The reasoning behind why solution providers lock down their customers’ networks and critical data have not changed much over the past decade, though the repercussions from inaction continue to escalate rapidly. Intrusions and information loss can be quite costly to your customers, typically damaging their bank accounts as well as their reputations. 

While the reasons for implementing security protection remain fairly constant, the sophistication level of the hackers’ methods and tools have risen quite substantially. They have become increasingly creative with the schemes they use to trick end users into downloading viruses and intrusion-enabling Trojans. If that wasn’t bad enough, their stolen data and methodologies are often shared or peddled rather freely on the International black market.

For every new threat prevention method, the bad guys seem to create multiple ways to get around them. It’s more than a game to them, it’s a mission. That’s why most solution providers are changing their approach and boosting their network and data protection expertise. These advanced security practices often include consulting, design, implementation and continuous protection services to ensure their clients get true peace of mind. Proactive management is not just a fashionable offering; it’s become a necessity for many of today’s businesses.         

Practically every process and technology employed in an organization exposes it to some sort of vulnerability, from the collection of customer contact information to accessing the companies systems from a remote location. Just a single change in business policies (such as its record retention periods) or revision to its network protection could negatively affect its ability to meet certain industry or statutory compliance requirements. Many small companies don’t have either the knowledge or ability to deal with those issues, and often struggle to implement the appropriate security procedures to minimize their exposure and related liabilities. That challenge, while formidable, creates a number of business opportunities for an appropriately prepared solution provider.

VARs and MSPs have to balance the appropriate level of protection measures with their clients’ multifaceted operational needs. The old method of locking down the data system simply won’t work in today’s mobile society, as companies shift their workforce to remote locations and open their infrastructure to allow greater collaboration. BYOD and cloud services create new operations efficiencies for small businesses, though each creates its own new layer of vulnerabilities that has to be addressed. Either the organization has to hire or train their IT department to support these new technologies and their related security measures, or contract with a solution provider with those advanced skills.        

Learn the XYZ’s of IT Security

How can IT channel businesses get the training, knowledge, and tools they need to build a more formidable security practice? Several options are available to meet the varying needs of VARs, MSPs and other industry contributors, including:

• Vendor training: these programs typically address the technical aspects of the company’s proprietary security solutions, though some have expanded to cover greater protection needs. Participation in the organization’s partner program may be required, and fees may be involved, but the value of the acquired skills typically offsets any costs

• Distributor programs: may augment or complement vendor training courses, including business training courses offered by industry professions (either facilitated by the organization itself, or through an intermediary such as CompTIA).

• Association/community education: member-driven organizations typically offer comprehensive training programs, encompassing everything from technical instruction to classes on building a security business practice. CompTIA IT Security Community members helped create a number of vendor-neutral education sessions and workshops, allowing solution providers to create and refine their own services portfolio. These IT channel courses have also been extended to the vendor and distributor community, allowing their partners to get the onsite training they need in a number of remote locations. 

In addition to practice-building tools and educational programs, the community played an instrumental part in creating the CompTIA Security Trustmark+. This IT business credential identifies solution providers who have met a prescribed list of industry standards, which not only validates their practices, but ensures they are employing the right measures to protect their customers. The application and validation processes involved in acquiring the designation also helps companies recognize potential regulatory compliance gaps and address problem areas in their policies, processes and plans. Not only can solution providers leverage the program to help refine their processes and skills, but it allows them to promote their advanced capabilities to customers and prospects using its marketing materials and accreditation logos. 

As if that wasn’t enough, Community members unveiled the latest version of their IT Security Assessment Wizard, a comprehensive web-based tool that solution providers can use to build a security profile of their customers. It provides an accurate, comprehensive and common sense view of a customer’s unique security strengths, as well as any vulnerabilities.

Want to know what else our IT Security Community is working on or get more details on the programs I mentioned? Drop me a line or check out our website today!