Visions 2020 and beyond

The view from the channel and a security long perspective
Longform
(Image: Stockfresh)

21 February 2020

In this installment, we look at the ICT channel for this year and beyond as it moves from the transactional to the service-based model.

The world of security too is explored, from the Dark Web to AI-driven cyber offensives.

_________________________________________________________

 

advertisement



 

Billy MacInnes, contributing editor, TechTrade

Service transition

Though the trends seem familiar, the channel itself is transforming to a service-driven system

TechTrade contributing editor Billy MacInnes

Ask anyone in the industry to give you a view of what technologies will become dominant in 2020 and which will start to emerge, and it is likely they will mention some or all of the following: 5G, mobility, AI, machine learning, analytics, IoT, edge computing, as-a-Service, security, cloud, unified communications and blockchain. If you would have asked them the same question at the start of 2019, they would probably have said more or less the same thing.

But what about the channel itself? Aside from the usual shuffling of the deck in terms of partner programmes from vendors as they pledge, once again, to implement changes that improve and enhance their channel schemes, what else can we expect?

Middlemen (and women) are good now

“It was our kind of business. It’s one you can understand. I may not understand all of the products that they sell and I may not understand what the customers who buy the products do with them, but I do understand the middleman’s role.” So said Warren Buffett when he explained what had driven him to make a bid to acquire Tech Data to The Wall Street Journal in December last year.

“It is now more or less inarguable that the people in the middle have become an indispensable part of the sales, service and support chain”

Ultimately, the attempt failed after private equity firm Apollo Global Management raised its offer for the global IT distributor. But it is interesting, nevertheless, that Buffett was prepared to take a punt with Tech Data because he understood the value of the middleman’s role. And it says something about the value of the distributor’s role that Apollo Global Management was prepared to rapidly increase its initial offer by 11% from $130 to $145 to head off Buffett’s interest.

The acquisition of Tech Data comes three years after the other major global IT distributor, Ingram Micro, was acquired by Tianjin Tianhai Investment Company, a Shanghai stock exchange listed subsidiary of HNA Group.

Both purchases demonstrate a wider acceptance and understanding of IT distribution in the mainstream business world. It is not so long ago that Michael Dell’s anti-channel evangelism was being parroted by analysts and investors  because of the success of the direct sales company bearing his name. Many of them queried the business models of rivals that had always used distributors and partners as a sales and support channel for customers.

It is now more or less inarguable that the people in the middle have become an indispensable part of the sales, service and support chain. Dell’s adoption of an indirect sales channel in 2007 pretty much put the “direct sales is better” argument to bed. Nearly every vendor is a channel friendly business now. Expect that to continue for some time to come.

The Global Technology Distribution Council released a report last year, Tech Distribution 2025, that found distributor value was rising and “expected to thrive and gain momentum through 2025 as respective business models and portfolios transform”. It argued distributors were becoming “increasingly strategic partners. If distributors continue to be agile and build new capabilities for the digital era, they will continue to grow at an accelerated rate”.

We’re all service providers now

This is good news for the distributors, but what about channel businesses further downstream? If distributors are building new capabilities for the digital era, what are resellers and VARs (sorry, I meant solution providers and service providers) doing to make sure they do not get left behind? To which the obvious answer is whatever they usually do because becoming obsolete is often portrayed as a perennial problem for them.

While the growing adoption of cloud and as-a-service (aaS) may have initially been viewed as potentially lethal for channel businesses – you only have to remember the resistance to Office365 to appreciate the feelings of anxiety engendered by these technology trends – the reality is that they have adapted to match the changing market.

Moving from a transaction-based product model to a recurring revenue, subscription-based service model might not have seemed the easiest migration to achieve but many have already embarked on that journey. The shift from reselling to providing services is well underway. And it is not just a case of cynically changing labels as it may have been for some with the move from reseller to VAR, especially when “value add” could be stretched so widely to encompass some of the most basic tasks.

