Home » Media Coverage

Internet Security: If you can see the internet, then the internet can see you.

Data Recovery Article: CRN Canada News – September 1, 2003

By Alan Thwaits

That’s the bottom line regarding Internet security, as seen by Bill Margeson, president of CBL Data Recovery Technologies (www.cbldatarecovery.com).

“Now, more than ever, we all need to be diligent,” he adds. And if anyone knows about diligence, it’s Margeson, who has recently returned from a month-long journey through Europe and Asia during which he assessed the state of security readiness in business organizations.

“Diligence is the real key, wherever you’re located,” says Margeson. “Whenever things go quiet in the virus world, people get complacent – and that’s a big mistake.”

According to recent research studies, it’s been a big year for complacency and a bad year for Internet security. The number of Internet security-related incidents reported worldwide in the first half of 2003 was 76,404, which is only a little less than the 82,094 such incidents reported for the entire year of 2002, according to the CERT Coordination Center of the Software Engineering Institute at Carnegie Mellon University.

And, a recent survey of 200 medium- and large-sized Canadian businesses conducted by IDC Canada (www.idc.ca) indicated that 75 percent of respondents experienced one to four incidents of virus infections over the past 12 months. Most of those surveyed stated that they had experienced attacks by hackers or a virus, but the report adds that other organizations may have experienced security incidents without being aware they had happened, which would raise the number above that which was reported.

Margeson’s recent experiences in the U.K., Germany, Singapore, and Australia indicated that security issues have made business continuity the primary objective for most organizations. “In both Europe and Asia, the need to ensure business continuity is now seen as being extremely important,” he says. “There’s a new awareness of what it means.”

According to Margeson, although Internet security is an issue throughout the world, the response to it is different in various jurisdictions. “Europe is much more aware of e-mail related issues than is North America,” he states. “Spam isn’t as prevalent there, mainly because effective anti-spam legislation has been put in place. For example, virus-checking is obligatory in UK and Germany. On the other hand, things in Asia aren’t very different than in North America.”

Margeson feels that the new emphasis on business continuity requires a new approach from the reseller channel. “With Internet security issues, there are no out of the box solutions,” he says. “You need to map out the client’s operation and engineer a solution that fits. The job needs to be done intimately, and that means real opportunity for the reseller.”

The next step in IT, claims Margeson, needs to be taken now. Previously, he says, the big markets in IT and IS were around technology upgrading. Now, the emerging market has shifted to the need to guarantee business continuity. “It’s an educational step that’s needed,” he says, “because the necessary technology is already here.”

Eduardo Cardena, Principal Consultant, Privacy and Security Practice, at Fujitsu Consulting (www.fujitsu.com), agrees that the Internet security crisis means expanded opportunities for the channel.

“Vendors who can achieve a good balance between control and ease of use for their customers are going to come out on top,” he says. “And it doesn’t really matter whether the customer is a large organization, a small one, or a product developer. The strategy is basically the same.”

According to Cardena, the first step in addressing Internet security issues is to understand the user’s behaviours around online and network usage. Then, it’s a matter of understanding the user’s actual security needs. Taking those two areas into account, and building in the user’s need to control certain areas, the vendor can then provide appropriate guidelines for the user.

“Some security products now on the market offer only “black and white” (yes or no) choices or, alternatively, hundreds of options,” says Cardena. “Neither is very helpful to the end user.”

Cardena feels strongly that knowledgeable vendors can make a difference – and actually prosper – in the volatile new world of Internet security.

He sees opportunities for the channel being rooted in three major security-related trends and challenges facing business organizations today.

The first and most obvious, he says, is the existence of viruses, worms, and hackers. This, he says, is an ever-growing challenge since, “the more your technology matures, the more you have to defend.”

The #2 challenge is making security technology easy to use and transparent. “The average user doesn’t know or really care about how security technology works,” he says. “Security technology is now starting to get to a new convergence point, where product developers are beginning to bundle security-related items, such as bundling firewall products with virus protectors. In my view, this is definitely a step in the right direction.”

The #3 challenge, he says, has to do with the enterprise. As more and mobile workers are in the enterprise space, there’s an increased tendency for them to go to outside connections and networks, and therefore there’s an increased risk to the organization’s system security.

All three challenges offer opportunities to the reseller channel, Cardena explains.

“As the trend towards pre-configuring options becomes more widespread, and more literature becomes available in this area, there’ll be more opportunities for SMBs to exercise options. And, that means more opportunities for vendors. The bottom line, I believe, is ease of use. End-user flexibility – which is a primary goal for many organizations – will only happen if the vendor makes it happen.”

