To many VARs (Value Added Resellers) and service providers, ‘security’ is defined as the solutions they sell. While antiviruses and firewalls are good starting points among any customer’s security infrastructure, they are just the start – the outer shell.
…Which is where I will begin, using Tootsie Pops as my analogy.
No, not that Chewy. We’re talking firewalls and antivirus applications to provide a hardened perimeter against a variety of attacks. However, as the bad guys get better at being bad, the good guys -security professionals- need to get better at being good, by staying ahead. Their role is to secure the sensitive, vulnerable, interior; using our analogy, the chewy Tootsie Roll middle.
Two effective ways of helping your customer secure the inside, include application security and access management solutions.
Many breaches result from security flaws at the application level. The ability to catch and remediate these flaws prior to the implementation of an application environment- or periodically as updates occur, is a valuable asset to customers and a significant revenue source for application security service providers.
Here’s a secret: Start-up application security providers come and go as the barrier to entry are as low as worn speed bumps. Be judicious in choosing one that will be around and offers a depth of service capabilities. Tech Data works with many application security providers who, in addition to application security, provide SaaS solutions that can expose vulnerabilities up front, and manage risk as you go.
Security in application development is frequently neglected; your customers need an ongoing security testing program that includes both static code analysis and regularly scheduled dynamic scans. In addition, the solution should not interfere with software innovation. Tech Data can direct you to a host of solution offerings that leverage the most advanced dynamic and static testing technologies. with global infrastructures and experienced teams of researchers, testers and software engineers. Their benefits include:
- Static assessments that help developers identify and eliminate vulnerabilities in source, binary, or byte code to build more secure software.
- Dynamic assessments that mimic real-world hacking techniques and attacks, using automated, interactive, and manual techniques to provide comprehensive analysis of complex web applications and services.
- Mobile assessments that provide true security testing across the client device, network, and web server to maximize mobile application security.
- Continuous application monitoring that delivers visibility and insight into production application risk. It combines application discovery with continuous dynamic vulnerability scanning, risk profiling, and runtime protection.
As mentioned in earlier, another area of neglect, exposing that soft, chewy center is access management. Organizations continue to allow a proliferation of weak passwords, weak secondary forms of authentication and incomplete coverage, even if an access management scheme is in place.
Many of our partners have products that are easy to implement and provide multi-factor authentication for and secure single sign-on for all of your customers systems and applications. (Hint: not just the SaaS, not just for one vendor.). So, why is this important?
- Fuller coverage means easier to use for the end user. Good security is unobtrusive. If the same multi-factor authentication and single sign-on environment manages all of the end-users apps (SaaS, on prem, legacy, partner), life is easier and more secure.
- Fuller coverage means the support of all forms of authentication, including biometric, push technology, Bluetooth and smart card. Access methods and barriers should fit the organization, location, end user and application. Fuller coverage means you can implement a solution that fits your customer’s needs.
- Fuller coverage also means the control and audit of privileged accounts, like system administrators, DBAs and super users. Turns out the bad guys are going after these accounts for any directory, application device that sits in your customer’s environment. You can help your customers stay protected.
Application Security and Access Management are two of several solutions areas where you can help your customer secure the chewy center. To learn more about these and other solutions, contact us at firstname.lastname@example.org
About the Author
Tim Ayer is a product marketing manager with the Security solutions team at Tech Data. As a 20+ year veteran in the IT channel, he has worked closely with some of today’s leading software publishers and hardware manufacturers to connect with VARs, MSPs, and system integrators.