COMMENT | If there’s one area guaranteed to be selling strongly in five years, it’s security. The perennial concern just keeps getting bigger. It just can’t stay out of the headlines.
Last month, WikiLeaks published its latest dump – 8761 pages of classified CIA documents including a whole heap of zero-day attacks on popular software, smartphones and consumer electronic devices, mainly TVs.
Personally, I don’t believe business owners care that much about government snooping. Unless it’s the tax office, but they’re hardly likely to be weaponising zero days to collect taxes, or at least not just yet. The WikiLeaks noise does underline a general concern about IT security: if the “gubmint” can hack you, then so can criminal organisations looking for fast profits.
The Cryptolocker epidemic showed the potential of a well-designed cyberattack to make millions of dollars. And with very little effort on the part of the hackers once the software was up and running. This guarantees that there will be a steady stream of devious attempts to hold hostage business data, impersonate employees, or some other avenue to extortion and theft.
And this spells opportunity. Resellers in any line of work should always be talking about security. It’s fundamental to the ability of a business to operate and generate revenue. At the very least, resellers should be helping SMEs with user roles, understanding backup routines for individual apps or hardware, disaster recovery plans, redundancy, and so forth.
It doesn’t need to be a full service – a simple cheat sheet shows that you’re aware of these issues and have thought about how it affects their business.
It’s a great angle for MSPs, too. A customer education campaign about proper password management and switching on multi-factor authentication is not just good for your customers. At a minimum, it’s a demonstration of good corporate governance and management.
Again, there’s room for upsells with identity and access management. This can range from password managers such as the enterprise-grade LastPass, which has really benefited from its acquisition by LogMeIn.
The next level includes security assertion markup language (SAML) systems like Okta and OneLogin. These SaaS apps are really blowing open enterprise-grade identity management that is usually out of reach for SMEs. Okta has even opened an Asia-Pacific office in North Sydney, and has big ambitions for the region.
The advantage of an SaaS approach is that the company only needs to build a connector to each cloud business app once and it’s available to all its customers. (Developing custom connectors can take three months and $100,000.)
Unfortunately, Okta is priced too high for a lot of SMEs; there’s too much opportunity to eat the lunch of CSA, IBM and Oracle. Okta starts at $1500 a year, and the sweet spot is companies with 50-100 users. There is no SaaS-style self-service portal; every customer must go through a human-operated onboarding process. (Perhaps there’s an opportunity for an MSP to do a SPLA-style licence for the bulk of SMEs with under 20 staff?)
Resellers looking for new revenue streams should pay attention to these SAML-based platforms. They eliminate a lot of passwords and automate onboarding and offboarding, and they are becoming easier to sell, deploy and maintain.
It also opens the door to strong recurring revenue and customer relationships on several fronts. Education is an essential part of security, and can be written once and shared among all of your customers. Few resellers do this well.
And the identity market is about to boom. Forget authenticating users; the next wave is the internet of things. A business will need to manage and secure every sensor or device it owns, and these are about to increase exponentially.
We have already seen the consequences of security fails in this area with the first IoT botnets. Are you going to let your customers become part of the problem? Or show them how to stay safe – and add a little financial security to your own bottom line?
Sholto Macpherson is a journalist and commentator who covers emerging technology in cloud