The IT security threat landscape is changing. We now see threats evolving across mobile, cloud, and the Web. Channel Post speaks to regional industry experts to find out whether this scenario is converting into enough business opportunities for channel partners.
According to a recent industry research, the “bring-your-own” trend ranks among the top six security threats global businesses will face in 2014. The highly cited report also suggests that cyber resilience requires recognition that organizations must prepare for a threat. “It requires high levels of partnering and collaborating, and for organizations to have the agility to prevent, detect and respond [to an event] quickly and effectively,” said the report.
As the trend of employees bringing mobile devices in the workplace grows, businesses of all sizes continue to see information security risks being exploited. These risks stem from both internal and external threats, including mismanagement of the device itself, external manipulation of software vulnerabilities and the deployment of poorly tested, unreliable business applications.
Hence, companies need to find trusted partners and talk about cyber-security – a topic that’s often treated as private. This then would certainly translate into multiple business opportunities, now that we see security threats emerging from not only desktop PCs, but through mobile, cloud and the Web.
The IT Security Landscape in the Region
“In a nutshell malware has gotten smarter, shadier and stealthier,” explains Thomas Thoelke, Sales Director, Sophos, NEEMEA. “The times when antivirus was the most important line of defense is a thing of the past since long time. We could observe that cyber criminals expand their range of activity on more and more platforms. Beginning with mobile PCs and social networks, continuing with cloud services and finally reaching mobile devices. Moreover, widespread dissemination of advanced botnet and exploit kit source code allows more malware authors to create innovative and diverse new attacks.”
According to Thoelke, as a result, the perimeter of networks continue to expand. “This includes the cloud, mobile devices, and a new generation of virtual road warriors. Hence, authenticating users exclusively through a network gateway is no longer enough to keep your network protected. IT security has changed from a fragmented and dedicated assignment to a multipurpose solution that must be easy to use and effective in various security fields at the same time – like with state of the art Unified Threat Management solutions. Security is no longer a “nice to have,” but a must-have. Businesses and governments rightfully concerned about privacy and protecting sensitive data now have to be more aware of troublesome security issues that could be found in critical infrastructure systems,” adds Thoelke.
John Spoor, the Regional Director for Emerging Markets and APAC at Secunia, explains, “Over the past years, the Middle East market and the GCC in particular have witnessed major threat attacks which would have compromised highly confidential data and have had a disruptive effect on a global level. For example, the cyber-attacks in Aramco, Saudi Arabia’s giant oil industry in December 2012 was aimed at stopping crude oil and gas supplies, with an intent to cripple the world markets. As a result, the Gulf states realized the need for heightening cyber security awareness and proactively preventing attacks from happening in the first place.”
Spoor says that on this virtual battlefield, companies have no better option than to consider employing the best technology and keep their records safe especially that huge financial losses are at stake. “Malware creators and hackers are becoming more aggressive and smarter. Also, with increasing uptake on cloud initiatives, attacks are becoming hybrid in nature between the cloud and the corporate network. Hence, we are recommending organizations in the Middle East and wherever we operate to consider investing their resources in the right areas of IT security: Patch Management. The key for organizations is to patch software vulnerabilities and thereby eliminate the root cause of many security issues by closing the entry points malware uses as attack vectors,” says Spoor.
Yassine Zaied, the EVP for Middle East and Emerging Markets at Nexthink adds that both the investment and maturity of security management has been tremendously growing in recent years. “The increased security threats coincide with major events and growth in the region. The Middle East is under a spotlight and is increasingly becoming a target for “hacktivism” and advanced persistent threats (APT). At the same time, companies and governments are investing heavily in technology, qualified people and implementing ambitious security and compliance frameworks, procedures, advanced technologies to protect themselves from increasing IT security threats,” he adds.
The Role of the CIO has Changed
The role of the CIO is changing, because globally the outline of a new age of sustainability is coming into play, especially in the face of technological changes, and the increase in cybercrime. “However end consumers as well as business and government clients are progressively moving an organisation’s strategy for development of products and services. CEO’s are still identifying the consumer as the most important stakeholder in influencing the manner in which they will achieve business opportunities,” says Paul Wright, Manager of Professional Services and Investigation Team, Middle East, India and Africa at AccessData. “The influence of employees is to have the CEO look at increasing the investment in the workforce, training and education with regard to cyber security issues.”
According to Wright, this situation will demand new skill sets from employees, and CEOs do not believe they necessarily already have these skills within their existing set-up. “CIOs, CSOs and CEOs are now accountable for their cybersecurity IT. It’s now their responsibility to protect their company and customers following a cyber attack or data breach. As we have seen, C-level executives are now blamed and relieved of their positions in the wake of a cyber attack,” adds Wright.
