Ingram Micro | PracticeBuilder for IT Security

Transcription

Ingram Micro | PracticeBuilder for IT Security
NEW
OPPORTUNITIES
IN A CHANGING
MARKET
Inside you’ll learn how to:
Q
Grow your IT Security practice
Q
Outsell the competition while increasing proﬁts
Q
Ask the questions others don’t
Q
Leverage Ingram Micro resources for fast results
Advanced
Technology
Security Solutions
Page 1
Content © 2005-2011 OCE Inc, All rights reserved.
Licensed to Ingram Micro, Inc., 2011.
Published for Ingram Micro by:
Outsource Channel Executives, Inc.
3313 W Kiowa St.
Colorado Springs, CO 80904, USA
www.OCEinc.com
Printed in the USA
V5.0
Disclaimer
Neither the author nor the publisher assumes any responsibility for errors,
inaccuracies, or omissions. Any slights of people or organizations are
unintentional.
This publication is not intended for use as a source of security, technical, legal,
accounting, financial, or other professional advice. If advice concerning these
matters is needed, seek the services of a qualified professional as this information
is not a substitute for professional counsel. Neither the author nor the publisher
accepts any responsibility or liability for your use of the ideas presented herein.
Some suggestions made in this document concerning business practices may have
inadvertently introduced practices deemed unlawful in certain states,
municipalities, or countries. You should be aware of the various laws governing
your business practices in your particular industry and in your location.
While the websites referenced were personally reviewed by the author, there are
no guarantees to their safety. Practice safe Internet surfing with current antivirus
software and a browser with active security settings.
PracticeBuilder is a trademark of Outsource Channel Executives, Inc., licensed to
Ingram Micro. All rights reserved. All trademarks and registered trademarks are
the property of their respective holders.
Ingram Micro logos are trademarks used under license by Ingram Micro, Inc.
Products available while supplies last. Prices subject to change without notice.
Author: Mark S.A. Smith, OCE, Inc.
Subject Matter Expert: Chris Squier, Ingram Micro, Inc.
OCE Project Manager: Debbie AlBayati
Project Manager: Dorothy Martinez, Erin McNiff, Ingram Micro, Inc.
© 2011 OCE Inc. Permission granted to reproduce for your company’s internal use. All other rights reserved. www.OCEinc.com
Page 2
Ingram Micro PracticeBuilder
Security Solutions
Page 3
Table of Contents
Overview................................................................................................................. 7 What’s in this PracticeBuilder? .......................................................................... 7 What is Security? .................................................................................................... 9 Security Goes Beyond IT.................................................................................. 10 Why Security? .................................................................................................. 10 The State of Security ........................................................................................ 11 Why the Investment in Security Solutions Pays ............................................... 13 Compliance Demands ....................................................................................... 13 Increased Need for Services ............................................................................. 16 Web Threats Proliferate .................................................................................... 16 Mobile Device Protection ................................................................................. 17 Information Lifecycle Management ................................................................. 18 The Lines of Network and Security Get Blurry................................................ 18 Network Security .............................................................................................. 19 Private Networks .............................................................................................. 19 Firewalls ........................................................................................................... 20 Endpoint Security ............................................................................................. 22 Intrusion Detection and Prevention Systems .................................................... 22 Physical Security .............................................................................................. 23 Controlling Network Access............................................................................. 23 The Future of Security ...................................................................................... 23 How to Build a Security Solutions Practice.......................................................... 25 Becoming the Security Brand ........................................................................... 25 A Logical Business Expansion Opportunity..................................................... 25 Investment Requirements ................................................................................. 25 Value to You ..................................................................................................... 27 Begin with the Security Policy ......................................................................... 27 Start Discussion at the Top ............................................................................... 28 Overcoming Potential Concerns ....................................................................... 29 Selling Security ................................................................................................. 30 Policy Review ................................................................................................... 31 Target Client Profile ............................................................................................. 33 Value to Your Client ......................................................................................... 35 Up-sell and Cross-sell Opportunities .................................................................... 37 Adjacent Technologies Help You Complete the Solution ................................ 38 Executive Questions ............................................................................................. 41 CEO, Sales VP, Marketing VP ......................................................................... 41 CFO................................................................................................................... 42 IT, CIO .............................................................................................................. 43 Detailed Questions ............................................................................................ 43 Creating a Business Case for Security Solutions .................................................. 45 Calculating Solution Costs ............................................................................... 45 Calculating ROI Benefits .................................................................................. 46 The Value of Security ....................................................................................... 47 © 2011 OCE Inc. Permission granted to reproduce for your company’s internal use. All other rights reserved. www.OCEinc.com
Page 4
How to Generate a Winning Proposal .................................................................. 49 How to Properly Use a Report of Findings ...................................................... 49 Report of Findings and Action Plan Template ..................................................... 51 Glossary ................................................................................................................ 55 Security Opportunity Profile ................................................................................. 57 Security Project Planning Checklist ..................................................................... 63 Security Installation Checklist .............................................................................. 69 Your Action Plan .................................................................................................. 73 30-day Plan ....................................................................................................... 73 60-day Plan ....................................................................................................... 74 90-day Plan ....................................................................................................... 75 Action Ideas that Will Make Me Money .............................................................. 77 Ingram Micro Services.......................................................................................... 79 Ingram Micro Solution Centers ........................................................................ 79 Agency Express ................................................................................................ 79 Technology Solutions Engineer ........................................................................ 79 CAP—Customer Advantage Program .............................................................. 79 Partner Connections Summit ............................................................................ 80 Technology Bootcamps and Roadshow Seminars ............................................ 80 Ingram Micro Services Network (IMSN) ......................................................... 80 Manufacturer SKU’d Services .......................................................................... 80 E-commerce Partner Referral ........................................................................... 80 Ingram Micro Services Division (SPEX) ......................................................... 81 Technical Support Services .............................................................................. 81 Ingram Micro Contacts and Resources ................................................................. 83 The Security Team ............................................................................................ 83 Other Useful Contact Information .................................................................... 83 Premier Sponsors .................................................................................................. 87 Cisco ................................................................................................................. 87 Symantec........................................................................................................... 88 Additional Sponsors.............................................................................................. 89 Fortinet .............................................................................................................. 89 Juniper Networks .............................................................................................. 89 McAfee ............................................................................................................. 90 Sonicwall .......................................................................................................... 90 WatchGuard ...................................................................................................... 91 RSA................................................................................................................... 91 Trend Micro ...................................................................................................... 91 © 2011 OCE Inc. Permission granted to reproduce for your company’s internal use. All other rights reserved. www.OCEinc.com
