I grew up in a time and place where nobody bothered to lock their front door, nor their car. Back then, people didn't worry much about personal security at all. Now I live in the city and I have deadlocked doors, a burglar alarm and a big dog.
What has caused this change in my attitude? No, I haven't been burgled, attacked nor threatened -- yet -- I've simply recognised the security risks of living in the time and place I do. Or, more probably, the manufacturers of alarms and locks, not to mention the breeder of my big dog, have collectively served to educate me of the risks -- and in so doing, created business for themselves.
There is a similar, barely tapped business opportunity for systems resellers.
Think about it. Your customers are asking about connecting to the Internet and e-mail access, putting up Web sites, and maybe even e-commerce. Sounds great. What a business boost for you! But the opportunity is even larger if you can get them thinking about the dangers of that free and easy Internet access.
Metaphorically speaking, in terms of their attitude to security, most Australian businesses are still in that small country town I grew up in. "Everyone can be trusted, they all look out for each other, right?" In an alarming majority of cases, network managers are not even aware their information is under threat. Thanks to the successful networks you have probably sold them, information that used to be in your customers' company books -- locked in the safe at night -- is now scattered amongst their various PCs. The decision-makers are not exactly sure where company information is, let alone how to protect it. This is where they need you, as their technology reseller, to educate them.
Of course, first you need to educate yourself about the dangers in order to explain them to your customers. There are numerous ways for a business to be affected.
Someone could mail the company accountant a file with a virus in it, halting accounting for a day or week, or erasing files.
A competitor could get in and access the database, the price list or competitive marketing plans.
A hacker could prevent the organisation's network from being accessed -- a so-called "denial of service" attack. More subtly, infor-mation on the system could be changed without anyone being aware of it.
I am not just being alarmist. Each of the things I've mentioned has happened. . . and happens with frightening frequency.
What investment is required?
Establishing a service to tackle these potential dangers requires an investment in expertise such as:
Employ two staff members who understand the issues: one sales, one technical Follow some of the newsgroups and mailing lists that discuss security issuesAttend vendors' training courses to understand how to deploy the productsIdeally, one of your technical staff should be highly TCP/IP-literateA way to get up to speed quickly with a new technology or product, that is often over-looked, is to implement it in-house. Once your technical staff come under the pressure of making systems work for you, they will invest the time in learning them. They will then be more aware of the problems customers may run into using the same products.
Firewalls. These are the traditional ways of controlling access to and from a network. Setting up a firewall is a science in itself. Don't let anyone tell you that you can just turn them on and forget them. There are a number of products to choose from including CheckPoint Software's Fire-Wall-1, Eagle from Raptor and Gauntlet from Trusted Information Systems.
What about selling content checkers? These are appli-cations that scan e-mail for viruses, scan attachments for viruses and scan FTP transferred files.
There are a number of popular products such as Mimesweeper from Integralis and VirusSafe Firewall from eSafe Technologies.
Then come the access control systems -- devices or software that validate users before allowing them access to systems. Options include ACE/Server from Security Dynamics and Safeword from Secure Computing.
Margins on physical products are predomi-nantly set by the market, but service-based revenue is within your control. Services you might develop include: security auditssecurity planningongoing managementWherever you are lacking skills, or if some of these areas are not part of your long-term business plan, locate and work with a security consultant who can handle some of the more detailed areas for you. However, maintain control of the project so your customer perceives you as his protector. In time, a core of customers should provide a sufficient income stream for you to recruit your own experts.
Peter Sandilands is Check Point Software Technologies' regional manager, Australia and New Zealand. He can be reached at firstname.lastname@example.org