IT has been a good year for the major security software vendors with most of the majors reporting big increases in income and turnover. Among them Symantec posted a 48 per cent increase in global revenue for the first quarter of the year while Trend Micro's second quarter revenue was up 30 per cent and net income increased 144 per cent year-on-year.
All indications point to the upward trend continuing with a flow on to resellers who have taken advantage of the growing and continuing demand for security solutions. The likes of Manaccom, Australian distributor for Trend Micro's consumer and SOHO based products, have experienced strong revenue growth during the past 12 months as consumers and small business become more aware of the growing threats of blended viruses, spam and phishing.
Even in the mature enterprise market, security remains a key area for IT spending and, according to Gartner, that is not likely to change substantially in the foreseeable future.
At the recent Gartner IT Security Summit in London, Gartner's managing VP security, Victor Wheatman, warned that the next five years would see new waves of technology rendering existing information security measures obsolete, increasing security exposures in both new and legacy environments.
"Whenever new technology is introduced or business fundamentals change, management's focus in terms of funding and resource allocation shifts from the old to the new, creating a security gap," Wheatman said. "In this way, each new wave of technology obliterates the security architecture appropriate to its predecessor, opening the enterprise up to an ever increasing raft of security risks.
"For those who thought the information security risks they have battled with, in recent years, were all but over, this may well be unwelcome news. However, we remain confident that enterprises that continue to regard security as a key IT and business issue, and invest accordingly, will succeed in securing their businesses and those of their customers.
"Perfect security is impossible, but continual scanning for new vulnerabilities and monitoring for new threats are critical and a much better investment than to passively sit back and wait to detect attacks," he said.
Anybody needing any confirmation of that just needs to look at Symantec's Internet Security Threat Report for the first half of 2004.
Symantec A/NZ managing director, John Donovan said the report showed that exploits were being created more easily and faster than ever, while attackers were launching more sophisticated attacks for financial gain.
He said software vulnerabilities and targeted attacks remained a primary area of concern for Australian organisations and individuals. There was a 400 per cent increase in the number of attacks against e-Commerce in the first half of the year, a steady increase in the number of attacks against Web application technologies, and the time between the announcement of a vulnerability and it being exploited had dropped to just 5.8 days leaving organisations with less than a week to patch vulnerable systems.
Something like a phenomenon
IronPort Systems managing director for Australia and New Zealand, Mike Bosch, sees the reseller channel as playing an increasingly important role in the security space.
"No IT phenomenon has ever accelerated so fast in such a short time as the spam and virus phenomenon; not even email itself. Vendors of security solutions just don't have the capacity to address these threats on their own," he said. "We're talking about every single business out there, big and small. Resellers should see this as the biggest single opportunity they might ever enjoy."
Bosch has been hosting the first visit down-under by IronPort CEO and co-founder, Scott Weiss, who said the big opportunity for IronPort and its resellers existed right now.
"IT decisions pertaining to the email gateway and its security are being made today and over the next 6-12 months," Weiss said.
"We are well placed here. We established a presence in Australia much earlier in the process of going to market than is typical for Silicon Valley firms because we saw a large under-served market here."
Zone Labs vice-president marketing, Fred Felman, agreed resellers had an enormous role to play, especially in the SME market where companies needed cost effective solutions that balanced security against employee productivity. However, he said the need was for value-added reselling.
"SMEs don't need to be sold a product in a box - they need a partner who can balance their specific business needs and provide scalable solutions to meet changing requirements," Felman said.
"To do this, resellers must have a network of trusted partners so they can provide multiple layers of protective controls and adapt in response to a constantly changing threat environment.
"They need to incorporate products and professional services such as targeted training workshops that meet the needs of individual organisations, or cater to identified needs within the customer-base; and they need to partner over the long-term - no one solution protects against all threats, and no one product remains unchallenged by the ever-evolving threat landscape."
McAfee recently announced the launch of its Partner Security Services in Australia and New Zealand. This allows resellers to become a defacto outsourced security manager for their small business customers by providing the reseller with a complete view of their customer's IT security.
McAfee marketing director APAC, Allan Bell, said PSS addressed a critical pain point of security management for small businesses who do not have the time or skills to keep their network secure.
He said about 220 resellers had signed up following a successful beta test of the program which allows resellers to monitor multiple customers' IT security through a secure website.
"The core to the system is out managed Web-based virus scan product, which provides a Web-based report of the customer's security," Bell said. "They were originally designed for the customer to go online and view them, but one of the most common feedbacks we received was that they didn't have time to read the reports.
"Part of the reason was that the sweetspot for the product is the 10-25 node space and at that level if it is working customers don't touch it. The downside to that is that while it might be working it, might not be working as well as it could be. Resellers came to use and said 'why can't we read the reports for them because if there is a problem we will be called in to fix it anyway'.
"So the customer signs up for the program and the reseller monitors their system daily and is able to develop a relationship with the customer that can extend beyond just security solutions to other IT purchases such as software, hardware and consumables like ink cartridges."
Computer Associates' senior security consultant, Chris Thomas, said most organisations today were looking at patch management.
"However, patch management is not the whole story," he said.
"If we look at Windows XP Service Pack 1, about half of the platform's known security vulnerabilities can be fixed with a patch or Hotfix. The remaining 50 per cent need a change in the system's configuration to be resolved. These include registry changes.
"Resellers can help companies in their purchasing decisions by reviewing risk analysis data or by conducting security audits for the customer before advising on suitable products.
"Organisations need to know the value of the data they're trying to protect before investing in software. If the data assets are given a value of $500, it doesn't make sense to buy a security software suite worth $6000 to address that particular problem.
Resellers can return more value to the customer by giving advice that helps them end up with the right software for the job.
Similarly, they can maximise each revenue opportunity by reviewing the customer's entire IT infrastructure and advising on needs, and still save the customer money.
Customers don't have to buy everything at once, but at least they know what they really need and can implement in stages if they want," he says.
Although patch management for Windows XP users has been improved with the release of Service Pack 2 it still requires system administrators or small business operators to install it, offering further opportunity for resellers who offer a managed security service to create or enhance customer relationships.
While IT security - particularly in relation to viruses, spam and hacker attacks - has been a constant topic for media coverage in recent years local studies show that small business take up of antivirus and anti-spam solutions has been much lower than expected and this is where Sophos sales director, David Higgins, sees significant opportunity for the company's reseller partners.
"Australian resellers are best positioned with infrastructure to deliver the support and technologies needed to secure organisations of all sizes and help them fight back against the risks posed by this spam economy," he said.
"Resellers have the big picture view of their customers computing requirements and can offer the right mix of advice, training and implementation."
Perhaps the final word should go to channel director at Juniper Networks, Brian Allsopp, who expects the security spend increase in Australia.
He said if resellers were to capture their share of this they needed to take on a consultative role.
"Selling security is no longer about products - it's about identifying and meeting a business' security needs," Allsopp said.