While I was at the CyberArk Partner conference, I was asked to attend a roundtable to cover challenges we see in the UK marketplace. Here is an article was written by Tim Goodwin, the EMEA Channel Director for CyberArk: http://www.channelpro.co.uk/opinion/10093/changing-environments-mean-a-fight-to-stay-relevant
UK resellers face a turbulent time, both currently and in the months to come. Against a backdrop of a changing threat landscape, new data regulations and the uncertainty following the UK referendum result, the opportunity to grow still remains, but channel partners and VARs will have to negotiate potentially treacherous waters to remain relevant for customers.
At a recent customer and partner EMEA event hosted by security vendor CyberArk, Kristian Alsing, a cyber security director at consulting firm Deloitte, together with panellists Andrew Tang from MTI and Hakan Cakar of NTT Com Security, examined these issues, the opportunities they present, and what approaches will be necessary to remain trusted partners for UK end users.
In the context of security, Alsing highlighted that there haven’t been any new crimes in the last thousand years. “People are still defrauding others, still stealing, still doing the things that humans have always done,” he said. “But what we do have that’s different is a connected world.”
The crime has now been decoupled from the location of the asset, explained Alsing, going on to detail what Deloitte are seeing. A notable trend is the service provider model being adopted within the organised crime industry - for example Hacking-as-a-Service for those who don’t possess this particular specialism - as well as the evolution of criminals, with who used to ‘just’ steal credit card details moving into much more complex and ambitious cyber heists.
Increased nation state involvement, malicious insiders and hacktivists form what Alsing referred to as the ‘threat actor’ environment. When combined with a very different looking end user, compared to the recent past, this creates some key considerations to understand for the UK channel community.
Organisations used to control their assets, whether that be money, data or anything else. With the huge use of outsourced and cloud services, plus the Internet of Things (IoT) and mobility, the risk for organisations is higher than it has ever been, because it is concentrated – people or data on a grand scale can be accessed from one access point. So it is critical to understand this in order to be credible for end users.
The panel also discussed how strong regulation in the Finance industry has led to the rising importance of cyber security within organisations (in many cases to c-level), as well as the sheer complexity of organisations driving security concerns. Acquisitions in particular were highlighted as a cause of security issues as legacy infrastructures and different approaches to security come together.
Both NTT and MTI addressed the perception that end users don’t necessarily really know how to separate what is important from the plethora of – sometimes mixed – messages from security vendors. Threats like ransomware were cited as helping people ‘get it’ as it is such a common threat.
An interesting part of the discussion involved education and the question of responsibility for it. There was a feeling on the panel that the industry (vendors and partners) shouldn’t sell a panacea to customers, but should instead concentrate on finding out what is important to the end user on a case-by-case basis. Partners, with their huge reach, should be part of the education programme. Demand from end users in this area is what has driven NTT to invest in bigger security practices.
Unsurprisingly, the EU GDPR was highlighted as a driver for change. Alsing made the point that certain car manufacturers, decades ago, made safety a selling feature. At the time they were ridiculed, but now safety is very important for all mass-market vehicle manufacturers. In the same vein, data integrity, as enforced by GDPR, should be a partner opportunity.
Finally, the panel talked about Brexit, albeit in the context of what it would mean for the regulatory environment. Will it mean data protection reverts to the more ‘watered down’ form that we had before the EU version came along? The verdict was ‘probably not’; the UK had a leading role in designing the EU regulations.
Concluding, it was noted that collaboration would be the key to remaining relevant in a fast-changing UK. Vendors, partners and customers have to remain connected to maintain the right level of knowledge and expertise to meet IT and environmental challenges. This is the time to embrace change, not retreat into our shells.