New study from CompTIA reveals big areas of opportunity for the channel
CompTIA recently released a new study examining the changing nature of cybersecurity offerings from service providers. Security in the IT Channel surveyed 400 IT channel executives on how they’re delivering security services to their customers. From user education to branding, the report identifies several opportunities for channel partners to best leverage the latest technology and best practices in order to get a piece of this explosive market.
The VAR Guy sat down with the study’s author, CompTIA senior director of technology analysis Seth Robinson, to hear what he thinks are the biggest takeaways of the new study. The overall message is that security products alone are no longer enough. A modern approach to security requires a broad mix of tools combined with new processes to be effective.
Read on for five lessons security providers should learn from this report.
1. More than words
Small businesses have been paying lip service to security for a number of years, but over the last 12 to 18 months, Robinson says he’s seen signs that companies are actually beginning to take action on the security front. That’s playing out in the channel in an increased number of firms that are specializing in security, both in the form of general MSPs that are making it more of a focus and in firms that are developing a specialty and becoming managed security service providers.
“The number of [survey] responses we got and the speed that we were able to get them signals there are more firms out there starting to focus on security in one way or another. The channel is responding to this increased level of action around security.”
2. Time to get schooled
These days, security is just as much about user behavior as it is about any technological offering, but offering end user education will take real effort from many product-centric channel partners. Robinson suggests beginning with metrics. Security providers should be able to measure a customer’s baseline of security literacy both before and after training in order to prove efficacy.
The training itself could take multiple different formats depending on the business model and personality of the client. “When we ask about security format, what we typically see is companies doing onboarding training,” says Robinson. “And then they never talk about it again.” Look for other opportunities for security education you can weave in throughout the year instead of just checking the box on an annual basis. Consider using methods such as active audits or penetration testing that highlight where there’s a weakness, then provide focused education that targets that vulnerability. A few months later, repeat the process and try to measure improvement.
Click here to read more.
SOURCE: The VAR Guy
Leave a Reply
You must be logged in to post a comment.