|
JANUARY 2006
The Information Security Team
For at least the last 5 years information security has been at the top of the IT expenditure list. Three years ago I was sitting in a room, attending a security strategy meeting, sponsored by a major manufacturer of security products. The intent was to figure out how to grow our security practice areas, and at the time I was running a security practice for a major global integrator (North American Division). I had one simple question; "How long will practice directors of Security have a job - if we are focused on selling security products"? The answer given, "Many years". I was not convinced.
1. What is a security product?
The answer to this question used to be clear; however, it is not so clear any more. I asked the question because I saw then that security is really a discipline, a set of policies & procedures and controls to enforce security and reduce risk. We used to buy products to add security to our infrastructure, but what we see now is an effort across most "security" companies to create security within the systems, networks, and applications. So it might be said that every product should have security in it. While there are some products that add security to the desktop or network, the trend is definitely toward creating secure infrastructure and applications.
2. The Security Value Proposition
If you consider the products you resell, you likely have three kinds of partners. You have security product partners perhaps, then you have partners who have added security to their marketing message and who have made security a part of their software solution (or at least claim to have done so), and you have companies that are trying to get into the security game. Almost everyone realizes that without security, the product isn't worth much.
3. Professional Services Organizations
If you are in charge of the security group in your company you might want to start looking at how your goals are set and then start re-educating your management team on how security works and how compensation might work. In no way am I saying that security is dead; quite the opposite. The problem is in computing what counts as security product revenue or gross profit. The security design, assessment, and administration areas are growing, especially as we see compliance continuing to evolve. But if you are trying to count security products, you are bound to be confused as the year progresses - and all of the sudden everything is a security product, and nothing is really just a security product.
4. Sales Organizations
If you sell, you might want to think about some additional study time in the area of security. With the evolution of security threats, compliance regulations, and the evolution of automated attacks, the solutions you sell require a security value proposition. The good news is, security is not a product, and therefore does not commoditize. But building your value means you are able to help direct your customers toward a more secure way of doing business. Security will become an essential part of your sale whether it is on the application side, identity management, compliance, or defending the network. Sales people without security may find themselves without a pipeline.
5. Branding
"Its the assets that matter not the network". I don't really mean that the systems and networks don't matter, but what I am saying is that company branding can not be around features and functionality. If you want to grow your business in 2006, start understanding how your products and services impact the confidentiality, integrity, and availability of the processes and data required to run your customer's business. Brand on security to differentiate. But make sure your security solution works. If it does, you will be ahead of most. |
