Risky business: the channel's cyber-security challenges

By on
Risky business: the channel's cyber-security challenges
Page 2 of 2  |  Single page

There is no one rule on ransoms

CRN: The FBI has advised companies compromised by CryptoLocker to just pay the fine. What do you think?

Ben Robson: I tell my customers two things: have your backups; and do not negotiate with terrorists.  It’s as simple as that.

Robbie Upcroft: But life is not black and white, so you can’t have a black-and-white answer. When customers ask us, ‘I’ve been hit by CryptoLocker, do I pay?’, the only answer can be, ‘It depends’. 

If it’s an endpoint on someone’s machine that is really not that important, then fine, let it go, knowing full well that the bad guys are going to then see you as somebody who is not going to be breached and they’ll potentially walk away. We see a lot of data around when someone makes that first payment, they put a big target on their head saying, these guys are good for it.

The black-and-white statements like [the FBI’s] do more damage than good, because it gives the customer a sense that there’s an easy way out of it, that it’s either ‘I don’t pay’ or ‘I pay’, and thank you for making the decision for me. This is where we see the value of the channel partner, in translating the technology to the business need.

Setting up a security practice is hard

CRN: Damian, what is it like for a traditional IT services provider setting up a security division?

Damian Huon, Huon IT: Firstly, finding a security guy who can speak business language has been very difficult. Finding the right security guy who is not already a director or partner of the firm, and that you can attract away, has been difficult.  

We’ve had a couple of false starts, but now we’ve found a consultant who has a lot of track record and works for one of the major banks in a three-day consulting role, so he has availability. He’s an independent who is coming in and assisting us to build our practice. He is going to assist us with different security products and then guide us around the vendor space. 

That’s highly attractive to us because we haven’t got an expensive salary on board, initially, while we’re building the practice, and we have some runs on the board with some security tests and pen tests to use for our customers. That’s a toe-in-the-water approach, but we’ve got someone we couldn’t afford to put on staff who’s got a lot of track record.

Brian Jamieson: It’s actually a good approach, because consulting is a costly business. In order to get the right skills and retain those skills, and then provide an environment for someone where

it’s attractive for them to work for you where they’re not being poached, is a very difficult proposition.  

Brian Jamieson, Shelde

New entrants should specialise

Patrick Butler: Pick the area of security you want to be in. There are a lot of areas to choose from: there’s the consulting; there’s the actual security engineering where we deploy products; and there’s the managed services area.  

Those are the three broad areas, then you break down consulting and you’ve got pen testers – that’s a completely different skillset to application code reviewers, to social engineering, and physical security… and then you’ve got compliance and governance.

You’ve got to decide: do you want to be doing something well or do you just want to be offering a sort of tick box? Because if you go and do something just because you want to get into this hot market, and you deliver something that’s not at the quality set by the industry, then the risk is that the customer gets tainted by that.

The cloud creates a security opportunity

Martyn Young, F5 Networks: There’s an opportunity for partners to be able to educate, guide and consult around how they expand that security model into the hybrid cloud, make it application-centric and deliver a consistent model across those environments, regardless of whether the application is in the data centre, private cloud or public cloud.

There’s further opportunity for partners around adding the agility higher up the stack. Software-defined networking is gaining more traction for the same reason that server virtualisation gained traction – it provides better utilisation of hardware and a much more agile environment for deployment and flexibility. Security comes with that. 

When we move to the full hybrid cloud, it is going to be out in the ether of public cloud or in a true private cloud, on-premise. I think it’s a great opportunity for partners to get in front of that curve and help customers with that transition. 

Previous Page
1 2 Single page
Got a news tip for our journalists? Share it with us anonymously here.
Copyright © nextmedia Pty Ltd. All rights reserved.
Tags:
roundtable security

Partner Content

Secure, integrated platforms enable MSPs to focus bringing powerful solutions to customers
Secure, integrated platforms enable MSPs to focus bringing powerful solutions to customers
Channel can help lead customers to boosting workplace wellbeing with professional headsets
Channel can help lead customers to boosting workplace wellbeing with professional headsets
How NinjaOne Is Supporting The Channel As It Builds An Innovative Global Partner Program
How NinjaOne Is Supporting The Channel As It Builds An Innovative Global Partner Program
Build cybersecurity capability with award winning Fortinet training from Ingram Micro
Build cybersecurity capability with award winning Fortinet training from Ingram Micro
Tech For Good program gives purpose and strong business outcomes
Tech For Good program gives purpose and strong business outcomes

Sponsored Whitepapers

Easing the burden of Microsoft CSP management
Easing the burden of Microsoft CSP management
Stop Fraud Before It Starts: A Must-Read Guide for Safer Customer Communications
Stop Fraud Before It Starts: A Must-Read Guide for Safer Customer Communications
The Cybersecurity Playbook for Partners in Asia Pacific and Japan
The Cybersecurity Playbook for Partners in Asia Pacific and Japan
Pulseway Essential Eight Framework
Pulseway Essential Eight Framework
7 Best Practices For Implementing Human Risk Management
7 Best Practices For Implementing Human Risk Management

Events

techpartner.news MSP index - Brisbane
techpartner.news MSP index - Brisbane
techpartner.news Channel Leader List / Golf day
techpartner.news Channel Leader List / Golf day
techpartner.news Pipeline Conference 2025
techpartner.news Pipeline Conference 2025
Integrate Expo 2025
Integrate Expo 2025
Security Exhibition & Conference 2025
Security Exhibition & Conference 2025

Most read articles

Australian MSP Index launched

Australian MSP Index launched
Ingram Micro Ushers in the Age of Ultra

Ingram Micro Ushers in the Age of Ultra
Announcing Pipeline 2025 tickets, theme & initial speakers

Announcing Pipeline 2025 tickets, theme & initial speakers
Vic gov to spend $100m on cyber security

Vic gov to spend $100m on cyber security

Log in

Email:
Password:
  |  Forgot your password?