Story image

Stepping up to sell security services in A/NZ

16 Jan 2019

Article by WatchGuard Technologies A/NZ regional director Mark Sinclair

As 2019 gets into gear, what does the future look like for in-house security for SMBs and mid-size enterprises?  

There’s a mounting case and a profitable opportunity for resellers to diversify into managed cloud services, as customers look to delegate their increasingly complex security requirements to trusted ‘one-stop shops’.

A growing opportunity

Australia and New Zealand’s cyber-security sectors are in growth mode, courtesy of rising threats from hackers and cyber-criminals. Gartner predicted businesses and organisations would invest $3.8 billion on high tech protection in 2018 - up 6.5% on the previous year’s spend.

High profile attacks and breaches, such as 2017’s Wannacry incident and the 2018 PageUp breach in Australia, which saw the personal details of thousands of Australian job candidates accessed unlawfully, have prompted organisations to up their spending on solutions and services.

Meanwhile, tough new privacy regulations have hammered home the need for enterprises to take data protection seriously and be ready to respond. 

Under recent changes to the Privacy Act, Australian businesses with annual turnover greater than $3 million must notify customers and the Office of the Information Commissioner within 30 days, should they experience or suspect a breach. More than 300 organisations have done so since the regulations came into effect in February 2018.

Fines for failing to react and remediate appropriately can rise as high as $1.8 million, for serious or repeat offenders.

The European Union’s GDPR regime, which covers all EU citizens regardless of domicile, allows organisations much less leeway. They have just three days to respond in the event of a breach and the maximum fine imposable is an eye-watering 20 million Euros, or 4% of global turnover, whichever is greater.

Desperately seeking security staff - and solutions

Recognising the benefits of implementing more stringent protection measures is one thing; mustering the expertise and resources to convert resolution into action quite another. 

A severe shortage of security professionals, both in Australia and New Zealand, can make finding and retaining qualified and experienced employees a challenge, particularly for small and medium-sized enterprises which lack the deep pockets necessary to pay premium rates.

The Australian Cyber Security Growth Network (Aust Cyber) believes Australia’s talent shortage is among the worst in the developed world. It predicts the country will need around 11,000 additional security professionals to meet demand over the next decade.

Meanwhile, the rise of smart devices and mobile work practices have ushered in a host of security challenges which were unknown to enterprises a decade or two ago.

Cybersecurity strategies to protect the perimeter have been superseded by the realisation that the perimeter in its traditional incarnation no longer exists. Instead, effective enterprise protection now means locking down every laptop, smartphone and device which connects to the network.

These are challenges which trusted security resellers are well positioned to solve for their customers.

The case for outsourcing

Market research suggests companies have a growing appetite for buying managed security services, rather than tools and solutions alone. 

The market for managed security services has been growing at a compound annual rate of 14.8% since 2015 and this is expected to continue unabated until 2020. By that time, around 40% of cyber-security customers are expected to be directly influenced by, or have a relationship with, a managed security services provider.

For resellers, the trend represents a potentially profitable opportunity to diversify beyond their traditional product and value-added services offerings.

Selling services smartly

Diversifying into the security-as-a-service space calls for careful planning and resellers should have a thorough understanding of the costs involved before entering the market.

Direct costs, such as platform procurement, human resources and infrastructure, may be easy enough to quantify but there are a number of indirect costs – both upfront and ongoing – which can be easy to overlook. They include customisation time, the costs associated with marketing, sustaining and scaling the service, reporting and logging activities and ensuring the security of the platform itself.

Service Level Agreements are the backbone of every managed services contract. It’s vital the benchmarks specified are consistent with the capacity of the selected platform. Promising security and availability levels which can’t be delivered upon can lead to contractual difficulties and damage to customer relationships.

Choosing a scalable platform will ensure customers of all sizes can be onboarded without delay, regardless of whether they’ve chosen a pure as-a-service security option or want to implement a hybrid model incorporating existing products.

Embracing the opportunity

The rapid rise of cloud computing has seen a range of as-a-service offerings move into the mainstream. Today’s business customers are knowledgeable and enthusiastic about an infrastructure model whereby an array of IT assets and services are subscribed to rather than owned. 

A well-planned move into managed service provision can represent an opportunity for security resellers to increase their profitability and market share and provide customers with a one-stop security shop option.

Venafi and nCipher Security partner on machine identity protection
Cryptographic keys serve as machine identities and are the foundation of enterprise information technology systems.
Machine learning is a tool and the bad guys are using it
KPMG NZ’s CIO and ESET’s CTO spoke at a recent cybersecurity conference about how machine learning and data analytics are not to be feared, but used.
Seagate: Data trends, opportunities, and challenges at the edge
The development of edge technology and the rise of big data have brought many opportunities for data infrastructure companies to the fore.
Popular Android apps track users and violate Google's policies
Google has reportedly taken action against some of the violators.
How blockchain could help stop video piracy in its tracks
An Australian video tech firm has successfully tested a blockchain trial that could end up being a welcome relief for video creators and the fight against video piracy.
IBM X-Force Red & Qualys introduce automated patching
IBM X-Force Red and Qualys are declaring a war on unpatched systems, and they believe automation is the answer.
Micro Focus acquires Interset to improve predictive analytics
Interset utilises user and entity behavioural analytics (UEBA) and machine learning to give security professionals what they need to execute threat detection analysis.
Raising the stakes: McAfee’s predictions for cybersecurity
Security teams and solutions will have to contend with synergistic threats, increasingly backed by artificial intelligence to avoid detection.