What market opportunities are in store for security resellers in 2009?

Tis the season to be jolly! The festive season is here and while resellers are finalising their end of year sales, cybercriminals are finalising their end of year attacks.

While the channel approaches Christmas downtime, resellers should remind customers that the risk of an attack is on the rise and encourage them to ensure their employees don’t become lax about security.

Of particular concern is the increase in fraudulent e-card volumes with Christmas- or New Year-themed greetings.

According to security vendor AVG, an estimated 500 million e-cards and greetings will be sent online this Christmas.

E-cards are considered such a risk that in America the FBI has issued a formal warning. “Criminals are using this medium to deliver viruses and other security threats to unsuspecting victims.

“Because risky e-cards are typically made to look as though they have been sent from a trusted party, usually a friend or relative, they fool the recipient into opening them,” said Lloyd Borrett, marketing manager for AVG A/NZ.

Furthermore, security vendor Proofpoint expects to see a significant spike in attacks ranging from spam and phishing emails to malware.

It warns workers to look out for holiday shopping, charity, online banking and tax scams that are designed to trick users into giving away personal information, or downloading malware that gives criminals remote access to their computers.

As the channel gears up for 2009, CRN asked experts to discuss what they see are some opportunities for the channel next year.

Identity and data access control will be hot due to the looming recession and an increasingly disgruntled workforce.

Gunter Ollman, chief scientist for IBM ISS, believes with limitations going into 2009 on what businesses can spend on security infrastructure and software, businesses will not be well equipped to combat insider threats.

The downturn in spending opens up great opportunities for cost-effective products on the solutions forecasts in 2009.

Gary O’Sullivan
Channel manager, Australia and NZ, Vasco Data Security

Security remains a key concern for all businesses, particularly those with business models that integrate with the web.

As fraudsters become more sophisticated and harder to identify, industry areas that protect the individual — either their identity online or their financial details — will become increasingly important.

This has implications for all businesses.

Those that embrace identity protection on behalf of customers can potentially leverage a competitive advantage that benefits all parties (except the fraudsters!)

Online identity protection and remote access authentication can be as simple as a one-time password from a device but more sophisticated online security protection that incorporates the business authenticating the user and then the user authenticating the business will also be highly sought-after.

These more sophisticated security areas provide strong opportunities for resellers as the complexity requires specialised knowledge and skills.

Authentication normally conjures thoughts of online banking and financial services but increasingly B2B and B2C e-commerce businesses are leveraging bank-grade authentication.

Access to commercially sensitive information and confidential data through business portals or extranets demands better protection than simple passwords to ensure corporate secrets remain that way.

Resellers with a good understanding of the business implications of online security, and backed by proven, authentication technologies, will find the market rich with opportunities.

James Turner
Advisor, IBRS

Resellers should be seriously considering a few specific, perhaps non-intuitive, areas in security products and services over the next 12 months.

I’ve just completed a research note which has gone out to IBRS clients analysing the impact of the economic downturn on internal corporate security.

During an economic downturn, employees can feel extra pressure and this means they can sometimes put their hands in the till to augment their income, their lifestyle, or to retaliate against a redundancy.

So, IBRS clients will be reviewing and considering Anti-Money Laundering technologies, log aggregators and anomaly detection, Identity Management (particularly provisioning and deprovisioning tools), etc.

This topic can come over as a huge pile of FUD (fear, uncertainty and doubt) but this just means that the topic has to be raised independently.

You cannot just send in a sales exec and get them talking to a client about malicious insiders — it smacks of self-interest.

For companies which sell bandwidth to corporate clients, I’d encourage them to think strongly about offering anti-spam services using open source tools.

I’ve had numerous conversations over the past few months regarding Symantec’s acquisition of MessageLabs. The theme I’m hearing again and again is that people liked MessageLabs technology but they couldn’t justify the cost.

Now that Symantec has them, Symantec will be looking for quicker than normal ROI.

So cost-sensitive organisations are actively moving to ISPs who are using open source tools to take care of the spam in the cloud.