“BYOD has brought about a new type of security because you can no longer limit the user experience for the sake of enterprise security – the user would never accept that on their personal device,” explains Nader Henein of Blackberry. “As a result the evolution of mobility has created incredibly high risk environments evident by the fact that 57 percent of companies allow employees to bring their own devices, of which 63 percent do not have a specific strategy or policy to manage the process according to Ponemon research. Companies are now investing substantially to protect their IT infrastructures and intellectual property from threats in cyberspace. While other platforms focus on making data access easy in order to manage business needs.”
Kalle Bjorn, the Director for Systems Engineering (Middle East) at Fortinet says that beyond technical skills, a CIO must be able to understand the issues of the organisation, providing business solutions and offer a catalogue of suitable services for greater efficiency. “With BYOD on board, CIOs should anticipate the legal impacts of new technologies, ensure the security of systems in a less controlled environment, manage volumetrics exponential data (Big Data), and so on. The CIO is also heavily involved with economic issues, since he must propose models to work with optimised budgets and keep control over the company’s investments. Hence, he has to manage outsourced resources or services operated by third parties,” adds Bjorn.
Increased Opportunities for the Channel
The emergence of new age security threats, including those originating from the acceptance of BYOD, has brought in opportunities for the regional channel community, thus allowing them to address the IT security challenges faced by companies in the Middle East region. Vendors are now supporting their channel community in more than one ways to ensure business happen for them, in addition to solving problems of their customers.
According to Spoor, Secunia works closely with its channel partners to offer the end users – both consumers and the corporate sector – the best pre-emptive experience and tools in vulnerability intelligence and patch management. “By collaborating together on developing and offering the right tools in this highly challenging IT security landscape, our channel partners are important assets to our presence and expansion in the Middle East including countries such as KSA, UAE, Oman, Kuwait, Qatar, Bahrain, Lebanon, Jordan, Egypt, Afghanistan, Iraq, Pakistan, and Yemen,” explains Spoor.
The company currently offers products such as Secunia Corporate Software Inspector 7.0, Vulnerability Management (VIM), Secunia Personal Software Inspector (PSI), and so on to its customers in the region through its channel community. “In addition to product development, we are very keen on developing our partners’ capabilities to improve our business through our channel programme. In fact, our distribution channel has a great role in positioning Secunia as the industry leader it is in vulnerability and patch management through their direct collaboration with resellers.”
The company organises regular training with its our channel community and covers hands-on product demos, installation processes, sample network scanning, patch deployment scenarios, and common troubleshooting. “As more enterprises in the Middle East are looking to procure vulnerability and patch management, it is critical to ensure that our partners are effectively trained to meet customer requirements in terms of vulnerability intelligence and security. Our distribution partner, EMT Distrbution, in the Middle East is responsible for the regional fulfillment of the Partner Program, which features three levels of membership: Bronze Registered, Silver Certified and Gold Certified. Depending on the levels of investments in the relation with Secunia, partners can receive benefits and rewards from promotions to qualified sales leads,” adds Spoor.
In addition to training programs and so on, Secunia in partnership with EMT Distribution is currently developing a certification program to provide trained partners with the opportunity to consolidate and further develop their skillsets in the field of vulnerability detection and patch management as to exceed customer requirements.
AccessData’s Wright says that the company has developed a broad ecosystem of technology partners to enrich its solution portfolio. “Technology partners include OEM relationships, hardware vendors, engineering collaborators, and storage providers, all in concert to provide our clients with the most relevant and effective solutions on the market. In the Middle East, they include McAfee who have opened the only Cyber Defence Centre in the region, and Dell who have moved their Solution Centre to Dubai,” says Wright.
Thoelke of Sophos says that ensuring channel partners evolve solutions targeted at the high end of the security spectrum due to the availability of new emerging technologies in the security domain is a big challenge. Vendors and channel partners alike need to develop with the market trends – in the best case you develop the market trend. “Only then your partner can stay on top of the changes and earn money with it. Next to the development, good channel education is key to success for a vendor,” adds Thoelke.
Thoelke says that Sophos has set a great way into the future with several development paths. “We have and continue to integrate several different security technologies like endpoint and network security, encryption and mobile security, across several Operating Systems with the choice of onsite management or cloud management. We see the combination to be very well perceived in various different regions and markets and the channel is reaching out to us based on the high value offer we have. We are confident to be on the right track. I am also pretty sure we will see the one or another technology still being integrated into our security portfolio over the coming years,” concluded Thoelke.
