Virus opportunities fleeting for channel

The outbreak of the Anna Kournikova virus has once again placed security in the spotlight, serving as yet another reminder to IT managers of the vulnerability of systems in the ongoing protection war.

But the opportunities for the channel remain as fleeting as the virus itself, according to security resellers and outsourcing companies.

This sort of outbreak causes a momentary spike in business," said Bob Hey, security consultant at Com Tech Communications. "The immediate analysis is panic but by the end of the day it has calmed down. The philosophy regarding viruses and security is changing significantly - people are looking at the history of outbreaks and finding they have dealt with them before."

However, the incident has served to raise awareness of the way antivirus security must now be implemented hand in hand with Internet security solutions. Andrew Tune, general manager of managed security at SME outsourcing firm eSec, draws parallels between this market and perimeter security solutions, given that many organisations fail to implement strategies until it is too late.

"In one way antivirus security is linked to Internet security and in another way it isn't. There are lots of ways for viruses to penetrate an organisation, such as being brought in on floppy disks. However, an outbreak like this reinforces the pervasiveness of the Internet and the consequences of not getting security right. It is a 24 x 7 proposition."

Despite this, security solutions remain a "difficult sell", although Tune admits more customers are approaching eSec on their own terms. "The fundamental problem is security only becomes urgent once it is too late."

Although eSec doesn't sell antivirus software, Tune maintains every organisation should have an antivirus solution on every single desktop and server and keep it up to date. This mandate has made it a lot easier for resellers than in times past, according to Com Tech's Hey.

"Security was a hard sell three years ago because the word "e" was very misunderstood," he said. "But as online applications develop, organisations are now realising that, to facilitate their services, security must be the cornerstone. Nowadays, selling security solutions isn't the demon it used to be. Organisations are beginning to see it now as part of their cornerstone infrastructure rather than an unwarranted, unbudgeted pain."

The downside to this paradigm shift is that many security products are now seen as commodity items. While in itself not a bad thing, this perception is squeezing the profitability on many products.

"As a reseller, we add value by supplying the infrastructure, and that is the way it always should have been," Hey said.

Grant Maxwell, MD of SME outsourcing company Glenhurst Communications, said a new wave of security providers had begun to enter the market providing solutions based on the ASP model. "We are seeing a new wave of security where companies provide ASP services for content filtering."

This destination-based filtering is an example of how traffic and e-mail control is merging in security solutions. Yet despite the best firewall protection, businesses need to be wary of inadvertently loading viruses onto their systems via media such as floppy disks, he said.

Stephen Matthews, business developer of ERP vendor and AS/400 developer IBS Australia, said the new security crises plaguing the Net have a lot to do with the ubiquity of the Wintel infrastructure underscoring enterprise systems.

For that reason, the spate of recent security and/or virus alerts represent an opportunity for the AS/400 platform and the channel servicing it. He said that constant security threats and pressures "will oblige them [customers] to reassess" their enterprise operating platforms.

"A hacker-proof server is a growing requirement of the total equation when it comes to enterprise computing," Matthews said. "We live in hope that people will convert to AS/400 because of the security issues.

IT departments also need to understand the complexities of keeping up to date in the security race, eSec's Tune said.

"The organisations with the most foresight are those dealing with outsourcers because they recognise security is a specialist industry and it is not economical to do it in-house."

When the Melissa virus first broke out more than 18 months ago there was widespread panic, but the latest attack was simply a variation on a theme, according to Hey.

The Anna Kournikova breakout attracted an initial flood of requests for risk analysis, but once the potential of the bug was understood, things quietened down a lot, he said. "It is no longer a war against viruses," Hey said. "A year ago it was us against them. It is now a matter of looking at the long-term implications."

Photograph: Glenhurst Communications MD Grant Maxwell.