Toronto – Canada does not have an abundant supply of security channel partners, according to Microsoft’s top security executive.
Bruce Cowper, the senior program manager, security initiative for Microsoft Canada, said there are very few security focused companies. What they normally do is encourage customers to outsource the security to third parties. Given that more vendors are building security into offerings it will make it easier for partners to provide secure solutions, Cowper said.
He has been working with channel partners to build awareness for security, and has noticed more security practices starting up. “My focus is to give them the tools to add that security competency,” he said.
Cowper added that those who do have these security practices are being sought after because a customer may have purchased technology with security but over time there will be more problems or threats and those turn into great revenue opportunities for the channel, Cowper said.
One of the challenges to security is that it is viewed as a black box. “Companies take the risk by adding security. The fact is that it was seen as a something that was bolted on after instead of integrated and more effective,” he said.
Cowper is trying to change that perception and is encouraging VARs to architect security form the ground up.
The market is shifting and partners and customers are having a two way conversation now. One of the more lucrative security areas today is in management technology especially operations management, Cowper said.
“Companies that implement security effectively need to establish a base line of operations that can monitor system performance,” he said.
Brian Bourne, the president of solution provider CMS, said management products such as System Center Configuration Manager (formerly known as SMS from Microsoft) and System Center Operations Manager provides 40 per cent of CMS’s consulting revenues. Just two years ago these products provide only 10 per cent of CMS’s services revenue.
“With virtualization what ended up happening is that the number of machines needed to be managed doubled, while shrinking your hardware footprint. And for every one that needs to be managed; it needs to be updated. There are log files that need to be checked so the tools to do that become even more important,” Bourne said.
Cowper has a unique job at Microsoft Canada. He is one of the very few at the company who does not have to meet a certain sales quota and does not have to hype up Microsoft products.
Cowper is tasked with training, heightening awareness and providing education around security. “The challenge whenever you work for Microsoft is that (Microsoft) is the message,” he said.
Cowper made an appearance at the recently concluded InfoSecurity Conference, held here, where he hosted an educational session where his message include vendors such as Symantec and partners such as Deloitte & Touche.
”I want to talk about where I see threats going and there is no point talking about products,” he said.
With that Cowper believes there is a real threat around the convergence of devices. “If you look at Canada, there is a large population that uses mobile devices and they have Web browsers and e-mail and they want to edit documents and store data and there was some interesting comments from law enforcement about micro SD cards.”
“They store a lot of information. These devices are in danger and the (holders) can be targets themselves,” Cowper said.
Another area of concern are the highly popular digital photo frames. In one instance, Cowper said that someone purchases a digital photo frame and installs malicious code. Then he puts the product back in the box and returns it to the store. The store then resells it to an unsuspecting customer.
Even more dangerous are social networking sites. Cowper said that Canadians are one of the largest users of social networking. There are more than two million Facebook users just in Toronto, for example.
“We have seen a shift from phishing and malicious software attacks towards social networking. General training has educated users to not open e-mail from untrusted sources, but people trust Facebook. So what happens if one posts a phishing attack on your fun wall and you log in and join the group. Do you trust those who have your info?”
According to Cowper, he has seen a lot of attacks through trusted mechanisms. Couple that with 40 per cent of the population on Facebook. Since most people use Facebook at a corporate environment it can lead to businesses being exposed to this threat.