Guarding the Global Gates with Managed Security

IT departments are turning to the channel to ease their increasingly complex security burdens. By Siobhan Byron and Dragana Vranic

Security has always played a significant role in how the channel services customers' IT needs. And the issues of guarding the global gates are only growing for midsize organizations, which is why many are now incorporating managed security services into their overall security programs.

According to PricewaterhouseCoopers' The Global State of Information Security Survey 2012, 84 percent of companies in 2006 said they were confident in the effectiveness of their information security activities. By 2011, that number dropped to 72 percent. This huge loss in confidence has significant ramifications for how to best help customers.

During the past five years, IT departments have been dealing with a rapidly growing global onslaught of security threats at the same time budgets are being frozen or slashed. In response, IT teams are looking to the channel for help with becoming more flexible and adaptable.

This often means replacing established technologies with lower-cost systems from multiple vendors, frequently including solutions in the cloud. While those solutions effectively address cost, speed, and risk management concerns, they also carry greater security and regulatory compliance issues. And these all need to be addressed while also incorporating a flexible and cost-effective approach to business continuity and disaster recovery.

That makes today's IT environment more challenging than ever. In our increasingly virtualized world, more systems connect through the cloud, opening up entry points that need to be guarded. Also, complex infrastructure is often overprovisioned, underutilized, and difficult to manage. Just when IT organizations could use more resources to fight this security battle, they have fewer. This is where IT solutions providers ultimately prove their value.

By offering managed security services, the channel can help companies get beyond this security trap. Channel partners take much of the burden of deploying prevention, detection, and Web-based technologies away from internal IT departments, enabling them to use their knowledge of the business to add value across the organization.

While the past four years have seen a significant reduction in other IT investments, managed security services is one area where companies are still willing to invest. According to the PricewaterhouseCoopers survey, a reluctance to fund IT security during the economic downturn led to a degradation in core security capabilities. Organizations are now realizing they are living on borrowed time and are anxious to rectify the situation before a disaster occurs.

Adding to the urgency, mobile devices and social media also present significant threats. According to a recent Check Point survey, nearly half of all companies are victims of social engineering, having experienced 25 or more attacks in the past two years. That costs businesses anywhere from $25,000 to $100,000 per security incident. And McAfee reports that attacks on smartphones and other mobile devices rose by 46 percent in 2010.

The situation certainly can become dire for an ill-prepared organization. The speed with which the security threats change in a globally connected and converging business world is the biggest barrier to any IT organization mitigating risk so it can focus on the company's core business.

Yet smart companies are finding that incorporating managed security services into their overall security program can help to effectively combat these threats. And with that, IT departments can get back to focusing on delivering business value instead of guarding the gates.

SIOBHAN BYRON is president of Forsythe Technology Canada Inc., an IT infrastructure integrator headquartered in Toronto. DRAGANA VRANIC is director of managed services at the company.