Security VARs -- Buyer beware

VARs can definitely make life easier, and that's a good thing. SMB technology professionals have it tough, between ubiquitous regulation and limited resources. Security is one of those things that does not add revenue, so it can fall through the cracks. That is, until you have a problem, then security becomes front and center very quickly.

So you know you need to implement a security plan, but where do you start? What do you buy? The reality is, the proper level of security is different for every organization.

Large enterprises bring many resources to the table, such as task forces, project teams and built-out labs to test everything they buy. SMBs don't have task forces or labs; they've got nothing but a lack of time to get everything done. Wouldn't it be great to push the responsibility off to someone else? Can't your information security VAR make the problem go away? To be clear, the channel has a role in the procurement and implementation of information security. But you cannot outsource your security strategy.

The VAR is not going to take responsibility for ensuring you are not compromised (nor should it.). As the technology decision maker, you must come up with a security architecture and process to protect critical assets. Sorry, but that's your job.

To truly leverage the channel in the most effective way, you need to understand its motivation, which is to make money.

Keep in mind that every VAR is somewhat

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Information security management for the midmarket Using key risk indicators to sell your information security program IT security spending a bright spot in '09, with more growth predicted Gartner: Vetting security of third-party partners in five steps Locking down security in the move to electronic medical records Security and risk management in the midmarket Identity and access management planning guide for the midmarket Information systems management for the midmarket CIOs share advice on doing more with less Get smart about patching security vulnerabilities A CIO's advice for implementing single sign-on solutions Security for the midmarket Locking down security in the move to electronic medical records A CIO's advice for implementing single sign-on solutions Options for outsourcing security grow, offer IT budget savings Network access control: Pointers for getting the knack of NAC Stopping malware viruses from attacking Web 2.0 technology Virtual servers no escape from IT security management concerns Unified communications: Securing access to OCS Unified communications security: How safe is it? Risk assessment frameworks easy to employ Midmarket regulatory compliance management: Don't let your guard down Outsourcing for the midmarket What do you know about data center outsourcing? Business knowledge management helps boost offshore strategy IT insourcing trends: Weighing the pros and cons The price of data center outsourcing: Security, costs and more explored Data center outsourcing contract do's and don'ts Study: Data center outsourcing increases; most happy with results From software prices to EHR security: The latest advice for CIOs Tips for cutting costs on telecom spending A CIO explains how to make a data center outsourcing decision SaaS, cloud computing lead to cuts in application hosting pricing

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary

biased. But they also bring a lot of value to the table. They don't offer charitable services. They make money by selling products and services to folks like you.

Blind trust costs money. Buying security products is kind of like buying a car. The customers who walk into a dealership, fall in love with a car and drive it home that day get taken for a ride. Those who know what they want to buy, why they are buying it and roughly what they should pay get better deals. You can apply the same mentality to buying security products.

Start by doing your homework. Understand what problem you are trying to solve and some technical alternatives to address the issue. Talk to other IT professionals, check resources online, surf the Web, and/or read reports from pundits like me. Get a feel for what you your security plan should be. Then (and only then) are you in a position to talk to a VAR. An educated buyer is the best buyer.

Be flexible. The VAR may have some logical ideas that you haven't thought of. It's OK to treat the VAR as an advisor. Just don't treat the VAR as the ultimate arbiter or the only advisor that you talk to. VARs add a lot of value in examining the myriad of technical alternatives and choosing the right one, but ultimately the decision is yours. If stuff hits the fan, you can be sure it'll be your head on the block.

Mike Rothman is president and principal analyst of Security Incite, an industry analyst firm in Atlanta. Read his blog at http://feeds.feedburner.com/securityinciterants, or reach him via e-mail at mike.rothman (at) securityincite (dot) com.

Rate this Tip To rate tips, you must be a member of SearchCIO-Midmarket.com. Register now to start rating these tips. Log in if you are already a member. DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.