seems to be a bit limited from a purely outsourced model. It tends to be a little bit light. Whereas the maturity for email is very high it’s not that high,” Smith says.
Security redefined
Whether it is a desire to expand their range, diversify interests or chase higher margin business, security vendors are looking to redefine security as something much broader than keeping the bad guys out.
Labza says a more “English” definition encompasses the provision of everything a business needs to function efficiently and effectively. If a business is using cloud storage for its files and data, then a total security solution would ensure that the business could connect to that cloud storage service from every location it needed to and take into consideration the speed and robustness of the connection.
“A lot of people think that security is about securing applications and controlling the bad things. But you need to have 24/7 access to your data wherever you are. Whether there’s a flood in Queensland or you’re at home or at another office, access is a security issue,” Labza says.
“If the company is in the cloud then multiple links have to be created for the company to get there. The links have to be up 24/7 and you have to have security to protect those links.
“You can’t just have one link; it has to be a high-quality, expensive link. How am I going to manage traffic up and down this link and make sure my business doesn’t stop?”
In accordance with this broader vision, security vendors are making appliances that improve the functioning of a network rather than just protect it.
Blue Coat’s ProxySG appliance maximises network bandwidth and performance by caching regularly accessed files.
If 100 employees in a company need to watch a training video online they will start streaming 100 copies of the same video over
that internet connection. The ProxySG caches the video on the local network, leaving the connection to handle internet traffic from other staff.
Sorting the sheep
High-speed connections need to have greater awareness of the type of device that is connecting to them. For example, a connection should give greater priority to a corporate network over a guy with an iPhone, Labza says.
If the vendors are breaking out from a conventional idea of security, what should their resellers do?
Resellers have to be aware of how their vendors are changing and how the market is changing.
“A lot of vendors have availability and performance stories. Availability and performance is crucial to the cloud. If you are a reseller that says ‘I‘m just security’ and miss the other components to the story, then they miss out on what else the vendors have and what the customers are asking for,” Labza says.
Vendors also talk about the importance of visibility. “You have to look into a network to know what to do with it.”
Distribution Central is launching Firewall Systems version two in May, with a marketing and education campaign that will reposition itself with resellers as a broader security distributor than just firewalls.
-1.jpg&w=100&c=1&s=0)
.png&w=100&c=1&s=0)
