Comms Business Magazine talks to Ian Kilpatrick, EVP Cyber Security for Nuvias, the solutions led EMEA distributor, about the state of the UK security market, reseller opportunities and the direction in which his company is moving.
Comms Business Magazine (CBM): So, we have GDPR at last then?
Ian Kilpatrick (IK): GDPR out? Well, yes and no. Only 38% of firms appear to have done anything about it. Like myself I expect you received in the week running up to 25 May a Tsunami of mail about so called ‘opting in’. Even though it had been looming for three years many organisations have no fundamental understanding of GDPR. There has been lots of hype but for most organisations it has gone over their heads – even large firms. There’s also been a failure to understand what it’s all about. GDPR has over hyped on securing everything. Personally Identifiable Information (PII) is where you actually start the process. The fact is that most organisations have not identified the PII they are holding so how can they secure it?
The problem many organisations face is that they do not know how to search for PII which means that when they receive a request for PII they will not know where to look – there’s no process in place and no idea where it is located.
Further evidence that a lot of people have misunderstood GDPR can be found in the fact that the route some organisations have gone down is to encrypt all data and place it in an encrypted folder that has to be ‘searched’.
My view is that GDPR is a channel opportunity that is still to come and not one that has already gone.
There is also a sting in the GDPR tail in the form of the DPO (Data Processing Officer). What they don’t tell you is that if you are in breach then the ICO will go for the company and the DPO!!!
So, when a DPO gets taken to court that will be when the channel sees the opportunity and when you make someone personally liable they suddenly sit up and take notice.
On average organisations are taking 118 days to find a breach. There’s little evidence of there being underlying systems in place to spot the breach but then organisations have just three days to report it.
GDPR is about process and structure and understanding what the data is. From a channel perspective it is a very dynamic situation – we can help them to get in to a trusted advisor role without being an expert – it’s a service opportunity.
We have a product that can identify PII, and don’t forget to encompass photography and images such as copies of passports and driving licenses in the travel sector.
Identification of PII is a really big opportunity for channels; it’s a new business sector that is changing the game and enables resellers to get in to firms at the heart of their business – the core – deeper than other suppliers. PII identification represents an open space you can walk right into.
We anticipate that there will be a big example made of a firm in the first year of GDPR by the ICO. It will be splashed across national TV news and will have an impact on all organisations.
GDPR has a long tail where the bulk of our related revenues will come in 2019/20 and beyond.
CBM: How would you characterise the state of security in the channel across the UK and EMEA?
IK: For resellers, the opportunity is to be the users’ trusted advisors where the challenge is to pick the right vendors and products to work with – and there are 30 to 40 vendors chasing each channel opportunity point.
For the Enterprise user the challenge is picking the right products to meet the biggest threats. As you drop to the SME level the security distractions become the latest problems seen in the news.
Both these user challenges are essentially the same – both sets don’t train on employee cyber-hygiene but instead transfer their home habits to the workplace. If you don’t check your staff then you don't care and 98% of firms don’t check. This is apparent by the absence of activity. However, there are a number of products that can be used to address this problem - and that’s another huge channel opportunity.
An equally big challenge is identity and authentication management.
A large slab of the market lies in delivering support and knowledge to the important things in a business where a good place to start is by asking what are the three most important things a company needs to protect.
All too often we see firms rushing to get their products and services to market without any designed in or built in security features as this was never part of the original budget process. The problem is that back fitting security is more expensive and generally takes something away – in the form of lost functionality, from the app.
Box Out Starts
Did You Know?
Is Personally Identifiable Information (PII) the Same as Personal Data?
The term ‘Personally Identifiable Information’ doesn’t appear anywhere in the GDPR; however, it does have a definite meaning in US privacy law. Therefore, the term in itself is likely to cause confusion to anyone seeking to comply with GDPR. For a concept that has become ubiquitous in both technological and legal lexicon, PII is surprisingly hard to define. In a nutshell, PII refers to any information that can be used to distinguish one individual from another. This includes any information that can be used to re-identify anonymous data. This can solely refer to data that is regularly used to authenticate/identify an individual, this may be averse to information that violates the privacy of on individual, that is, reveal sensitive information regarding someone. The US interpretation of the term is undeniably at odds with what is relevant for a proper GDPR assessment since it pre-selects a set of identifying traits.
To put it bluntly, all PII can be considered personal data but not all personal data is Personally Identifiable Information. Developing a solid GDPR compliance program demands that IT architects and marketers move beyond the restricted scope of PII to examine the full spectrum of personal data as defined by the EU.
Box Out Ends
CBM: You have a new vendor product range from Forcepoint which takes a ‘human-centric approach to cybersecurity. This sounds very interesting?
IK: The way to conduct cyber-war is to identify an individual with a weakness. Forcepoint gives you a bigger, wider view of what is going on in your network – this is the way cyber security is going.
The world is changing – how do we manage it? Everyone in the world has the ability to weaken security so identifying weaknesses and where they could come from – understanding and managing what’s happening across risk patterns- what and why people are doing what they do is crucial to securing your assets.
People need to protect all – not just what comes in but also what goes out and larger firms have recognised you need to have automation.
Take an example of having a building housing something expensive. You erect fencing, install infra-red detectors and CCTV with internal monitors and join them all up. When the alarm goes off you can track and identify everything that happened which is great for forensics but actually rubbish for protection.
Forcepoint’s approach of human-centric security and risk-adaptive protection is at the forefront of developments in the security industry and will be a high growth opportunity for resellers.
CBM: Looking ahead at Nuvias?
IK: It’s an exciting time with a lot going on across EMEA.
In cyber security the benefit of the company is one of scale – we can do more things better. Our objective is to grow the portfolio and expand our international footprint which will in turn attract the vendors we want to do business with.
We have ability to now grow our tech teams and have recently signed up Fire Eye and Forcepoint. As we grow our vendors across we change conversation and delivery points across EMEA and gain larger scale.
The benefit for our channels is that all these gains are going through bigger better faster systems at Nuvias which means we are also scaling up what we are doing for the channel.