sb-nz logo
Story image

Exclusive: Kiwi developed security offering opening up new reseller opportunities

The Kiwi developers of a new security assessment and compliance system are urging resellers to offer more holistic services around security as the company itself scouts for resellers and service providers for its offerings.

Launched in April, SAM for Compliance provides a cloud-based service, based on Microsoft Azure, which helps organisations self-assess and manage compliance, based around different security standards including CIS Controls and the New Zealand Information Security Manual (NZISM).

Tony Krzyzewski, SAM for Compliance co-founder and director, says the company is talking with a number of services organisations in New Zealand, Australia and the United States about wrapping SAM Compliance into their service offerings.

“What we created is a product that makes it relatively easy for organisations to define standards, assess themselves and then work their way through the management process,” he says of the offerings.

While the initial offering was based around the United States-based CIS Controls, which are widely used internationally, other standards have since been added to the engine, including NZISM – creating a system Krzyzewski believes is ‘the only system on the planet’ designed for managing the implementation of the New Zealand standards – PCIDSS for PCI compliance and HIPPA, covering the security rules within the US Health Insurance Portability and Accountability Act.

While no specifically Australian standards have been used, Krzyzewski says the company has seen ‘definite interest’ in the CIS Controls from the Australian corporate sector.

SAM has already signed an large financial risk services organisation in Australia as a partner, with the company already having sold their first implementation into a ‘nice’ site.

Krzyzewski admits the SAM for Compliance offerings are not products resellers will make a lot of money from simply by selling the offerings themselves.

“We charge $3600 a year per framework and there really isn’t margin in there, but it is the opportunity to wrap services around this as a core and improve their service level offerings,” he says.

“Globally, SAM provides training for other professional services wishing to use SAM as a tool for managing and reducing risk within their client’s business.

“For resellers and VARs in particular, there are opportunities for them to quickly develop an in-house security practice using SAM for Compliance systems to assess, improve and manage their clients’ information security policies and processes.”

Krzyzewski says remediation services is one area where SAM for Compliance can be of use for resellers, helping identify where clients have a weakness in their systems, processes and technologies and then using that to help the client through the remediation process.

“And for service providers that themselves have to comply with the likes of NZSIM, this allows them to work their way through their own remediation process and be able to report back on compliance,” he says.

Late this year SAM expects to a lunch a ‘Bring your own standard’ offering.

“The engine we have created is so flexible, we can plug any standard into it,” Krzyzewski says.

“It doesn’t have to be just IT security. We could plug health and safety in there, financial… it doesn’t make any difference, providing there are pretty clearly defined requirements.

“We’re already in discussion with [the Australian arm of] a reasonable sized multinational with regards to plugging in their own internal standards to it.”

An SMB option may also be on the card, though Krzyzewski says SAM is yet to define a cut down version of standards achieveable for smaller organisations.

“One thing we are very aware of is that it’s no good having a standard you can never comply to, so we’re looking at defining pragmatic and practical controls for smaller organisations – the ones without a resident IT team,” he says.

Plans are already underway for a launch into the United Kingdom and European market next year, with the company initially targeting English speaking countries. 

"This is not a New Zealand product, we are going global," he says.

"If we have people in Singapore, Hong Kong or even India that are interested in taking this as a service we would certainly look at that too," he adds.

“There is a growing awareness of the requirement to protect information and systems outside of the IT sector now,” Krzyzewski says.

He notes that recent high profile ransomware and phishing attacks have heightened understanding about security and protection requirements.

“The channel really needs to start thinking about getting themeselves aligned into the more holistic services, rather than just trying to sell a firewall or antivirus. They’ve got to start thinking smarter and wrapping this into a service that can be provided otherwise they will be left behind.”

Story image
New project development inhibited by cybersecurity, Kaspersky research states
"There are still some practical steps that can be taken to make sure that an emerging technology or a product reaches its launch. Cybersecurity doesn’t have to be another corporate barrier, but it should be on an integral part of the project all long."More
Story image
Why best-practice threat data management provides confident automation
Understanding an organisation’s threat landscape requires having both the right threat data sources and the proper prioritisation to derive actionable threat intelligence for your organisation. More
Story image
Report reveals relationship between boardroom and cybersecurity investments
“While boards are definitely listening and stepping up with increased budget for cybersecurity, they tend to view any investment as a cost rather than adding business value."More
Story image
How cyber-attackers use Microsoft 365 tools to steal data
Vectra security research has recently identified how cyber-attackers use Microsoft Office 365 tools against organisations to steal data and take over accounts.More
Story image
Network visibility is the crux of security in 2020
Resilience sits at the heart of security, and there is a need for organisations’ architecture, processes and strategies to be more impervious in order to continue to ensure protection, writes Gigamon A/NZ manager George Tsoukas.More
Story image
NordVPN upgrades infrastructure with launch of colocated servers
"The greatest advantage of having colocated servers is their complete ownership, which guarantees access only by our authorised people."More