NADIA CAMERON, ARN (NC): Why is it important to secure content?
FRANK CANAS, COMMONWEALTH BANK (FC): From our perspective, it’s important, because the content we keep is information not so much about our organisation, but about our customers. Even though we don’t have a regime in Australia at the moment where we have to disclose every breach, we do have losses to reputation, and fi nancial losses, if our customers’ data is made available to parties it shouldn’t be. We have been looking very closely at what’s happened in the UK and they are leading us by a long way in terms of breaches, as well as their reaction. We see them as a model of where we will be in a few years.
PHIL WURTH, CONTENT SECURITY (PW): A lot of companies we deal with are government agencies and you need to make sure they have policies in place. One customer we are doing an audit for at the moment is a health department and they have to have a report to the government by April to say their content is secure.
NC: Does the importance of securing content vary by customer segment?
PETER BAINBRIDGE, DATACOM (PB): We have financial customers where we store personally identifiable credit information within databases we host for them. In those instances, high-end security requirements need to be built around mainly PCI compliance. Whereas we have other customers who, while their information is sensitive around what they’re bringing to market, have different levels of rigour based on requirements versus cost.
WAYNE SMALL, CORRECT SOLUTIONS (WS): SMBs tend to not think too much about content security as they don’t value their data. Unless they store credit card information, most aren’t aware their customer database is worth something their competitor could use. I think that’s one of the biggest challenges we face in the SMB space – getting customers to acknowledge their information is worth protecting. Sure, they have firewalls in place, but not much beyond that, until they get bitten. Then it’s a reactionary sale, which is often the worst time to sell customers anything.
DOMINIC WHITEHAND, WHITEGOLD SOLUTIONS (DW): The meaning of content to customers is different across the board: You may be protecting content for compliancy issues; you might be protecting content vastly more sensitive than standard content, such as credit card information that is operational, or mission critical content you need to protect; you might be a legal firm that’s protecting client information. A lot of these things have different outcomes if they’re breached or compromised. On the reseller side, it’s very much a case of how we provide a platform for education to understand the messages given to end users. You need to understand how they pitch, or indeed educate, their users.
NC: Is lack of customer awareness a big issue then?
LES HOWARTH, SECUREWORX (LH): I don’t think customers really value content security. I’d probably disagree with Wayne [Small] in that the best time to sell this type of technology is when they’ve been bitten, as sales are easier then. The problem is, if they buy it then, they’ve defeated the object. The issue is that it hits at their brand value. If it’s a bank that’s not secured and gives out information, then that hits the press, they can’t take it back – it’s too late. Selling it is a lot easier, because people are willing to buy, but our job is to move this further back down the supply chain and make sure they’ve done the right thing upfront.
ANDREW DIMECH, DATACOM (AD): What we try and do is ready against compliance, PCI standards, etc, so we’re ready for the reactionary sale as well. Most of our sales are based on reactive sales, as opposed to proactive.
JEREMY HULSE, MARSHAL8E6 (JH): It highlights the point that customers don’t know, therefore when there is a problem, they will bite. What we should be trying to educate them about is the risks.