Security Solutions
Page 5
Security Solutions
PracticeBuilder™
Page 6
Security Solutions
Page 7
Overview
You have in your hands a powerful toolkit designed to help you successfully
make security solutions sales, fast. Review these tools before making your sales
calls to plan how you’ll approach your prospective clients.1
This document is one of a series of PracticeBuilder Guides from Ingram Micro
that can help you rapidly increase your profits and give you a competitive edge.
Ask your sales rep for details about other toolkits.
Pull out the “Action Ideas that Will Make Me Money” sheet on page 77. Use this
page to jot down ideas as you read through this document. These are the ideas that
will allow you to rapidly implement a profitable security solutions practice.
What’s in this PracticeBuilder?
In this kit you’ll find opportunity assessments, project planning guides, project
installation guides, business case tools, questions that lead to the sale, reference
materials, and sample proposals.
In this document we will define security solutions—what they are and what they
do. We will discuss why your clients will be interested in security solutions, the
market, and the market drivers. We will discuss who to talk with and what to say.
You’ll learn what a solution looks like and the steps to take to build a successful
Security Solutions practice.
Skim through this document to get a feeling for what is most interesting to you.
It’s designed to be consumed cafeteria-style. Pick and choose what tempts you.
You can even start with dessert if you want.
As you develop your Security solutions practice, refer back to this document to
identify ways to improve your business or to troubleshoot areas where your
business isn’t going as well as you think it could.
And, of course, call your Ingram Micro technical support team for help at any
time, on any product, in any client situation especially for any security-related
question, training, or solution. We have lots of experience; we can help. You’ll
find contact information on page 83.
1
In this toolkit the word client refers to the company that you are selling to (after all, you’re a
consultant, and consultants service clients), and customer refers to who your client sells to. This
keeps the parties clear in the discussion.
Page 8
Security Solutions
Page 9
What is Security?
In general, a security policy addresses the confidentiality, integrity, availability, and
accountability of electronic information processed by, stored on, or moved between
computer systems. Security is the protection of information assets through the use of
technology, processes, and training. Security encompasses everything from physical
security to HR policies to access control and more.
Security includes a number of
technologies and solutions that
have grown out of data sharing
across computer networks. Other
names for these solutions include
endpoint protection, data loss
prevention, content filtering,
unified threat management,
intellectual property protection,
compliance, business continuity,
and a variety of terms that cover
everything from software that
targets specific threats to broad
suites of applications. Security is
all about protecting critical data, the people we depend on, and the
survivability/resilience of the organization.
Security consists of:
 Risk management/GAP Analysis
 Identifying threats to the ongoing visibility/sustainability of the business
(legal, electronic, physical, other threats):
 Policy development and compliance
 Threat and early warning systems
 Intrusion protection
 Business Continuity and disaster recovery
 Tracking the flow of assets and intellectual property throughout an
organization, and being able to control and audit against it
Security starts with deciding what your client wants to protect and then deciding
how much they want to protect it. You don’t want to protect everything; it’s too
Page 10
expensive and can be a little annoying. However, annoyance is of little concern
when faced with a lawsuit. Levels of security controls will be dependent on
criticality.
Key assets are:
 People—employees, customers, key vendors, and stakeholders
 Property –physical, electronic, and intellectual
 Processes—procedures used to successfully conduct business
 Proprietary data—trade secrets, confidential information, and personal data.
 Legal—protection from legal/regulatory action
Corporate security is about protecting the ability to conduct business, preserving
valuable or critical assets that determine the well-being of the organization. The
alternative is expensive because corporate data breach average cost has hit $7.2
million.2
Security Goes Beyond IT
A Deloitte report says that for 62 percent of their survey respondents the security
budget is still wrapped in the IT budget, and 35 percent say that one of the biggest
obstacles they face in implementing successful security technology and policy is
lack of owner or executive support.
Yet an ever increasing portion of the security budget comes from finance, audit,
and legal departments. Security is more than just a technology solution. This
means you’re going to grow your business outside of the IT department.
Why Security?
Aside from shutting down the network and burying the servers in a concrete box,
security solutions are one of the best ways for your clients to protect their data
and tangible assets.
2
http://www.networkworld.com/news/2011/030811-ponemon-data-breach.html
Security Solutions
Page 11
The cost impacts of a security breach are high, often resulting in lost revenue,
compromised client data, and theft of intellectual property. A company’s success
depends on:
 Relationships
 Reputation
 Results
A shift in philosophy drives choosing security, based on the need to protect
valuable assets and information. Clients don’t want to lose business or negatively
affect employee productivity due to a security breach.
Your clients want to:
 Minimize system downtime caused by a security related incident
 Avoid liability suits caused by information breaches or the inability to deliver
products and services as promised
 Reduce the risk of information leaks through insider threats, organized
computer crime, spyware, spam, and online scams like phishing
 Prevent unauthorized information and network access, by both internal and
external sources
 Maintain data privacy standards, some of which are mandated by law (such as
employee personal data, medical records, company financial information, and
customer records)
 Protect information transferred via the web or email, especially financial
information like credit card numbers and personally identifiable information
(PII)
 Receive proactive notification of system weaknesses and possible threats
 Protect physical assets, employees, and customers
The State of Security
In fact the most recent Computer Security Institute survey found “respondents did
not seem to feel that their challenges were attributable to a lack of investment in
their security programs or dissatisfaction with security tools, but rather that,
despite all their efforts, they still could not be certain about what was really going
Page 12
on in their environments, nor whether all their efforts were truly effective.”3 You
may wish to download a copy of this report for your files.
The 2010-2011 Computer Security Institute survey reports these facts about the
state of security:4
•
Malware infection continued to be the most commonly seen attack, with 67.1
percent of respondents reporting it
•
Respondents reported markedly fewer financial fraud incidents than in
previous years, with only 8.7 percent saying they’d seen this type of incident
during the covered period
•
Of the approximately half of respondents who experienced at least one
security incident last year, fully 45.6 percent of them reported they’d been the
subject of at least one targeted attack
•
Respondents said that regulatory compliance efforts have had a positive effect
on their security programs
•
By and large, respondents did not believe that the activities of malicious
insiders accounted for much of their losses due to cybercrime. 59.1 percent
believe that no such losses were due to malicious insiders. Only 39.5 percent
could say that none of their losses were due to non-malicious insider actions
In 2010, 95,000 unique pieces of malware in total appeared, doubling the volume
of malware seen in 2009.5 New malware appears, on average, once every 0.9
seconds. You client can’t keep up with all of the changes without your help.
What this means is that how we approach delivering security to our clients
changes as the nature of the attacks change. Even a savvy IT administrator can’t
keep up with all of the threats, security strategies, and mitigation methodologies
along with all the other things they need to know about traditional IT
infrastructure.
Your customers need you!
3
http://analytics.informationweek.com/abstract/21/7377/Security/research-2010-2011-csisurvey.html
4
ibid
5
http://www.sophos.com/en-us/security-news-trends/security-trends/security-threat-report2011.aspx
Security Solutions
Page 13
Why the Investment in Security Solutions Pays
The most compelling reason to invest in security solutions is to protect existing
business. Customer retention costs about one-tenth as much as acquiring a new
customer. It used to be that an angry customer would tell an average of seven
people about their bad experience. Now an angry customer with a blog,
Facebook, and Twitter account will tell thousands of people.
For example, if new customer acquisition costs $200 dollars, you can estimate
that customer retention is costing around $20 dollars. Your clients make money
on repeat customers. A satisfying customer experience—which includes
confidence that the business is able to protect sensitive data and provide a
consistent level of service––creates the foundation for customer loyalty.
In addition, the costs of lost customer data and the potential legal action that
result from some kinds of security breaches carry a high cost of their own. Having
sound security practices that can be audited against ISO/IEC standards can help
attract business in several vertical markets such as healthcare and government,
since these folks need to comply as well.6
The U.S. Government is beginning to bolster ties with private industry for
security services given potential vulnerabilities to critical U.S. infrastructure, like
power grids and financial markets.
Compliance Demands
Most businesses are affected by regulatory compliance obligations. Some
organizations are subject to specific industry regulations, such as HIPAA or PCI,
while every publicly traded company must meet Sarbanes-Oxley (SOX) and other
general regulations. Although there are over 10,000 different regulations that may
affect your client, they all deal with protecting the security of your client’s data. A
quick Internet search will lead you to the latest information about these
regulations.
From a compliance perspective, 2011 will be an interesting year as more
regulations and mandates take effect. Companies in many industries will be
