Business Strategy
Channel Insights
Stay Connected
Acer America
Acer America Corp. is a computer manufacturer of business and consumer PCs, notebooks, ultrabooks, projectors, servers, and storage products.


333 West San Carlos Street
San Jose, California 95110
United States


ChannelPro Network Awards

hello 2
hello 3

News & Articles

October 24, 2011 |

Data-Driven Security: Amping Up Security Strategies

Employing data-driven security enables VARs to determine where a company’s threats really are, rather than where a client perceives them to be. By Erik Sherman

A data-driven approach to security provides a more accurate picture of threats and exposures, so VARs know what protection is most effective and where to employ it.

By Erik Sherman

Cyber break-ins at large corporations may get public attention, but SMBs can also be targets. For example, the FBI identified 20 incidents between March 2010 and April 2011 in which small and midsize businesses found their banking credentials compromised and money wired to Chinese firms.

But instead of rushing to sell security products to their clients, channel professionals should try data-driven security to better design and tune protection. This approach uses the information that exists in an infrastructure “to build a more realistic, current, and accurate picture of both threats and exposures,” says Scott Crawford, managing research director for analyst firm Enterprise Management Associates. Data can tell channel pros what protection will be most effective and where to best employ it.

A data-centric analytical approach is important because companies often assume they know what their greatest security dangers are, even though they don’t. “We’ve had examples where a company was very concerned about external threats,” says Ken Hammond, director of North American channel sales for Columbia, Md.-based security software vendor Sourcefire Inc. And yet when a reseller runs an analytic report, the real problems are internal, like unauthorized USB drives. “There are things going on in the company that they weren’t aware of,” Hammond notes.

Data-driven security starts with a thorough risk analysis, says Jeff Laurinaitis, sales director at RKON Technologies in Chicago. “Most SMB customers don’t have a real robust IT staff or a lot of headcount, especially in security,” he says. As a result, they rarely undertake such an analysis and often blindly throw money at the problem. “If you don’t have visibility into the problem and you haven’t put together a comprehensive strategy, you can lock it down like Fort Knox, but at what cost?”

Instead, channel pros must try to understand what clients most need to protect. For one company, it may be marketing plans for a new product launch. Another might find a money-saving production process more important. Understanding the business drivers enables a real discussion between VAR and client about what it would take to achieve the company’s goals.

Security vendors often rely on fear to sell their products. A data-driven approach moves beyond the emotion and forces a rational analysis of what a company actually needs. One simplistic example is that a company with servers running Linux isn’t concerned with Windows-based attacks and so doesn’t need software that focuses on Microsoft software.

More important, data can illuminate patterns that provide vital insight. “That is the key element,” says Dr. Cedric Jeannot, founder and president of Waterloo, Ontario-based vendor I Think Security. “Security is so complex that you’re never going to [cover all the bases], because there are so many things you can take into account.” Data helps uncover the realistic weaknesses rather than theoretical ones.

Jeannot uses a three-tiered approach: Identify potential risks, price the consequences of the risk in financial terms to the company, and then use the infrastructure data to see how attacks occurred and how to protect the business in the future.

Details that might seem trivial can enable important deductions. For example, if a company does business in the United States, traffic from China should look suspicious. Rand Callahan, CEO of San Luis Obispo, Calif.-based IT services company Venture Tech Consulting, says access control lists can provide critical insight into who has access to information and whether someone accidentally opened resources to potential misuse from outsiders.

Even coarse metadata, such as whether given information should be public or restricted, can help add perspective. “Information classification matrixes enable us to classify data [as] public, internal, confidential, or restricted, so we know what needs to be encrypted or stored in a secure environment,” says Callahan.

By combining risk management and analysis with the data from the infrastructure, channel pros can help clients decide which resources are in greatest need of protection, the vulnerabilities they most likely face, and how to best structure a security solution.

Editor’s Choice

Introducing ChannelPro’s Top 20 MSPs for 2024

June 18, 2024 |

These companies lead the way in building up the IT channel, as well as ensuring that their clients run thriving businesses.

Midwest MSPs Treated to Personal Stories, Compelling Demos, and More at ChannelPro LIVE: Columbus Show

June 7, 2024 |

Ohio technology professionals joined ChannelPro to share business best practices at the area’s first-of-its-kind event.

AI-as-a-Service Takes Shape for 3 MSPs

June 4, 2024 |

AvTek Solutions, LAN Infotech, and PCH Technologies share how they are working with the new AI-as-a-Service platform in their day-to-day business.

Related News & Articles

Growing the MSP

Explore ChannelPro


Reach Our Audience