Distributors have changed their models to cater for the provision and delivery of cloud-based and aaS services, in many cases providing the platforms for channel partners to offer managed services to their customers more quickly and with far less disruption to their business.

Digital transformation is not an overnight solution

When I see the word “transformation”, my expectation is that it should be attached to a dramatic outcome or result. To quote the words of Clarinet UK managing director Michel Robert from a couple of years ago, it “conjures up images of an overnight metamorphosis”. While there is nothing new in the expectations prompted by a sweeping IT industry marketing term proving to be disappointing or underwhelming in reality, it does seem to me we ought to be more careful in the terminology we deploy.

Two years ago, Forrester vice president and principal analyst Nigel Fenwick provided a far more accurate interpretation of digital transformation when he stated that most people using the term were “really referring to digital bolt-on, adding new digital capabilities to the existing business model”. He added that such transformations “focus on the low-hanging fruit on the digital tree”.

It is worth noting that for all the noise around digital transformation, most examples provided are more akin to digital upgrades of existing processes, usually through adding mobile app capabilities, than transformational.

Even if customers engage with the digital transformation “journey” — a voyage which, incidentally, appears to have no defined destination — are partners able to map it out for them and guide them along the way? Perhaps not. A recent survey of UK resellers and MSPs by Westcoast, for example, found only 41% of partners were “ready to take the digital transformation journey in the next 12-24 months”. If we assume that partners engage with particular technology trends in response to an existing or imminent customer demand, this suggests digital transformation is not quite as far along the path as we might have believed.

Here in Ireland, multinationals distort the market to give the impression of a greater engagement with digital transformation than in actuality. The truth is that, for many indigenous Irish businesses, the impetus for digital transformation is reduced because of the small size of the market here. A report from BearingPoint last year, entitled Digital Leaders in Ireland 2019, conceded that “investments in particular activities, types of marketing or infrastructure are less likely with a smaller or captive target market”.

It is true that the report suggested all companies “could benefit from further digitalisation, whether to maintain an existing lead, catch up with competitors, get ahead of the field, batten down against disruptors or differentiate” but the salient point is how far realistically can they go down this path? If technology cannot defy the natural limitations of the Irish market, should channel partners be seeking to convince their customers to defy gravity?

When will sustainability become a real issue?

Microsoft’s pledge to become carbon negative by 2030 has helped to sharpen a few minds around the subject of sustainability and the IT industry’s effect on the environment. For an industry that places such an emphasis on the relentless trajectory of innovation and product launches, sustainability has been a real challenge and the suspicion has been that many people have been paying little more than lip service to the issue so far.

How frequently are channel partners asked about the environmental benefits or costs of the solutions and technology they sell? How often do they emphasise those benefits or costs in conversations with their customers? How frequently is the industry guilty of greenwashing, of dressing products with what are essentially “salad leaves” that disguise their true effect on the environment?

As trusted advisers, do channel partners have a duty to provide customers with the knowledge that will give them a clearer picture of their choice of technology, solution or service, including the environmental consequences of that decision? Can they remove themselves from the sales cycle sufficiently to look beyond what the technology can do for customers in the short term and see what it will do to the environment in the long term?

It may well be that sustainability is nothing more than a veneer vendors and partners attach to the products and solutions they sell to assuage whatever concerns customers have about the environment. It is quite possible that customers, in turn, are merely camouflaging themselves in sustainability in order to satisfy the environmental concerns of the people who buy their products and services. Maybe the customers that buy their products and services are just as easily satisfied with some form of green labelling, even if they are not exactly clear what that label actually signifies.

But this cycle of willing self-deception can only be sustained for so long. At some point, we will need to take account of the true cost of products, solutions and services. So the question is, should the IT industry have a duty of care to put sustainability and environmental impacts at the heart of everything it produces? If (or when) we agree it does, the comforting fact is partners will have a role in ensuring customers are informed and supported in the choices they make around IT products, solutions and services.