working to comply with legal and regulatory mandates that protect private,
sensitive information.
Compliance is driving security spending, the top driver in fact in more than 60
percent of organizations benchmarked. Compliance (audit results) is also used as
6
Learn more and link to downloadable standards at http://en.wikipedia.org/wiki/ISO/IEC_27002
Page 14
the primary metric of success in more than 64 percent of organizations
benchmarked. Keeping up-to-date with CFRs (Code of Federal Regulations),
ISOs (Specifications for Information Security Management Systems), and PCI
DSSs is a helpful step in ensuring your security practice is the “go-to” preferred
provider.
For example, HITECH, which updates HIPAA (Health Insurance Portability and
Accountability Act) not only adds breached access notifications, but also extends
coverage to a much broader range of organizations including web-based
electronic health records management systems such as Google Health.
Keeping up with the Certs and Specs
Another major challenge, particularly for small- and medium-sized companies is
the need to stay current on directives, mandates, law changes, education, training,
and certification. Here’s where you can really help.
In an increasingly digitized world, smaller businesses are compelled to implement
technology with little or no internal IT support; keeping systems safe, efficient,
and effective proves to be a challenge. Toss in the general trends moving
businesses toward VoIP, grid computing, and virtualization, and you find clients
throwing up their hands in frustration.
On the bright side, this is opening new opportunities for service providers to offer
security consulting and services, including managed services to their clients.
Opportunity abounds.
Access Control Compliance Demands
Access control, or projects that include access control, can be challenging.
Successful implementation involves the deployment of physical technologies and
the configuration and management of rules and policies. The resulting system
must meet the compliance regulation requirements affecting your client’s
business.
It’s not compliance regulations that affect the selection and deployment of access
control technologies, or the configuration or management of the resulting system.
Instead, it’s the end result of the access control project that must stand up to
compliance scrutiny.
For instance, a regulation may require the inclusion of access controls and
delineate the objectives of that resource, but will not specify particular products
or configurations. Solution providers are free to accommodate the unique
circumstances of each client—as long as the resulting access control system
meets the goals of each compliance regulation.
Security Solutions
Page 15
Solution providers engaged in access control must know and understand the needs
of each regulation as well as the needs of the client. Providers must also be able to
resolve potential conflicts between overlapping regulations, often defaulting to
the “lowest common denominator” between regulations. For example, if a client
is affected by three major regulations, each with different auditing periods, the
provider may select the most frequent auditing period in order to satisfy all of the
regulations.
If your security solution involves access control, you’ll need to know compliance
law and the potential penalties your clients face. Many providers employ a lawyer
to clarify compliance liabilities. Knowledgeable legal counsel benefits both the
provider and the client. Protecting your client and protecting yourself don’t have
to be mutually exclusive. Many providers choose to work with companies that
specialize in compliance, auditing, and the legal aspects of corporate governance.
Governance, risk, and compliance (GRC) tools help map internal business
controls and processes to regulatory requirements, allowing providers (and their
clients) to identify anomalies that can be addressed before they become a problem
or costly liability.
And remember: the Ingram Micro team is here to help you grow your Security
Solutions practice in every way. We have the resources you need to get the job
done, and get it done right.
PCI Compliance
Even though PCI-DSS isn’t a federal mandate, the potential concerns are higher
because state and local governments are placing requirements on businesses that
compel them to ensure their customers’ data is secure. The thought of a hotel that
can’t accept credit cards starts IT professionals’ knees knocking. Federal mandate
or no, businesses must respond.
You may remember the lawsuit brought against retailer TJX (parent company of
TJMaxx, Marshalls, and other retail outlets in the U.S and Canada) which cost
them almost $1 billion dollars in fines and other expenses, not to mention the hit
to market confidence and customer satisfaction. The breach started with hackers
breaking into the network at two U.S. stores, but in a little over a year, 47.5
million records were stolen.
Many companies have set aside additional budget dollars to address the need to
protect customer’s credit card information. According to the latest Data
Protection and Control survey by IDC, 72 percent of large companies and 49
percent of the mid-sized businesses that accept credit cards are planning
implementations or upgrades in order to comply with standards or increase
competitive advantage.
Page 16
Increased Need for Services
Organizations are finding that the frequency and sophistication of threats is out of
control for them to handle internally and they’re looking for service providers
with competency to be able to handle the constant threat. There is plenty of
opportunity in your market to make profits and expand your practice. Companies
are choosing managed security service providers (MSSPs) to do more than block
spam and encrypt email messages. As concerns over budgets continue, companies
turn to resellers and partners for managed services like monitoring clients’
security networks and compliance.
Solution providers who are successful winning business in the mid- and enterprise
business market are offering what their clients don’t have—specialized skills that
help improve process and reduce cost. With compliance still at the forefront of
challenges faced by security professionals, opportunities are growing in the area
of audit preparation services and consulting, particularly reporting and workflow
packages that automate the process.
Web Threats Proliferate
Problems caused by malware continue to pose major challenges. The effects of
cybercrime are far reaching. It would be a difficult task to find someone who has
never been affected by malicious Internet activity or who does not at the very
least know someone who has been negatively impacted by cybercriminals.
Advances in Internet technology and services continue to open up innumerable
opportunities for learning, networking, and increasing productivity. However,
malware authors, spammers, and phishers are also rapidly adopting new and
varied attack vectors.
If the Internet is to become a safer place, it is imperative to understand the trends
and developments taking place in the Internet threat landscape and maintain
online security best practices. Consider this: the probability of an attack from a
random web page is about 1 in 3,0007 and between 80 and 90 percent of all e-mail
is spam.8
7
http://security.cbronline.com/news/one-in-3000-websites-harbouring-malware-kaspersky240211
8
For the current spam levels, virus attacks, and phishing attempts, see
http://www.messagelabs.com/globalthreats
Security Solutions
Page 17
Organized Crime
Today, criminal motives are often the inspiration behind the act. After all, it’s
way easier and safer to steal from someone thousands of miles away from you
then to shake them down in person.
A number of organized cybercriminal groups steal confidential data through
crimeware or crimeware-as-a-service (CaaS anyone?). This is a class of malware
designed specifically to automate cybercrime. Crimeware ‘kits’ are also now
available for purchase via the Internet.
A crimeware kit allows people to customize a piece of malicious code to steal
data and other personal information. In 2009, Symantec observed nearly 90,000
unique variants of the basic Zeus crimeware toolkit, the second most common
new malicious code family observed in the APJ.
IT Systems and the Stuff Inside
Data Loss Prevention (DLP, not to be confused with Digital Light Processing
used in data projectors) continues to be another major trend in the security field.
How to protect physical assets and the data—often confidential and frequently
regulated—poses another major challenge for businesses large and small. In
addition to HIPAA, SOX, and other government mandated compliance, expect
new identity standards to target preventing data loss.
Over 600,000 laptops are lost or stolen at US airports every year, posing threats of
identity theft and causing millions of dollars in equipment loss.9 If you have a
Windows-based device, don’t think your user password is going to offer much
protection. If you want a real scare, look at Ophcrack. It claims to crack 99.9
percent of alphanumeric passwords of up to 14 characters in minutes.10 Managing
access and remote disabling of portable devices is a real issue for all companies.
Mobile Device Protection
A potential threat is malware or crimeware attack on mobile platforms such as
PDAs and cell phones. For many years security companies have been warning
that malware will soon affect cell phones in much the same way it affects PCs.
The saving grace for mobile devices is that they haven’t yet been a big enough
target. With 90 percent of the world’s PCs running a Windows OS, new malware
has a large potential victim pool. The cell phone environment is much more
9
10
Ponemon Institute
http://en.wikipedia.org/wiki/Ophcrack
Page 18
heterogeneous, with numerous vendors using diverse hardware and various
operating systems.
With Apple keeping their mobile device system closed, any app offered has to be
vetted and can only come from the Apple Applications Store. This means that the
probability of a mass attack on the iPhone or iPad is low. Other open access
devices aren’t as secure.
For example, in early 2011, Google found 50 malware apps targeting the Android
phone.11 It is very likely that cyber criminals will begin targeting mobile devices
as more people use them and conduct financial transactions on them.
A bigger threat is theft of a mobile device that isn’t password protected. This
could be a real issue as more companies adopt mobile devices as a token device to
access corporate computer systems—where the server calls the users cell phone to
confirm access rights.
Information Lifecycle Management
With more privacy laws coming, effective Information Lifecycle Management
(ILM) becomes critical to protect your client’s organization. If they are retaining
data that is no longer required by law, it is a potential liability.
For example, if damaging information is found during a legal discovery, it’s
admissible even if the information is kept beyond the time required by statute.
The ILM caveat: “They can’t discover or compromise what you don’t have on
file.”
Information Lifecycle Management applies procedures to effectively control
information or data record throughout its applicable life, from inception to end.
For example, for a financial institution; information can become a record by being
documented as a transaction, withdrawal, deposit, etc. This type of data, though
