« Symantec and McAfee-part of the problem, not part of the solution | Main | Mothers Day Spam »

Supply-chain security

Supply-chain security I bashed managed security services recently as a worse alternative than making your infrastructure secure. Once again, it proves I'm swimming against the stream.

It seems that trends in the supply-chain are driving managed security services sales.

According to a report published on Light Reading, small to medium-sized enterprises are picking up managed security services rapidly. When MSS started out a few years ago - a typical customer was a large company with global security requirements or a small financial institutions with billions of dollars in assets to protect.

Despite massive media coverage of high-profile data security breaches - it seems to me that growing awareness in the SME of network security vulnerabilities is not being converted into sales of managed services. Traditionally, the SME market is handled by boutique security integrators who provide mainstream firewall, anti-virus and spam-filtering solutions. This is borne out both by our experience with SME customers at Open Solutions and by a conversation I had recently with the marketing director of one of France's largest security product distributors who confirmed that SME's are still firmly entrenched in the firewall/anti-virus mindset.

I believe there are two reasons for increased SME awareness of the importance of risk assessment, practical threat analysis and risk mitigation:

1) Its a fashion trend - if the big guys are doing it, if it's good for CRM and salesforce.com and if SaaS (software as a service) is red-hot then why not get some security in the cloud.

2) The more substantial reason is what I'm calling the supply-chain effect of compliance. If a big customer needs to be PCI compliant or FISMA compliant then their suppliers need to be compliant as well. This is a much more challenging task for an SME and since compliance risk assessments are not in the core expertise of their local security integrator they are often best served by a managed security service.

Read more here about managing risk in the supply chain:
Managing the Trade-offs of Low Cost and High Risk

Posted on May 10, 2007 10:40 AM |

TrackBack

TrackBack URL for this entry:
http://www.software.co.il/mt/mt-tb.cgi/57

Post a comment

Search


About

This page contains a single entry from the blog posted on May 10, 2007 10:40 AM.

The previous post in this blog was Symantec and McAfee-part of the problem, not part of the solution.

The next post in this blog is Mothers Day Spam.

Many more can be found on the main index page or by looking through the archives.

Subscribe to this blog's feed
[What is this?]
Creative Commons License
This weblog is licensed under a Creative Commons License.
Powered by
Movable Type 3.32