The security industry has been rocked by a near-constant stream of breaches and threats in 2011, and it’s having a real impact on security resellers’ business and customer interaction, but in a very positive way.
In 2011, major companies such as RSA, PayPal, Visa, Mastercard and Amazon have all been the target of malicious attacks.
The most recent victim, Sony, had its consumer cloud service hacked. The attackers potentially accessed personal data from as many as 77 million users including their credit card information. These attacks are changing the nature of conversations vendors and their partners are having with customers.
Modern business wisdom
CA principal consultant, Trevor Iverach, said, “If you look at the nature of the attacks, they’re becoming more sophisticated in obtaining critical business data, and organisations understand they can’t hide these breaches from customers,” Iverach said.
The last point is especially important to note. Superficially, it may seem 2011 has been the year of breaches, but really it’s more the case that modern business wisdom has organisations being more open and forthcoming with customers in the event of a breach. It’s all coming together to put a renewed level of focus on security, and organisations are reacting by prioritising security in their budgets, Iverach claimed.
The size and frequency in the media of these breaches is having real impact on conversations security resellers and consultants are having with customers too.
Customers read the same things we do, Southern Cross Computer Systems general manager of consulting services, Ashutosh Kapse, said. And some companies that were using those that were attacked were beginning to question whether they were investing in the right vendor.
Far from being a problem for the reseller, however, these customer concerns are keeping companies such as Southern Cross Computer Systems busy in a positive way, Kapse claimed.
“They’re asking us ‘what is the threat and technical reality for me?’” he said. “The reseller’s duty and responsibility is to do the research and have the resources to answer these questions.”
Content Security director, Louis Abdilla, also claimed that the first half of 2011 will have a longer-term positive impact on the security industry.
“There’s been so much changing technology, that security is always going to be a challenge. It’s been a response measure; almost a band aid,” he said.
Virtualisation – where traditional antivirus solutions didn’t work properly, cloud computing and the proliferation of devices such as iPhones and iPads has created a ‘catch-22’ situation: the pursuit of absolute security can halt progress, but adopting these new technologies can open up holes in security.
Hacker organisations are also becoming better organised and bigger. This allows them to successfully go after larger targets.
“Once an organisation starts to get targeting they’re up against the wall,” Abdilla said.
“When you have data in the cloud, that’s the problem now. I was waiting for the first big data breach in the cloud. The Sony PlayStation Network was the one.”
Stunting cloud adoption?
So, taking into account that data breach, and Amazon’s cloud services going down over Easter, is the apparent lack of security around cloud services going to cause headaches for resellers engaging with customers?
In short, no. They’ll be wary, Content Security’s Abdilla said, but there are simply too many benefits to cloud computing to ignore.
“It’s going to make people think twice, and moving forward not all data will be hosted in the cloud, but hybrid models will still be very much in demand,” he said.
There are still the financial benefits to adopting a cloud solution, and recent breaches will benefit the overall cloud message, according to Southern Cross Computer Systems’ Kapse.
“Cloud was still in the hype stage where risk and availability were only given a cursory look,” he said. “Hopefully, recent events compel customers to take a close look at security. That said, I don’t see cloud adoption slowing down. There are some applications that are perfectly safe on the cloud.”
Symantec director of security and compliance solutions, Sean Kopelke, said customers are not reconsidering their cloud plans, but rather refocusing where security policies need to be enacted.
“A lot of customers have a good start in their frameworks,” he said. “It’s an issue for them to move their thought processes from concentrating on infrastructure to understanding that it’s the information itself that needs to be guarded, and looking at how to manage that.”
And there are plenty of ways to put a positive spin on cloud security in conversations with customers.
NexRight managing director, Dilip Mohapatra, said cloud computing allowed customers to choose the right level of security from a datacentre perspective for its needs, and opened more opportunities for recovering from events.
Cloud solutions have also proven secure overall, despite recent incidents.
“People are taking a lot of precautions,” Mohapatra said. “And hacking activity can happen to in-house applications as well. It’s not an issue exclusive to cloud computing.”