valuable for a period of time—even a requirement to save by the government in
some cases—certainly has the potential to outlive its relevancy.
The Lines of Network and Security Get Blurry
The boundary separating networking and security is disappearing and might soon
be eliminated. Network and security companies have been joining forces through
11
http://www.cio.com/article/671764/Android_Market_Spiked_with_Malware_Laced_Apps
Security Solutions
Page 19
a series of mergers and acquisitions to extend their market reach. The resulting
products have the potential for richer and better integrated functionality that will
benefit you and your clients.
However, this means that network managers will need to know more about these
next-generation products in order to evaluate, deploy, and maintain them
effectively. While these emerging technologies offer businesses an exciting new
level of protection, the integrated environment will also require a high level of
collaboration in the IT department. Network and desktop systems managers,
along with application managers, will have to collaborate across the IT
organization.
The growing awareness that security is more than just an IT problem means that
line-of-business managers and corporate leaders will become more involved in
these decisions and purchases.
Along with traditional infrastructure concerns, impending changes to network
design, challenges with mobile security, consolidation, and integration of security
policies and procedures into the business, and growing VoIP and Virtualization
offer excellent opportunities for growth in the Security and IPVS markets.
Network Security
Network Security is a prime focus of a security investment. Frankly, the only
truly secure computer is one disconnected from the network, locked in a closet. If
the computer is connected to the Internet, it’s at risk.
Private Networks
A private network uses internal wiring or costly leased phone lines to securely
transmit data. A virtual private network (VPN) provides secure access to the
company network through the Internet. A VPN provides virtually the same
capability as a private network, without the expense.
Unlike a private network, you can setup a VPN connection anywhere you can
access the Internet. VPNs encrypt data before sending it through the network,
securing it from attackers.
If your client wants their people to access company confidential data through a
wireless network or while traveling, they need a VPN or SSL12 Web access and
should use SSL-based email servers.
12
Secure Sockets Layer (SSL) is a encrypted Web browsing protocol that describes how the data
is passed through sockets between computers and applications (https://, instead of http://).
Page 20
Firewalls
In the cyber world, a firewall13 is the interface between a local network and the
wild, wild Internet. The firewall hides computer addresses from outsiders and
blocks unexpected and unsanctioned traffic between the network and the Internet.
Most network vendors offer a firewall solution.
Hardware Firewalls a Must
If you connect to the Internet you must have a hardware firewall or you will be
compromised. Hardware firewalls can also guard against viruses, block spyware,
and defend against some Denial of Service (DoS) attacks.14 Firewalls can be a
stand-alone box or built into a network router or other network appliance.15
UTM Firewalls
IT managers at small and midsize businesses like UTM appliances—firewalls that
layer on antimalware protection, content filtering, antispam, and intrusion
prevention—because deploying a single, multi-function device reduces costs and
simplifies configuration.
However, deciding whether and where to deploy UTM appliances in a large
enterprise is a more complicated and difficult decision. The idea of a single point
through which all traffic flows as an obvious locus for threat mitigation doesn't
work when a network has dozens, hundreds, or thousands of distinct locations.
Because performance is a critical issue in large networks, savvy network
managers often seek to distribute threat protection rather than centralize it, simply
to reduce the likelihood of a performance bottleneck.
Similarly, the style and quality of threat mitigation features one commonly sees in
an SMB UTM may not be of interest to an enterprise, where requirements are
more exacting and security architectures are more complex. For example, the
antispam features and functionality in UTM firewalls pale compared with those in
stand-alone enterprise-class dedicated antispam/antivirus appliances.
With such dramatic differences between SMB and enterprise requirements, is
there a place for enterprise UTM firewalls? The answer is definitely yes, for these
three reasons: reduced complexity, simplified management, and increased
flexibility. Don’t hesitate to contact your Ingram Micro rep for help and advice
A firewall in the physical world is a fireproof or fire-resistant wall that prevents the spread of
fire through a building or a vehicle.
14
See glossary on page 55
15
An appliance is a computer-based tool designed to perform a specific function, usually for less
cost or more securely than with a dedicated computer and software.
13
Security Solutions
Page 21
when considering a UTM solution as part of your security solution offering to a
client.
Here are some basic pros and cons every solution provider should understand
before deciding to offer a UTM appliance as part of their security solution:
Pros
 Complexity: high availability and scalability are dramatically simplified in
UTM appliances
 Management: a single management interface enables better coverage for less
effort, and reduces the possibility of mistakes
 Flexibility: ability to bring security services in and out of the equation quickly
supports threat response requirements best
 Cost: long-term costs for UTM will likely be lower than individual point
solutions
Cons
 Performance: enabling threat response features can cause a huge performance
hit and make performance unpredictable depending on vendor architecture—
many vendors can now keep up performance when all features are enabled
 Choice: bundled threat response represents choices the vendor made based on
partnerships and commercial interests, not necessarily matching your client’s
specific needs for their network
 Features: threat mitigation bundled into firewalls may differ depending on
vendor.
 Separation: different teams are responsible for different threats, and requiring
coordination and agreement between them can be difficult and timeconsuming
Host-based and Software Firewalls
Host-based and software firewalls should be a secondary line of defense. They are
more vulnerable than a hardware firewall because they can be disabled by a user
or by malware. Many attacks come through a browsed Web site, and by then it
can be too late for a host-based firewall to act. Software firewalls work better to
detect unexpected outbound traffic from a computer. Software firewalls can be
highly secure gateway appliances if used properly.
Page 22
Safer Internet Connection
A proxy server is an intermediary computer between users’ computers and the
Internet that controls and enforces security policy. It checks the user’s request
against content filtering and access policy, forwards the request to the Internet
hiding the user’s identity, and logs the activity. Like a firewall proxy servers
prohibit unauthorized access from the Internet to the internal network.
Proxy servers speed up Internet access by keeping copies of frequently accessed
Web pages in a cache (a local memory) rapidly delivering the local copy when
the page is requested.
Safest Internet Connection
A DMZ (demilitarized zone) is a computer or small network between a company’s
private network and the Internet. The public can access the DMZ computer to get
data or a Web page, for example, but can’t get to the private network. A DMZ is
more secure than just a firewall and can act as a proxy server
Endpoint Security
Endpoint security is a centrally-managed security strategy using software
installed on the devices (such as PCs, laptops, handhelds, scanners, and POS
terminals) that attach to the network.
On log-in, the host server validates the user and ensures that the device complies
with security policies before granting network access. The program scans for
unauthorized software and can administer patches. Unauthorized users and out-ofcompliance devices receive limited access or are quarantined.
Endpoint security works well for securing a network that has access locations that
can’t be physically secured.
Intrusion Detection and Prevention Systems
Network intrusion detection systems (IDS) observe network traffic for potential
attackers. IDS can be performed with software or as a network appliance. If your
client needs to protect valuable assets, consider using both methods because each
is capable of detecting events that would be difficult or impossible for the other to
identify. Typically, an intrusion triggers an operator alert to take action.
An intrusion prevention system can take immediate action when an intrusion is
detected, for example blocking specific network traffic upon detecting a
Security Solutions
Page 23
malicious action or limiting passage of unusual network activity until it can be
analyzed.
Physical Security
Include a discussion with your client about physical security. An unguarded,
isolated computer logged onto the network poses a security risk. A misplaced,
unlocked mobile phone with passwords stored in a note offers the keys to the
company. If the routers and switches are in an unlocked closet or freely
accessible, the network is at risk--it’s easy to plug in an unauthorized laptop and
compromise the system. Make sure that the hardware is under lock and key and
that the keepers of the keys are trusted and accountable.
Remember, the physical security of most datacenters is usually not controlled by
IT. You’ll need to speak about this with others in your client organization, a
perfect excuse to expand your contacts and influence.
Controlling Network Access
Network access control (NAC) is top of mind on the technology front. This
includes, hardware, software, and services like:
 Network-integrated NAC enforcement devices such as switches, routers, and
firewalls
 NAC enforcement appliances
 SSL VPNs (virtual private networks) using secure sockets layer (SSL)
security protocols
As a direct result of the trend toward a more mobile and geographically dispersed
workforce, capital expenditures on equipment loss and theft for devices such as
laptops, mobile phones, and PDAs continues to rise. The loss of this equipment,
typically loaded with sensitive corporate data, naturally leads to increased interest
and investment in security. These are not only technology issues; there are service
issues and human factors swirled into the mix, providing opportunities to offer
design, deployment, management, and training services as well.
The Future of Security
Products and services continue to evolve to meet the growing needs of the
information security industry. The three major challenges your clients and their
companies will face in the coming year will be access management, compliance,
and protecting critical data. These challenges will focus on:
Page 24
 Host-based or cloud security, including local laws where the data is physically
hosted
 Mobile security concerns and solutions
 Encryption strategies
 Changing compliance mandates
 The spread of super-stealthy malware