________________________________________________________

Anna Chung, principal researcher, Unit 42, Palo Alto Networks

Dark services

Threat actors increasingly experiment, while bad habits persist in cyber security

Within the Deep and Dark Web, ransomware attacks are expected to continue in 2020. This year, we came across an increasing number of threat actors selling ransomware, ransomware-as-a-service, and ransomware tutorials. Underground products and services like these enable malicious threat actors who are not technically savvy to enter the game.

Unit 42’s Anna Chung

Threat actors will continue exploring new methods to monetise compromised IoT devices, beyond IoT botnets and IoT-based VPNs, due to the uncapped profit potential. IoT devices remain a popular target among hackers, mostly because IoT security awareness and education is not as prevalent as it should be, and the number of IoT devices will continue to grow at an exponential rate as 5G develops and becomes mainstream.

We are continuing to see instances where the failure to configure containers properly is leading to the loss of sensitive information and as a result, default configurations are posing significant security risks to organisations.

“Many data breaches today are driven by financially motivated cyber threat actors, and this type of attack prefers targets that have rich personal identifiable information”

Misconfigurations, such as using default container names and leaving default service ports exposed to the public, leave organisations vulnerable to targeted reconnaissance. The implications can vary greatly, as we’ve already seen simple misconfigurations within cloud services lead to severe impacts on organisations.

When a company is beginning to address or prepare for these types of attacks, it is important they never expose a Docker daemon to the internet without a proper authentication mechanism. Note that by default the Docker Engine (CE) is not exposed to the internet. Key recommendations include:

  • Incorporate Unix sockets – Using these allow you to communicate with Docker daemon locally or use SSH to connect to a remote docker daemon.
  • Leverage the firewall – Whitelist incoming traffic to a small sets of sources against firewall rules to provide an extra added layer of security.
  • Caution against the unknown – Never pull Docker images from unknown registries or unknown user namespaces.
  • Employ always-on searches – Frequently check for any unknown containers or images in your system.
  • Identify malicious containers and prevent crypto-jacking activities – When a new vulnerability in the internal container environments is revealed, it is critical to patch it up quickly as attackers will be on a race to exploit any systems they can access. Having tools that actively scan your environment for known vulnerabilities and provide alerts on dangerous configurations can help to maintain the security of all container components consistently and over time.
  • Integrate security into DevOps workflows – This will allow for your security teams to scale their efforts in an automated way. Developers have a lot of power in the cloud, and your security needs to be able to keep up.
  • Maintain runtime protection – As your organisation’s cloud footprint grows, being able to automatically model and whitelist application behaviour becomes a powerful tool for securing cloud workloads against attacks and compromises.
  • Many data breaches today are driven by financially motivated cyber threat actors, and this type of attack prefers targets that have rich personal identifiable information (PII), including financial institutes, hospitals, hotels, airlines, and almost all e-commerce sites.

From an underground economic perspective, this is data that can be quickly monetised and resold multiple times. Different data has different buyers, but overall speaking in regard to PII, payment information is preferred due to the card-not-present type of fraud. Therefore, sites that process and collect individual payment information typically are more attractive to attackers in this instance. 

While we have seen a certain amount of cyber-offensive behavior using AI, such as identity impersonation by using deep faking, we are still in the very early stages of seeing the full potential of AI-enabled attacks. On the flipside, we are seeing an increase in cyber defenders using AI to detect and mitigate threats.

Businesses and CSOs should prioritise security awareness training for all employees, going beyond just explaining how cyber-attacks occur and how they may impact an organisation as a whole, but educating their workforce at individual level  on proactive steps they can take to identify and prevent security attacks. Simple exercises like issuing phishing email detection tests or software update reminders, help raise security awareness among employees to make for more secure daily operations and help reduce the success rate of attacks.

One of the major security challenges facing today’s digital age is the fact that there are too many devices and security policies in place, making it difficult to monitor and maintain. Prioritising highly-automated security solutions that cover multiple environments will increase visibility and control over the entire operational environment by simplifying the management process, reducing costs and freeing up more time to identify the existing pain points and future road maps.

___________________________________________________________________

Read More:


Back to Top ↑

TechCentral.ie