To most businessmen, technology sold in a box is the stuff of dreams. The concept that a company can be made safe from attack from corporate espionage, viruses and denial of service simply by plugging a box into the network is proving to be a winning selling point.
Security appliances take a lot of the hassle out of the hands of network administrators and CIOs, so it's not surprising that they are selling well in a generally flat IT industry. Research firm IDC reported 15 percent growth in the fourth quarter of 2002 to $US355 million worldwide.
As a result many resellers have added appliances and security to their portfolios in the hope of cashing in on the boom. But making money in this market means knowing where the margins are and what skills are needed to make the most of security appliances.
Unless you were a bank, security in IT accounted for a relatively insignificant amount of a CIO's time, at least until it became compulsory for companies to access the Internet.
Now legislation is forcing the business world to take an active interest in the degree of protection surrounding corporate data. This is good news to resellers as well as consumer rights groups, as it inevitably secures a permanent demand for security appliances.
In the USA, adequate security is "essential to the liberty of directors" in light of recent laws which place the responsibility for the integrity and privacy of consumer data directly in the hands of those running the company, says SnapGear Australia's vice president of marketing, Miles Gillham.
States like California have taken the issue to the extreme. The state government has legislated that not only do companies have to notify all their customers if data is stolen, the government will actively encourage customers to launch class actions against the companies that had been hacked.
Australia's own privacy laws appear meek in comparison, but the Commonwealth government is fond of adopting American attitudes as its own and is likely to be strongly influenced by the course of events in the US.
Show me the moulah
Selling security appliances can be as simple as box-moving at the low end. Commodification of the technology and a push by vendors to make the most basic appliances operable by SOHOs has removed resellers from any role other than a product sale.
Margins here are relatively low with little room for additional services. Watchguard's Radavics boasts that its low-end products are tested on the vendor's sales staff to ensure that "even the most basic enthusiast" can set up an appliance.
Product margins of around 10-15 points are common for the SOHO market, but Radavics says there is a lot of erosion due to the number of Taiwanese manufacturers competing in that space.
Ease of use remains a priority in the SME space, but here the opportunities are much greater. Most SMEs cannot afford dedicated security staff and any techie will likely be a systems or network administrator.
While an in-house tech could have the basic skills to install a firewall, implementing a proper security plan requires much more specific knowledge. Higher-end SMEs are a particularly sweet spot because they often require security consulting services to map out an appropriate policy.
That means good margins in services and ongoing business in updating and monitoring and after-sales support. SonicWALL's regional director, Randy Prado, says a popular SME sell has been the "one-handed solution" - packing a modem, broadband connection and network security in the one deal.
Nokia focuses on the high-end of the market, servicing most of the banks and telcos in Australia. Nokia Internet Communications' general manager, Vaughn Madeley, says many corporates won over by a lower total cost of ownership are redeploying open systems and platforms previously running security in other areas of the company and bringing in hardware appliances.
Top-end firewall applications like CheckPoint are also selling strongly, adds Madeley.
However Watchguard Technologies' technical manager, Sven Radavics, believes resellers can find the enterprise market a frustrating experience. Although they are surrounded by big deals and large amounts of money changing hands, very little can end up in their pocket after costs.
It is not uncommon for enterprises to use a specialist security consultancy and then turn to resellers for product expertise.
These are often straight drops where the customer will pay for expert configuration according to the requirements of their security plan.
Supplying an enterprise with product expertise removes the need for profitable add-ons like consulting and other services, says Radavics.
Products for the enterprise space retail carry bigger sticker prices due to features such as dynamic routing and server balancing, but chunky margins aren't a given.
Big-spending enterprises have many suitors making it an extremely competitive market, and tendering processes can drive resellers to slash margins for business, says Radavics.
Skilling up in security
Plugging anything into a network that will affect performance obviously requires good networking skills. Thanks to the efforts of vendors, network-savvy resellers will go a long way with the low-end appliances which aim for plug-and-play connectivity and are managed through a web-based browser. "If you can't make the network work, you can't make it secure," says Symantec's group product manager, Leigh Costin. These skills include areas like IP security and VPN, which are essential, according to Costin.
Anything more complicated than SOHO will require consultancy skills to set the scope for a comprehensive security system.
As Costin describes it, networking is getting things to talk to each other, whereas security is getting the right things to talk to each other and making sure that others don't talk at all.
Consulting involves working out what level of security a customer wants and what they need and can afford. The technologies themselves are fairly robust and stable, says Costin.
However security appliances are high-profile technologies which can stuff up the whole network if they don't work properly, which makes it vitally important to get it right the first time.
Costin says some resellers adopt the same attitude to security as they do to networking -"once the log-in screen comes up you bolt for the door".
But a reseller relying on networking skills alone is running the risk of leaving the customer's network open to compromise.
At the high-end of the security spectrum sits the comms company Nokia. Certification is extremely important at this level which operates under a best-of-breed rather than the all-in-one convenience of the lower end. Nokia combines its purpose-specific hardware with firewall software from companies like CheckPoint.
A reseller operating at this level needs certification from each of the vendors it represents, says Nokia's Madeley. While ease-of-use is still a priority, the added features such as virtual firewalls in the CheckPoint software range involve a higher level of management and planning.
Radavics is concerned that the drive by vendors to make firewalls simpler to operate is resulting in a sloppy approach to security by resellers and customers alike. "Because the products are easy to configure, they stop there," says Radavics. "But have they taken in security best practice?"
Of course not everyone needs best practice. The home office is unlikely to keep national secrets on the local server, but higher-end SMEs are particularly vulnerable to commercial espionage.
Instant messaging programs
-1.jpg&w=100&c=1&s=0)
.png&w=100&c=1&s=0)