 New botnets, smarter and bigger than ever
 Black market information trading and selling
Security Solutions
Page 25
How to Build a
Security Solutions Practice
Security offers opportunities to capture new business with a minor investment in
additional skills. The budget for security solutions may come from the IT
department and also from the business group responsible for securing the
operation. This means you can expand your potential market beyond IT budgets.
Becoming the Security Brand
In order to generate profit and recurring revenue in today’s — and tomorrow’s —
IT environment, you need to become your client’s preferred security brand.
You’ll be delivering services under one name as one complete solution based on
your client’s requirements. It won’t be a point solution or just a software sale.
Instead, sell an on-going security service, like a utility, and you’ll better serve
your clients and enjoy a stable business.
The back-end that delivers all of this will be a combination of traditional security
products (firewalls, anti-virus, data leak protection, etc.), cloud and managed
services (disaster recovery, business continuity, data protection, etc.), and talent
(assessments, threat analysis, policy creation and enforcement, education) to
provide a complete security solution that adapts to changing conditions.
A Logical Business Expansion Opportunity
Security solutions incorporate many aspects of IT including computer and
networking technologies, as well as software. But security goes way beyond the
typical IT solution.
Savvy solution providers offer security strategy consulting as part of their practice
to help clients identify objectives and design an implementation plan, including
software evaluation, security policy documentation, gap analysis, testing, enduser training, and deployment. This is where the profits lie in this market.
You can use security solutions as a way to grow your practice by adding these
additional services demanded by most of your clients.
Investment Requirements
There is an investment required to launch a security solutions practice in terms of
sales and technical training. Ingram Micro can provide much of the training and
Page 26
guidance, while most vendor partners offer Not For Resale (NFR) demo software
and equipment at no charge or for a small fee.
Management
You’ll need to develop a sense for security projects, perhaps using the tools
included in this PracticeBuilder guide. You may also wish to attend Ingram
Micro-sponsored training to get a handle on what’s required from your staff to
deliver a complete and profitable solution.
Technology
For most business partners, very little additional technology is required to launch
a security practice. It usually only requires developing an understanding of the
available technologies, keeping up with market trends and, in some cases,
certification. Otherwise, you’re probably already well versed in the components
of a security solutions practice.
Training and Certifications
There are several industry-specific certifications, such as Certified Information
Systems Security Professional (CISSP). Some vendors offer technical
certifications for their specific products resulting in additional margins and
partner benefits.
Education and Awareness
Guarding the physical safety of employees and customers, protecting business
assets, and keeping intellectual property confidential is not a one-time event; it’s
an ongoing process. Education and awareness programs offer an excellent
opportunity to support your client’s efforts to maintain a safe and secure
environment.
Ingram Micro can help you to develop a variety of programs to meet your clients’
security education needs—everything from seminars to identify and document
security strategies to in-depth programs that meet the DRII certification standards
for security and business continuity. Refer to the information on page 83 for more
details on whom to contact.
Security Solutions
Page 27
Marketing
You’ll want to mention your security solutions in your traditional marketing
materials such as your website, email signature, business cards, inbound
voicemail message, and Yellow Pages’ ad.
You may want to host seminars and lunch-and-learn sessions at your client’s
business site, distribute security technology updates via your newsletter, or
develop giveaways with password tips printed on them (along with your contact
information) to showcase your abilities.
You may wish to include logos of vendor partners for which you hold
certifications, enhancing your credibility in the marketplace.
Ingram Micro offers marketing services and resources, including vendor funding
for marketing activities. Find more information in the Ingram Micro Services
section.
Value to You
 Security is an IT project with funding from other departments
 Interest in security solutions continues to grow, you can be ready to meet your
clients’ changing business needs
 Knowledge of this market helps you and your clients stay ahead of
competitors
 Access to new clients
 Diversity that helps to grow your practice
 Protection for your client’s business and your relationship with them
 Ingram Micro can assist with technical configuration details and support to
speed engagement acceptance and implementation
Begin with the Security Policy
A policy is a document that summarizes requirements that must be met and
prioritizes expectations for specific areas of the company. It details what’s
authorized, what’s unauthorized, when policies apply, and who is responsible for
maintaining and enforcing the policies.
Page 28
Without a policy, a company doesn’t know what to do or when to do what. The
good news is that you can sell your products and services to implement the
policy.
Classic policy details scope, reasons, definitions, domains, roles and
responsibilities, management, documentation, implementation, measurement, and
updates and changes.
A quick Web search of “sample security policies” turns up a number of for free
and for fee examples.
 SANS offers sample security policies developed by a group of experienced
professionals; a good starting point16
 A relatively expensive but widely regarded book, Information Security
Policies Made Easy includes electronic templates and fully-developed
examples17
 ISO/IEC standards are available for a nominal fee, NIST standards also
widely used and available
Deciding what to protect starts with a security policy. Most small and mid-size
businesses don’t have a security policy and really need your help. If they do have
a policy, the odds are well in your favor that it hasn’t been reviewed for several
years and, so, is woefully out of date.
As a solution provider, you’ll educate your client on the hardware, software, and
support required to deliver a security solution. You can add value by helping them
identify potential threats, document the existing network architecture, determine
the future needs of their company, and lay out a plan to integrate the security
technology needed to combat these threats.
You may also provide implementation support, end-user training, or consulting
services to help assess the current environment and develop the right levels of
protection as well as the necessary security protocols.
Start Discussion at the Top
Bringing security solutions into your client’s organization means they’ll be
embracing new operating methods. Implementing new strategies requires a
discussion with the strategic thinkers in the company, not the tactical
implementers.
16
17
http://www.sans.org/security-resources/policies/
www.informationshield.com
Security Solutions
Page 29
Strategic changes are always driven by a line-of-business manager. These
executives understand that bringing on new technology will make their business
more competitive and more profitable; they don’t mind training people or
changing processes and procedures to make more money.
So we recommend that you make your sales calls at the top level of the
organization. Start with the people responsible for finance and corporate
operations––the vice president of finance and the vice president of legal. You’ll
be discussing issues that will be solved by implementing security solutions.
The IT department is the wrong place to begin discussions about security
solutions. It’s important to remember that all or part of the budget for security
solutions will come from a line of business or the operating budget, not from the
IT department.
Although IT will most likely be involved in security solution evaluation,
deployment, and maintenance, you’ll be able to develop and implement a more
successful solution by involving the line-of-business managers. For many clients
this level of collaboration between IT and the business will be a new experience
with rewarding results.
Overcoming Potential Concerns
There are some potential concerns from clients who are buying security solutions
for the first time. Make sure that you discuss them, because if you don’t bring
them up, someone in their organization will. A pre-emptive strike will save you
time and sales headaches. Below are concerns you should be sure to address.
Security and system performance––the impact to performance must be
balanced against the potential threats to the business. Each generation of malware
is becoming more sophisticated, more difficult to detect, and—once it takes root
in the system—even harder to remove. Work with your client to determine the
right balance between potential impacts to system performance and the resulting
loss of employee productivity, risk to sensitive data, and financial impact to stolen
or vandalized equipment and systems.
Integration with existing technology––a growing concern for small- and
medium-size business owners as security threats become more sophisticated and
the technologies to combat them become more complicated. This is a sales
opportunity for you. Show your clients how you can support them through this
process by educating them on the services you are offering as a part of your
Security Solutions practice.
Page 30
Equipment life––common client myths about the life span of security devices
and equipment require a dose of reality. The truth is most security devices have
regular software or firmware updates to keep guard against the latest threats.
Customer receptivity––look for examples of security solutions serving the same
market. Ask clients about their experience with security and security breaches.
Most companies experience multiple security threats and several security
breaches each year. Share some of your stories and ask your clients about their
experiences.
Operating costs––help them understand the ongoing costs of power, setup and
management, testing, and equipment depreciation. Compare these with the costs
of a security breach. Remember to take into account the value of customer
relationships, their business reputation, and business results. A security breach
can mean more than lost orders; it can also lead to lost customers.
“I don’t need it, my existing security solutions are fine”––very few clients are
completely satisfied with their security solutions, and the threats to security are
constantly changing. Technologies are continuously being developed to address
these new dangers. Look for places where there is an obvious opportunity. For
ideas, look at the next section about target client profiles on page 33.
Selling Security
When approaching your clients about a security solution, mention these critical
points:

