Does the cloud have a steel lining?

For a critical business function such as security, customers are now considering outsourcing their security to a third party or ‘security as a service’ instead of managing their own security systems in-house. However, there is still a lot of confusion around how best to deploy security solutions in this way and whether they will be able to meet the often complex needs of the organisation.

One of the most established options for outsourced security is using a managed security service. Typically in this environment, an organisation’s IT and security resources are installed on their IT network, but the management of these assets is handled remotely. In this case, the customer may buy or rent its IT assets, and the management is handed over to the partner. The benefit of this for the reseller is that it can provide the management service to the customer for an ongoing fee; the potential hurdle to overcome is getting the customer to hand over responsibility for such a critical part of its IT to a third party.

Another option is to use hosted security: where the reseller simply hosts the organisation’s IT security resources on behalf of the customer within their data centre. This tends to suit smaller organisations, and will probably go alongside the hosting of other IT assets that the company relies on. The reseller may either provide just the hosting service, which may be then be managed by the company itself or an outsourced IT manager, or it can go alongside a fully managed security service.

The latest development in outsourced security involves using cloud-based security services, where the IT security resources and services live out on a provider’s data centres, and are delivered to anywhere that a user happens to be. Examples of services that have been delivered in this way so far include anti-virus, but services such as email archiving or web security can also be shifted into the cloud. As opposed to a hosted or managed services option, cloud-based services can be provided from any number of data centres around the world, rather than a specific location.

This approach offers the customer the greatest level of flexibility, as services can be scaled up or down according to the demands of users. Management of the service can either be handled by the customer themselves, or the partner can include this as part of the overall service offering.

In order to make the right choice, customers need help in order to understand how using one of these models for delivering security services can work in their own circumstances. For example, issues around compliance and the movement of data may affect the willingness of customers to move to a full cloud security implementation at the moment, particularly if the organisation is involved in a heavily regulated industry such as finance or pharmaceuticals.

This presents resellers with an opportunity to provide greater consultancy as part of the sale. As these sales rely less on selling physical kit and more on expanding services alongside customer requirements, there is a greater opportunity for repeat business and growing the level of services that are provided to the customer and expanding the ongoing retainer.

There may be areas where a mix of technologies will have to be considered as well: some customers will always want to have their IT security kit where they can see it, even if the service is provided and managed by a third party. Flexibility and licensing of the technologies that are provided to the user are therefore essential parts of the overall security solution design. If providing additional services requires shifts in hardware, or further products to be installed, then this can add to the management overhead for the reseller involved in providing the service, affecting margin levels and therefore profitability.

This notion of flexibility in how security solutions can be licensed is a growing topic of debate for customers, as they look to have their security requirements covered. Instead of using a mix of different products and having to manage them internally, the growth of cloud-based, hosted and managed security services is encouraging a new way of delivering services to the customer. This approach simplifies turning services on as the customer needs them, speeding up processes and removing barriers to potential sales.

Cloud computing is still in its infancy, and customers are presented with a bewildering array of options when it comes to how they can protect their critical data and network assets. However, when it comes to selling solutions that may require the customer to hand over control of their assets to a partner, the most important consideration is not the technology that is used, but building the understanding of what is really involved in providing security either via the cloud or by a trusted third party. Simplifying security, and making it as flexible as possible for customers to buy-in the services that they require, is the ultimate route to being successful in this market.