The US-based National Aeronautics and Space Administration (NASA) is the stuff of dreams, using technology to boldly go where no man or woman has gone before and may never go again. But even NASA, with its relatively unlimited budget, could not block 2003’s SQL Slammer worm, which tore through PCs on the internet all around the world in minutes.
Although NASA’s firewalls were able to block most of the malicious traffic, the speed of Slammer’s spread made it clear that firewalls, massive expertise and a fast response on-site are not enough, NASA IT security officer Michael Castegna told US publication GCN at the time.
NASA decided to augment its own skills with an outside service -- by Patchlink, dubbed Patchlink Update. NASA uses the service to ensure best practice patch management of some 80,000 networked PCs at a time when security threats are getting ever more serious and expensive to deflect or contain.
In this country, Neil Campbell, Australian national security practice manager at Dimension Data, does offer security product from various vendors -- including RSA Security, McAfee, Cisco, Nokia and Check Point -- and a diverse bunch of security services. DiData has transformed itself from a traditional products-and-services business to managed services provider and consultancy over the past few years. “Growth has been in consulting and core products in services and managed services,” he says. “And also in taking business away from competitors.”
Dimension Data’s Australian security business has grown from 30 to 50 staff and become a $30 million business here in that time, targeting mainly enterprises and verticals such as financial services, government, healthcare and utilities.
Taking a more rigorous approach to more rigorous needs has been key to DiData’s success, Campbell believes.
The integrator has worked hard at hiring and training the right staff -- a challenging task made easier by DiData’s substantial size and resource base.
“Full service provision” is the key, Campbell says. Of course, few if any Australian resellers can expect to retain the resources DiData has. But that does not mean they are out of the game, he says. “What a customer wants in a market like this is value,” Campbell says.
“I don’t think the answer is about picking the right vendors or selling the right products, frankly. I think it’s about showing them you understand the risks and helping them devise a plan to address those risks.”
Meanwhile, the increasing need for regulatory compliance is raising the stakes for security services in new and complex ways. That is an area Campbell believes is one of the main security service-related opportunities for coming years.
|DiData's Campbell: Answer might not involve selling a product|
An example is a recent Dimension Data review of IT security at the Parliament of NSW, spearheaded by Campbell.
The state parliament needed to comply with information security management standard ISO 17799 and get a complete picture of its technology and how it could secure information around its law-making and government activities.
The parliament needed to ensure its security was scaleable and highly secure. Campbell says DiData conducted a gap analysis of security management and compared that with ISO 17799. Then it provided a road map showing how parliament could achieve compliance, including detailed recommendations on specific problems and guidelines on the document preparation required to support the final information management system. An extensive study of parliament’s users and the way they interacted with that information was also done, Campbell says.
Resellers should examine the ways customers do things and the answer might not involve selling them a product, he points out. That is the lesson DiData has learnt in the past few years and it is one every hopeful security services provider can adopt, he says.
“Another thing is realising that managing the risks doesn’t mean removing them.”