Big corporations usually have ruthless mechanisms in place to exterminate agents that have the temerity to enter their premises. There are several lines of defence that are designed to identify, subdue and fatally stifle any unwanted party that comes into contact with them.

For example, if a small company is foolish enough to be lured by the promise of carrying out a big project for one of the global giants, it will eventually discover, to its cost, that the honey pot was an illusion. By this

time though, it will have been fatally weakened and softened up by a series of time-consuming meetings with middle management, who turn out to not have any decision-making powers, despite all their initial promises. Starved of any income, the small agent eventually perishes, broken with ruthless efficiency by the gears of a giant corporation.

So the mega-corporations can effortlessly sweep away unwanted attempts at a sale, but can they defend themselves against a genuine threat? Why do pirates and hackers regularly breach their defences?

If all the reports in the popular press are true, corporations seem to be hopeless at dealing with these sorts of security threats. Logically, one would assume they would be desperate to speak to VARs that can provide solutions to the various problems in their organisation. But, as we have seen, big corporations do not like dealing with small outfits. Some might argue that corporates enjoy toying with these small companies, wasting their time with constant inconclusive meetings. But when it comes to signing any contracts, corporates always seem to be impressed by size.

This is why more corporations seem to seek a single supplier with a vast, wide-reaching product portfolio. Once, big corporates were interested in the best-of-breed product for each pain-point in the organisation. Now, they want the best of breadth, says David Ellis, director of e-security at distributor Unipalm.

“Corporates historically bought best-of-breed solutions from multiple vendor s because they wouldn’t forfeit functionality,” he says. “So the security market has always been pretty fragmented.”

The days where no single vendor can dominate are over. IT security is evolving to the point where a few big vendors will come to take control across the board.

“The likes of Symantec are acquiring a very strong portfolio in many areas, and other vendors such as Check Point have also widened their client base,” Ellis adds.

Security is evolving along exactly the same lines that networking did, says Bob Jones, chief executive of vendor Equiinet. It pioneered several networking manufacturers, such as Sonix, before moving into security as networking became a commodity business. Jones got into the IT industry only slightly later than Charles Babbage, and he has seen the same patterns repeating themselves.

“Big corporations always want to standardise on one vendor, because they want everything to be a lot simpler to manage,” he says.

Many IT vendors only achieve a complete body of products by buying the parts they do not make and then crudely cobbling them all together into a Frankenstein’s monster of a product portfolio. Claims of perfect interoperability in networking are usually bogus. It will be even worse in the security market because there is a far more diverse range of functions.

This will create a great opportunity for resellers and service providers, as long as they can market themselves properly, Jones says. It is not the purchasing of products that will be expensive, but rather the constant management of them.

“This is a great opportunity for VARs to provide an ongoing security, monitoring and auditing service for their clients away from the heat of the daily pressure in the corporate IT department,” Jones says.

But there are issues. Customer confidence is a particular problem. Just as you would not buy insurance from a company that you did not think would pay out if a problem occurred, corporates are unlikely to trust the monitoring of their security to a reseller they have never heard of or dealt with before.

It is tough selling to enterprises, warns Mike Pallot, Microsoft’s channel development manager for security. “Larger firms are more likely to feel security is under control, and that reducing costs is a more pressing concern,” he says.

Despite all the obvious dangers, the take-up of security solutions hasn’t been what it ought to be. The marketing approach is often too crude, says Phil Watts, managing director of Softscan.

“Although it’s long been considered bad form, VARs still try to sell security through fear, uncertainty and doubt,” he says. They would get a better audience with their target customer, Watts says, if they tried to understand the corporate business requirements. “Sell security as an enabler, not as a panacea,” he adds.

Some of the dire warnings that market-making security hawkers issue are not even relevant.

“Resellers need a better understanding of risk assessment and the dangers that individual customers face,” Watts says. “Without this, VARs are trying to sell a product that mitigates a non-existent risk for

their customer. No matter how good the product is, no corporate is going to spend money when the risk to the business is minimal.”

Mike Small, director of security strategy at Computer Associates, says that corporate VARs should forget all the hype because as an end-user himself, he grew tired of being lectured to by people who knew nothing about how his company works.

“The technology angle has been over-hyped,” he says. “The real issue is people and processes. A large organisation can dramatically cut network bandwidth consumption and time-wasting incidents just by standardising the configuration of their PCs.”

Knowledge about a company’s business processes soon tells you about its needs and worries. One of the biggest pain-points from a business-process point of view is that IT systems are in constant need of updating.

Patch management is a key growth area now, according to Unipalm’s Ellis, because it takes away the pain of compliance. “We’re seeing a big move to deploy this technology,” he says. “This is where the likes of [vendor] Patchlink are going to be useful.”

Consolidation of multiple applications and hardware platforms does not have to be achieved by putting all your faith in one vendor. Providing a system to retrospectively rationalise all these systems under one management platform is where the likes of Crossbeam Systems, and its partners, are likely to succeed.

Neal Lillywhite, country manager at Crossbeam Systems, says that big corporates are too busy trying to cope with the pace of modern business and the demands of regulatory compliance to manage security themselves.

“The security solutions they choose must never hamper network performance,” he says. “They must protect against multiple threats while complying with the tough regulations that businesses face. It’s a very tall order, so a consolidated security solution that incorporates multiple best-of-breed security applications provides a huge advantage for large corporates.”

If there is any consolidation, it will be around management platforms, not single vendors. “It is important for large organisations to be able to pick different vendors for different components of their security protection, because each area has its own leading vendor,” Lillywhite adds. “But they must deploy and manage these applications centrally on one platform.”

Amar Rathore, sales manager at security vendor Countersnipe, says: “Despite many vendors’ claims, there is no one that could offer a perfect solution for every security problem.”