If 2001 is a bellwether for security, consultants will be called on more often to provide security services for their clients in 2002. A recent commentary from Gartner, for example, predicted that government, education, IT, and financial services would spend the most on security software. This comes after robust security investments in the telecommunications and communications sector in 2001.

As companies prepare for or experience increased security threats, how will you as a consultant meet the increased demand for security services? You might consider becoming a managed network security provider. Besides providing a monthly recurring revenue stream, adding a managed security offering could broaden your client base.

In this position, the consultant provides on-site hardware to clients while managing it remotely from a data center. Managed security consultants generally run log reports to check for attempted security breaches, manage firewalls, update antivirus software, and conduct periodic security audits for the client.

Like any IT consultant, you may consider choosing a specific vendor as a partner for your business. But with so many network security appliance manufacturers to choose from, how can you be sure you’re selecting the right vendor? In this article, I’ll cover a few basic points on selecting a vendor with the best products and features for your consulting practice.

What’s best for your clients is best for you
Choose a partner with a selection of network security devices that best fits the needs of your clientele. Companies like SonicWALL, NetScreen, and WatchGuard Technologies have carved out their niche catering to the SME (small and medium enterprise) market, while Cisco Systems, Check Point, and Nortel Networks are the leaders in the medium and large enterprise market.

It is essential to select a platform with price points that best match up with the buying threshold of your customer base. If you try to force-feed a high-end solution to a small business, it’s likely to forego network security, causing you both to lose.

As I evaluated vendors for my managed network security business, I looked for a vendor that had ample products for small businesses. I also selected a vendor that offered many standard platforms and an affordable pricing structure.

For example, as a consultant, I’m targeting small businesses—many with no IT staff—that have broadband Internet connections. Since most small business tend to be frugal, offering a price point that fits within my customers’ budget is critical.

I determined that I need to sell a base unit, supporting up to 10 PCs, with installation, for under $1000 and $99 for monthly management of the box. Both of these numbers are relatively palatable for a small business, especially considering what the business might have to pay to have its systems fixed in the event of an attack.

Look for the right features
The partner you select should also offer a variety of features in the appliances geared to your clients’ needs. Standard functions can include virus protection, firewalls, and VPN. Other features, such as antivirus protection and content control, allow you to provide a more complete managed security offering.

With 2001 being the worst year so far for viruses—and with predictions that 2002 will be markedly worse—an antivirus offering nearly sells itself. To simplify my product offering, selecting a vendor with this protection built into the box was important.

The security appliance ensures that all computers on the network have up-to-date virus definitions and will not allow a user to access the Internet if they attempt to disable their antivirus software.

Another attractive option for clients is the ability to filter content from the Web that they might find objectionable or counterproductive, especially with more companies adopting acceptable use policies (AUP) for Internet usage. It’s also the easiest aspect of network security to tie return on investment (ROI) dollars to, as it immediately and directly affects workforce productivity.

Make sure you can manage
Most importantly, the partner must have a powerful, flexible, and scalable tool, allowing you to provide the value-added “management” service to the devices you have deployed. With this management system, you should be able to upgrade firmware and software residing on the appliances. You should also be able to generate reports and manage security policies with the tool.

It has been my experience that the management system uncovers the most obvious differences in the providers, both in price and in features. Managing potentially hundreds of customers with varying security needs requires a powerful management package with a good deal of flexibility and scalability. Some systems were designed for a single organization to manage its own boxes, while others offer functionality geared toward the managed security service provider.

Another key consideration with management systems is the cost of licenses. The pricing can be very high and somewhat confusing, as server and database licenses and hardware requirements vary with each vendor. Take the time to sift through the details and calculate a cost-per-customer figure.

The devices and the features are important, but the management system is the backbone of your service offering, so spend a little extra time reviewing this aspect when you’re selecting your partner.

Are you offering security services?

As a consultant, have you considered providing managed security services? Have your clients expressed an interest in outsourcing security? What are the advantages and disadvantages of managing your client’s security? Post your comments or send us an e-mail.