“I find the conversation aspect around delivering risk straight forward,” he said. “I term it as Fort Knox and ask customers to think about what would happen if anything left their own Fort Knox? It could be gold, it could be information, it could be anything but the point is, it needs to stay within Fort Knox.
“When in front of an executive above the technical specialists, that’s when I deliver the fear message. But it’s not so much about risk, more so focusing if the staff within an organisation can handle the pressure if a breach occurs and something goes wrong.
“How do they respond? How do they interact back with the business? We have that conversation in great depth and that’s how we introduce risk.”
Bridging the gap
“In my opinion there are three key elements to security,” Channel Dynamics Director, Moheb Moses, explained.
“There’s the products and the vendors are good at adapting as the market shifts, then there is the process, which is focused on simple things such as don’t put your password on a post-it note on your screen. And finally, there’s people’s behaviour.
“If I look at the skills within the channel, during the past 20-30 years, the market has been very good at selling great products to stop threats, so now the focus turns to process and behaviour.”
For Moses, many security-focused partners in Australia still remain tie to the traditional product style sales approach, bound by customers failing to adapt.
“Customers still think of just putting in good technology to solve the problem, and partners are going along with this line of thinking to a lesser extent,” he added. “But it has to be more around education and understanding the implications of security.”
Echoing the comments of Mesiti, Moses said the reactive nature of businesses will continue to stall this change of thinking irrespective of size of stature.
“When your neighbour gets breached you pay more attention,” he said. “And when your friend dies you write your will, or take out insurance after you’ve been robbed. There’s a role for partners to help customers understand those use cases and change.”
For Young, speaking as a security-focused vendor, the onus is now on the channel to help bridge this widening gap in business.
“It’s an ongoing challenge,” he acknowledged. “The people within an organisation who understand the security and technology elements of business aren’t always the ones capable of communicating it back through the company. That’s where partners can fill the gap and offer real value to customers.”
Interest in security technologies is increasingly driven by elements of digital business, particularly Cloud, mobile computing and now also the Internet of Things, as well as by the sophisticated and high-impact nature of advanced targeted attacks.
Such a focus is driving investment in emerging offerings, such as endpoint detection and remediation tools, threat intelligence and Cloud security tools, such as encryption.
“There’s business decisions to be made around what’s being protected,” Stitt added. “It’s much like the insurance discussion in that if I have a car that I don’t really care about then I won’t care about my insurance cover unless I hit someone. But if I drive a really nice car I want to make sure that if someone bumps into me then I’m covered.
“Through applying this analogy to information and applications, most businesses and customers also have to place value on what they are trying to secure, because this ultimately determines the investment they make to minimise risk.
“New technologies are playing a role but budget priorities also play a huge factor in the security decision making process.”
Globally speaking, worldwide spending on security reached $US75.4 billion in 2015, an increase of 4.7 percent over 2014.
According to Gartner findings, the increase in spending is being driven by government initiatives, increased legislation and high-profile data breaches.
Security testing, IT outsourcing, and identity and access management present the biggest growth opportunities for technology providers.