The process of creating a security solution will help uncover inefficiencies
and reduce or, in many cases, eliminate them.

The security solution will be implemented as transparently as possible with
minimal business interruption. A security breach is much more disruptive.

The security solution will work to enhance business growth.
Follow these steps to find new clients for your security solutions:
1.
Select a progressive or innovative client who you think could benefit from
security solutions and review their business for opportunities, in particular
look for clients who have suffered a recent security breach
2.
Go to lunch with the CEO, marketing or sales VP, and discuss protecting
their business with improved security
3.
Compile news articles that talk about the latest security breaches and the
impacts to the targeted business, give examples in your client’s industry
Security Solutions
Page 31
4.
Discuss business processes that could be improved with security solutions
(e.g., access management, compliance, protecting critical data, etc.)
5.
Sell security solutions through a discussion of data and asset protection,
not from a hardware and software implementation viewpoint
6.
Create a relevant ROI measurement plan
7.
Help them “find” the funds by engaging support from the auditing and
legal departments
8.
Calculate the cost of delaying the installation
9.
Ask for their commitment
Policy Review
Remember to review your client’s network security policy. If they don’t have one,
then that’s where you begin the consultation because that’s where most
companies are at risk with their network.
After you understand their security policy and have made appropriate
recommendations to bring it current, then approach the departments in the
organization, including IT, to discuss network implementation, security
enforcement, and network enhancements.

Policy: Examine the security policies, if they have them. If the policies are
current, you can audit their policies as part of the assessment to make sure that
they are complying with management mandates. What legislation do they
need to comply with?

Incident Response Planning: What is the procedure when something goes
wrong? Who responds?

Enforcement: How are policies measured? Who enforces them?
Security Policy Assessment Questions
Physical Security Review: How is the computing infrastructure secured? How
about individual computers? How about mobile devices?
Current Anti-Malware Protection: Are they up-to-date on malware detection
and removal tools?
Page 32
Intranet Vulnerability Assessment: What are the issues with internal access to
the network?
Internet Vulnerability Assessment and Penetration Testing: What are the
weak points in their Web connection? How many IP addresses and hosts can be
reached?
Firewall/UTM Reviews: What firewalls are being used? Are they up to date?
Are they the right level of protection?
WLAN Security: Look at the security settings and radio footprint, are they
confining access to validated users in the authorized area?
Virtual Private Network Assessments: How are remote users accessing
corporate data via the Web? How are they implementing VPN? How are
executives accessing corporate data from home? Is that network secure?
Dial-In Security Testing: What happens if a remote user connects into the
network?
Security Awareness Training: How are users trained on network security
policy?
Social Engineering Awareness: What are the likely threats to the organization
(such as phishing, and other ID theft scams)?18
Compliance Auditing Tools: What are their compliance requirements? Are they
current and up-to-date? What programs are in place? Have there been any
violations?
Patch Management: Are they: maintaining current knowledge of available
patches, deciding what patches are appropriate for particular systems, ensuring
that patches are installed properly, testing systems after installation, documenting
all associated procedures (such as specific configurations required)?
18 Social engineering involves tricking a person into a behavior, like loading a malicious
program. For example, an employee finds a disk labeled “Executive Salaries” in the parking lot.
Curious, they put it in their machine, open the files, and inadvertently infect their computer and
any unsecured machine on the network.
Security Solutions
Page 33
Target Client Profile
Your ideal prospect for a security solution is an organization that needs to protect
data and assets that are accessible via the network. Also look to companies that
need to protect physical assets and people through video surveillance. Companies
are under attack from all sides, from the cyber world of the Internet and email, to
the physical world of homes and offices.
While most companies of more than 1,000 employees have at least basic security
policies in place, most small- to mid-size companies have only made a cursory
attempt at security. Executives and owners think, “We’re too small. No one will
bother us. Besides, we can’t afford more security.”
That may have been true in the past. Not today and not in the future. Here is a list
of things you can offer your client.
Data and Asset Protection

Ensures regulatory compliance and protects against liability

Manages customer records and financial information in a secure environment

Safeguards intellectual property
Sales Productivity and Operating Costs

Makes sure that information critical to revenue generation is available and
secure

Makes secure access to product information, pricing, and process and
procedure documentation required to make sales easier
Although security is not limited to a particular vertical market, it has been most
successful where the potential consequences of a data breach have a large
financial impact or could create a liability issue. Here are additional applications
where security has definite value for your client:
Communications—ISPs

Mitigates attacks by botnets

Prevents DDoS (directed denial of service) attacks
Page 34

Protects customer information
Education

Complies with government-legislated regulations

Provides secure access to student information online

Monitors locations susceptible to theft and vandalism over large physical
areas

Routes IP video surveillance to authorities responding to emergencies
Finance and Banking


Protects against theft and fraud (In 2005, credit card processor Cardsystems,
Inc., was sued for the potential compromise of 40 million credit card
numbers.)

