Archives For Access Control

Off to Boston

February 23, 2010 — Leave a comment

Landing in Boston last night, the weather here was actually nice although they are calling for snow this week – we’ll see.  As I am preparing for meetings  this week with Courion (Access Assurance and compliance) to discuss messaging strategies, I have marketing and branding on the forefront of my mind.  This seems to be the weak link in many of the companies I’ve worked with or encountered over the past decade.  While some are investing in building a brand – as this company is, others are still trying to push ahead with brute force and more sales micro-management.  The problem is, when a sales person finally does get a qualified meeting, their message is weak, they are immediately demoted to IT,  and the opportunity becomes a long drawn out sales process to sell a widget to people with no money to spend.

Build the message – begin establishing the brand by focusing on the urgency.  Keep asking, “Is this worth reallocating time, money, and resources to?”  If it isn’t, you may be selling the wrong thing.


An article you may want to skim on hackers in China: – this was on the front page of Wall Street and well worth reading.  The point is, this young man from China explains how he got into hacking, how the code is put together to steal data, and how much money he made doing it.  Knowing this kind of information makes your message more relevant – it’s not the high tech theoretical data many are running around with.  This is what is actually happening on the street and all around us.

© David Stelzl 2010


This time it’s a case of shared passwords…another case for stronger authentication.  SC Magazine reported late last week on a loss of data containing all kinds of information including people’s social security numbers (Lincoln National in Radnor, PA).  This type of information requires stronger protection than a simple password, yet companies just keep going with their outdated security models.  Use this article to show your clients why they need to invest in strong authentication methods using tokens, one time passwords, dual authentication,…etc.  Especially when dealing with financial institutions or health care, you can’t depend on employees to manage their own passwords, and in this case the passwords were shared – a clear violation of any federal security regulation or best practice in security.  Did the executives of this firm know this was going on?  Probably not – this is why it is essential to involve asset owners in the security discussion.  Custodians are not liable and have not been successful in getting their management to understand the issues that create security budgets for this type of thing.  Read more on the SC Blog.

The ITRC – Identity Theft Resource Center is a nonprofit organization that exists to “Educate consumers, corporations, government agencies and other organizations on best practices for fraud and identity theft detection, reduction and mitigation.”  They put out a report each year summarizing who was breached and how many records were exposed (if known).  2008’s statistics came out last week…The first link points to the 200+ page report, however it is organized by company or organization so you don’t actually have to read it.  Instead, look for companies that are either clients or prospects.  The second is a summarized listing of records taken, sorted by company.  A couple of things worth noting:

  • When the “exposed record” count is zero, the comment under “Was data stolen” is almost always “unknown”, so don’t take zero literally.
  • The ITRC report also indicates that 95+ percent of these companies did not have some of the critical security measures in place such as proper encryption and access control. Might be a sales opportunity.
  • If you call on government, you’ll notice that government breaches are declining – this may be a result of NIST requirements including two-factor authentication, encryption, and regulations against using social security numbers.

This morning I presented a webcast on selling security in 2009.  Several points are worth noting as you plan your year.  Before I begin, don’t forget to check out today’s Podcast – a new Podcast comes out every Friday at  This week’s topic presents Part Two of Putting your 2009 Business Plan together.  Given the following, security should be a core focus…

  • VARBusiness’ State of the Market predictions for 2009 list Security as an area for “Robust Growth” . Specifically network security, followed by security appliance sales, Internet security software, security management, and finally access management. If you’re riding the inertia of compliance issues in healthcare, government, and business, you’re in good shape.
  • Storage holds the number two position, but specifically “Recovery Software Solutions”, which of course is a Risk sale – reference security.
  • The third is no surprise – Networking; but expect a heavy focus on wireless implementations. Differentiate with security given the increases in cybercrime via wireless networks.

Also expect to see growth in managed services offerings as companies such as SecurView and Zenith Infotech support VAR efforts to establish recurring revenue offerings.  The winners here will be companies explicitly marketing security event management to address the compliance market.  Pure monitoring in my opinion is a commodity, so take the next step as you consider your offering.

So while some are reporting unemployment rates in the 7+ percent range (US Economy), those companies that have thought through their offering, have the cash to sustain a few down months, and continue to press forward with compelling marketing programs, will likely rise to the top, grow through acquisition, and take on clients left in the sidelines of recession.