But, the ability to manipulate technology is only part of the answer to ensuring adequate Internet security across the enterprise, according to those in the know. What matters equally are awareness of the issues, and the willingness of organizations to build policies that address security issues. Both offer opportunities for the channel.

“Security is an ongoing process,” states Christian Bazinet, who as national manager of product and technology marketing for Cisco Systems Canada focuses on advanced technologies such as IP telephony, wireless LAN, and security. “That’s because security measures always need to be upgraded to match the organization’s changing needs. Business on the Internet is always evolving, as more and more, it includes customers, suppliers, and partners. Adding ties to other users’ networks means that more and more sensitive information is being exchanged all the time.”

Education around security is a large issue for Cisco Canada, says Bazinet. “Most of our partners are aware of the issue,” he adds. “But we always tell them they need to spend more time with the end user.”

Logically enough that means a more complex sell, as the reseller needs to explain new security-related tools and technologies. But the increased workload means improved results, Bazinet says. “For the reseller with service contracts,” he points out, “security issues mean more business, not less. Instead of selling a small peripheral, for example, the reseller can sell software that sits in the router itself, and can also support additional components in the network.”

“This [security] market is growing rapidly now,” says Bazinet. “Cisco is ramping up to adjust to this growing market. Within the next six months, Cisco will have new programs to meet the needs of this market.” (See www.cisco.com/global/CA/partners for details of Canadian partner programs).

According to Bazinet, security has been the fastest-growing market segment for Cisco for the last two quarters. That’s meant double-digit growth in the SME (small- and medium-sized enterprise) space. “Customers such as system integrators understand security threats and how to mitigate them,” he points out. “With the high level of security issues out there, organizations need either a highly-trained IT department to match high-level security technology products, or an SI with the proper certification.”

In the past year, Anthony Santilli, vice-president of marketing at Soltrus (www.soltrus.com), has seen a growing emphasis on security from policy as well as technology viewpoints.

“At Soltrus, we’re technology agnostic,” says Santilli. “What we focus on is ensuring the ability to encrypt the browser/server exchange. We think of ourselves as a digital trust company.”

Soltrus is a provider of services that enable businesses and consumers to communicate and transact over digital networks. “Our goal,” says Santilli, “is to build trust over the Internet, so security is an important issue.”

Santilli sees three primary issue areas around Internet security. First is the whole question of security education and awareness. From this awareness, appropriate corporate policies and procedures can – and should – be developed. Third, appropriate technologies can be applied.

“Right now, there’s some hesitation in the marketplace about which direction to take regarding resolving security issues,” he says. “People know they need to protect their data, but aren’t sure how. That’s why resellers need to spend time in a discovery period with their customers. Take short steps with them, and look to helping them shorten their sales cycles.”

Santilli says his job is to create the awareness in customers’ minds that “security doesn’t have to be painful.” He explains that it’s critical for any vendor to help customers overcome their fear of the threat to their security, and to make them aware of possible solutions to that threat.

“The choice of security solutions must always be linked back to the user’s business needs,” he emphasizes.

Eduardo Cardena of Fujitsu Consulting also talks about supporting customers through changing times and changing needs. “Most ‘new’ security technologies aren’t entirely new,” he stresses, “as they’ve been in use in other markets. For example, we’re seeing an increased use of biometrics for the general market, which had previously been in heavy use only by the military. Technology comes in cycles, with new devices always coming into market. At first, there’s not much of a security threat to a new device, but, as it becomes more popular, security becomes an issue and new security solutions will be needed.”

Sometimes, as for David Mandelstam, CEO of Sangoma Technologies (www.sangoma.com), that means helping customers demystify technology.

“At Sangoma, we make high-speed modems for PCs, for example, Tl modems that work with FrameRelay and PPP technologies, and ADSL modems. We sell our products to people who build them into other devices, such as set-top boxes and Intranets. We put in a card, mount the appropriate software for the OS the customer is using, and add good diagnostics. Along the way, we help demystify WAN technologies for a lot of people.”

Mandelstam sees security as an ongoing process. “Every year, security becomes more important,” he says. “If a small business upgrades from a dialup to a continuous, high-speed ‘two-way pipe’ connection – a practice that’s becoming increasingly common – that business then becomes connected to a potential ‘den of thieves’ online.” Education, he insists, is needed to understand the implications having and using high-speed connections.

There’s always an incremental growth in general awareness of Internet security issues. Technology is always playing catch up, too. (If your organization’s server has become bigger and better and faster, your security and backup needs will have grown accordingly.) That’s why Internet security is – and always will be – an ongoing and holistic issue.