XChange: Solution Providers Need Architecture Approach To Succeed, Future-Proof Security Investments
To bring true value to customers around security, solution providers need to take an architectural approach, security experts said Sunday at the XChange Solution Provider Security University event.
An architectural approach to security means building and designing something that brings together disparate systems in a uniform way, with a solid form and function, Michael Knight, president and CTO of Greenville, S.C.-based Encore Technology Group said at the event, which is being hosted by CRN parent company The Channel Company in National Harbor, Md., this week.
Solution providers should be the general contractors, architects and managers of the security architecture, bringing together the customer's needs and wants with supplier's technology, he said. In doing that, solution providers become more integral to the customers as they help them choose, implement and manage the best technology for their business when it comes to security, as well as setting them up with an architectural framework to handle new threats and security needs that may come down the road, Knight said.
[Related: Quantifying Risk: How To Have The Right Conversation About Security To Increase Sales]
"In order to be able to hold that up or have the foundation to plug things in, we have to recognize security doesn't have a finish line and you're going to have to constantly evolve as part of that," Knight said.
Allen Male, director of global strategic security partners at Cisco Systems, agreed, saying that as threats continue to accelerate and customers embrace technologies like the cloud, security often becomes more complex. Solution providers need to help customers face this "dizzying buying decision" with an architecture approach, which he said helps them "accommodate the full gamut of solutions deployment."
To build that architecture, Knight said solution providers need to understand who their customers are, including their vertical, compliance needs, demographics, security concerns, budget and existing technologies. From there, he said solution providers should add what their team's value is and what technology partnerships and ecosystem partners they have to provide.
Where companies often go wrong when it comes to building an architecture is by making it too complicated or it has the proper function but is too transparent, Knight said. Solution providers should help customers choose the technologies they really need and build an architecture with them, instead of just trying to add as many pieces as they can for the sake of it, he said.
Solution providers should make sure to pay attention to a few areas of security that customers frequently overlook, including usable SIEM or central logging, identity asset management, highly available authentication, policies, testing procedures, security training, and third-party reviews of events and policies, according to Knight. Solution providers often miss taking an ecosystem view of security solution, monetizing solutions and recurring revenue opportunities around security assessments and other services, he said.
The ultimate goal, Knight said, is to help customers both meet the security requirements that are needed today, as well as prepare them for the security needs to come.
"Security doesn’t have a finish line," Knight said. "As you're building this out the first thing you have to understand is you have to get to multiple ballast points and, moving forward, you have to continue to adapt and change to that."