Protects against business downtime
Government

Protects human life

Analyzes security threats real-time

Maintains security under challenging or dangerous environmental or security
conditions

Monitors physical security concerns at multiple sites
Healthcare


Safeguards patient privacy

Provides secure access to medical records online

Allows IP video surveillance security of patients, offices, and grounds
Security Solutions
Page 35
Insurance


Manages operating costs that affect increases in premiums

Provides secure remote access to records
Manufacturing

Makes access to production information quick and reliable

Protects production information from unauthorized access
Retail

Ensures a safe and secure environment for employees and customers

IP video surveillance curtails losses from theft, fraud, and error

Allows for investigation of merchandise “shrink”

Improves customer service
Transportation

Protects logistics information from unauthorized access

Curtails losses from theft, fraud, and error

IP video surveillance monitors physical security concerns at multiple sites
Value to Your Client
The courts have almost always made businesses responsible for the security of
their customers and associated data, and legislators have passed many mandates
for corporate responsibility. For example, the Sarbanes-Oxley Act defines records
retention and corporate governance, the Gramm-Leach-Bliley Act and the Data
Protection Act in the United Kingdom demand control of personal information,
and HITECH spells out behaviors for healthcare providers and others.
When your customers make security part of their business processes, it’s easy to
illustrate that they’re taking reasonable care in the event of a lawsuit, minimizing
Page 36
exposure. Where threat, vulnerability, and financial impact matter, they are liable
for risk management and mitigation.
In this day and age, security always makes sense. But it becomes critical in these
situations:

Protecting confidential data

Complying with regulatory legislation

Ensuring continuous business operations

Preventing theft of business assets, including intellectual property

Protecting the physical security of customers with technologies such as video
surveillance
Security Solutions
Page 37
Up-sell and Cross-sell Opportunities
Look at these areas of hardware, software, services, and infrastructure
management solutions that you can offer your clients:
Hardware
 10/100/1000 Network Interface Cards (NICs)
 Audio devices
 Cabling or wireless LAN access points
 Firewalls
 Hubs
 Monitors/LCD panels
 Power and audio signal cabling
 Proxy servers
 Security locks
 Storage devices
 Switches and routers
 Wireless gateways
Software
 Anti-spyware, anti-spam, and anti-virus
 Content filtering
 Customization and implementation
 Evaluation and selection
 Remote monitoring
 Sponsorship billing
 Threat detection and early warning
Page 38
Services
 Content filtering/Web monitoring
 Data backup and storage
 Email security
 Gap analysis and testing
 Identity management
 Network monitoring and response
 Policy compliance management
 Remote equipment monitoring
 Remote firewall management
 Security policy development, documentation, and implementation
Security Infrastructure Management
 Audit and compliance reporting
 Hardware and software inventory detection
 Patch management
 Remote management
 SLA assurance
 Trouble ticketing
 VPN-client software
 Vulnerability assessment and remediation
Adjacent Technologies Help You Complete the Solution
Mobile Computing
One technology related to security is mobile computing. A handheld wireless
solution gives users the ability to remotely monitor video feeds and instantly
redirect camera images to law enforcement.
Security Solutions
Page 39
Storage
With the rise of government standards and the ever-increasing need for data
management, storage technology is growing. Add IPVS and the demand for
storage can skyrocket. Today’s small and midsize networked businesses must find
a way to add and streamline storage capabilities.
AIDC/POS Technology
Your customers will want to incorporate security observation into their retail
systems. Automatic Identification and Data Capture (AIDC) enables users to
collect data via automated means such as radio frequency identification (RFID),
barcode scanning, biometrics, smart cards, optical character recognition (OCR),
or magnetic stripes and subsequently store that data in a computer. A
complementary technology, Point of Sale (POS), uses PC-based terminals,
barcode scanners, receipt printers, credit/debit terminals and more to give retailers
comprehensive views of their business operations––enabling them to increase
efficiency and profitability, while making knowledgeable business decisions.
Page 40
Security Solutions
Page 41
Executive Questions
The questions that follow will help you to have conversations with CEOs, line-ofbusiness managers, CFOs, and IT business leaders that help uncover the answers
you need to discover your client’s most compelling business reasons for
implementing a security solution.
Begin your discussions with a review of their security policy. If they don’t have
one, then that’s where you begin the consultation engagement. After you
understand their security policy and have made appropriate recommendations to
bring it current (as necessary) then approach the departments in the organization,
including IT, to discuss implementation, enforcement, and enhancements.
Use these strategies when you approach your customers to make sure that you
offer a complete security solution.
 Sell from the top down and the bottom up
 Start by examining their corporate security policy
 Address physical security issues (including IPVS)
 Address network security issues
 Address legislative compliance issues
 Address identity theft issues
 Address on-going security assessment and product security updates
When asking questions, it’s a good idea to record your client’s answers word for
word. You’ll want to use their vernacular and industry language when
constructing your report and action plan.
Your questions will depend on your audience. These are great questions to ask if
you only have five minutes with key people.
CEO, Sales VP, Marketing VP
 What concerns do you have about the security of your operation, including
your data, systems, and people?
 What are the threats to your organization? (Identify what your customer
perceives as being potential issues)
Page 42
 What would happen if there was a security breach? What would it take to get
back to normal? What would that mean to your business competitiveness?
 If an incident, such as a theft, were to strike your operation right now, how
long would it take to get back into business? (Identify the business impact of a
security breach)
 Are you familiar with the benefits of protecting your intellectual property?
Did you know that 70 percent of companies that suffer a serious data loss or
security breach go out of business?
 Are you required to comply with government or industry regulations for
security? What are they? (Identify business-driving compliance mandates)
Will you personally be on the hook for during a breach?
 When was it last tested? When was it last reviewed? Who is responsible for
enforcement? (Identify the details of your customer security policy, including
current security processes, procedures, and products)
 In planning or considering new security technology, how will you measure
your success?
CFO
 What would be the impact of a security breach on your operation? What are
the risks and the costs of these threats? (Identify the financial and business
impact of the risks)
 How are you personally liable? (The personal impact of a security breach is a
powerful motivator)
 What should you do to manage the risk of a security breach?
 What security mandates are you responsible to enforce? How are you doing
that right now?
 What is the financial impact of downtime on data systems?
 Many of our clients have learned that ROI is more difficult to calculate with
this kind of project because of the many ways that security impacts business.
What kind of ROI are you expecting from this project?
 How are you planning to measure your ROI?
 In planning or considering new security solutions, how will you measure your
success, especially in terms of cost?
Security Solutions
Page 43
IT, CIO
 What kinds of computer platforms are you using now?
 What operating systems do you have to support?
 What applications are you supporting?
 What are the interdependencies?
 What does that do to your system security? How would you like this to
change?
 How do you effectively manage the growth of your IT infrastructure?
 How do you accurately plan, forecast, and budget your capacity?
 How many locations do you have? Where are they?
 What are your strategies for data protection?
 How much downtime is security related?
 What is your security policy? How do you enforce it?
 What departments have talked with you about security?
 What resources will you need in order to feel comfortable implementing a
new security solution?
 What are your concerns about your security solution? What do you need to
feel comfortable before bringing a security solution to your site?
Detailed Questions
These questions will elicit the information you need to prepare your Report of
Findings and your Proposal. With answers to 80 percent of these questions, you
will have a solid knowledge base upon which to build your solution.
What are your concerns about protecting your company’s assets and
reputation?
This question identifies key benefits that work well with security and help
your client win support for the plan within his or her organization.
What frustrates you about your current security policies and processes?
This question explores new opportunities for complementing their existing
business processes.
Page 44
What behavior do you want to have happen?
Security solutions can compel behaviors that protect your client’s business
assets and reputation, ensure productivity, and lower operating costs. Find
out what those behaviors could be.
What should they be aware of?
Your client may be able to use security solutions as a competitive
advantage. For instance, financial institutions, healthcare and insurance
companies, and government organizations are all subject to regulation.
Security solutions may help meet these requirements. Help your client
understand how this would benefit their business.
What would happen to customer satisfaction if you suffered a security
breach that compromised confidential data or prevented you from meeting
your contractual obligations?
This question helps to identify key business drivers for implementing
security solutions while creating a sense of urgency in your client.
How would you measure the effectiveness of this project?
This uncovers what they want to have happen to their business. You can
then present the most compelling aspects of your Security Solutions
practice to motivate them to make a commitment.
What would it be worth to manage the risk of a security breach?
This helps present the business case to motivate them to move fast.
Security Solutions
Page 45
Creating a Business Case
for Security Solutions
These are the areas that contribute to business productivity, generate profitability,
and improve competitiveness. Consider these factors as you create your business
case and develop return on investment (ROI) scenarios that are relevant to your
client.
Calculating Solution Costs
Consider the following, some of the primary costs of the solution:
Hardware
Refer to the list on page 37
Software
Services
Security Infrastructure Management
Labor
 Evaluation of solution options
 Migration costs
 System design, installation, and testing
 System management and maintenance
 User training, including wages and overhead
 Vendor research
Page 46
Calculating ROI Benefits
The benefits of a security system are quickly realized when your client
understands the value of their security processes and technology. Look at both the
direct and indirect costs, as well as the value of the solution in terms of
relationships, reputation, and results when calculating the return on this
investment.
Direct Costs
Direct costs are what your client pays to undo the damage of a security breach.
Depending on the severity of the incident, it can range from a few dollars to
closing down the company. Potential costs include:
 Losing intellectual assets such as custom software
 Re-creating lost, corrupted, or deleted data
 Replacing lost physical assets such as equipment, supplies, and even the
physical plant
 Cleaning up and repairing the damage—emergency repairs often cost more
 Notifying customers of a breach of confidential information19
 Paying for public relations to reposition the event in your client’s favor
 Educating employees, customers, and vendors about the breach and how to
prevent a recurrence
 Communicating with shareholders, explaining what happened and what your
client is doing about the breach
 Defending against legal actions—what is the legal exposure because your
client cannot fulfill contractual or mandated obligations
19
Concerned with ID theft, California’s Database Security Breach Notification Act (SB1386)
requires that customers be notified if a company believes a computer system’s breach has
compromised the personal information of any California customer.
Security Solutions
Page 47
Indirect Costs
Indirect costs are the expenses that your client will incur in the form of lost
business—the revenue and profits that would have been earned if the breach
hadn’t happened.
 Lost present business. How much will your client lose, per hour, if the
company’s security is breached? Look at internal and external
interdependencies between your client’s business processes and those of their
customers and vendors.
 Lost future business. What does it cost when your client can’t respond to a
customer or prospect request? Customers may require your client to
implement new levels of security or demand new service level agreements
before they will continue to do business with your client.
 Lost competitive edge. What happens to your client’s market position if the
facilities suffer a security breach?
 Loss from negative public relations. A negative story about your client
becomes positive marketing for the competition.
 Shareholder lost confidence. What happens to the value of stock when
shareholders lose confidence?
 Lost employee productivity during restoration.
The Value of Security
The sustained growth and popularity of the security market is fueled by several
business drivers and ROI factors, including the desire to:
 Protect critical assets required to operate and profit
 Reduce business interruptions caused by security breaches
 Comply with corporate and legislated security mandates
 Reduce legal exposure from unsecured premises and computer systems
 Recover rapidly from a security incident or a disaster (maintain a competitive
edge through resiliency—especially when the same threat or disaster strikes both
your client and their competitors)
 Attract future investors/partners/customers by providing an investment that
has a sound security strategy and policy
Page 48
 Increase staff efficiencies because employees don’t deal individually with
security issues like spam and viruses
 Increase operational efficiency created by the security system due to upgraded
technology
 Eliminate the cost of security breaches from unpatched software
 Increased incremental sales and stockholder value based on your client’s
improved security and stability
Running the Numbers
It’s difficult to create return on investment (ROI)20 numbers that satisfy everyone.
In some cases, your client may just want to avoid another attack; forget measuring
ROI, just help them avoid a future occurrence. If a business partner (or a client
customer, for that matter) demands a higher level of security, your client may
have to mark up your services to cover the costs.
One way to establish the value of a security solution is to calculate the system’s
reduction in loss by taking the difference of the average annual loss expectancy
with and without mitigation.
Loss reduction = Loss without mitigation – Loss with mitigation The amount of loss reduction is the most your client should spend on mitigation.
Frankly, some losses aren’t worth insuring against.
The value of the security solution is the difference between the cost to mitigate
and the loss reduction provided by mitigation.
Value of mitigation = Cost of mitigation – Loss reduction Repeat the calculation for each component of your client’s security system to
determine the overall ROI.
The challenge to these calculations is assessing the probability and cost of a
threat, as well as the reduction of risk your client will gain by implementing a
specific security solution.
Historical data can suggest the likelihood of a specific threat. Losses can be
estimated by the costs to repair the damage, the costs of idle employees, and
estimated business loss.
20
Sometimes called Return on Security Investments (ROSI).
Security Solutions
Page 49
How to Generate a Winning Proposal
Most solution providers use a proposal as a sales tool; they evaluate the situation
and create a written document recommending what the client should do next.
Then they send the proposal to the client, hoping and praying that the client won’t
pick it apart and will say, “Yes.”
Of course, it’s a rare client who agrees to a proposal without changes. Many
proposals are rejected because of this method.
Don’t call your document a proposal. Refer to it as a “Report of Findings and
Action Plan.” This creates much more value and positions it as more than a
proposal to get the customer’s business. You’ll see a sample in the next chapter.
For this reason we recommend that you never create a report until you know that
a client is ready to buy from you, that they understand the value of the solution,
and feel confident that you can do the job.
How to Properly Use a Report of Findings
Use this document to confirm the details that you’ve already agreed to during
your discovery meeting with the client. It puts all of the details into one document
so that your client can say, “Yes,” and you can proceed with the project.
Your winning proposal for a security solution outlines these elements:
 A brief recap of the business situation
 The business objectives of your client and the associated deadlines
 How you will measure the value of meeting these objectives
 The expected value to the business when these objectives are met, including
the hard value (money in the bank) and soft value (people are happier)
 Outline the methodology and offer other options
 Show the timeline required to reach the objectives by their deadline
 Describe your role and their role in the project, including any impact that
slippages will have on the project outcome
 Include your terms and conditions
 Have a place for them to sign to begin the project
Page 50
Security Solutions
Page 51
Report of Findings and
Action Plan Template
Use this template to get started writing your action plan. As you know, you’ll
match your client’s motivation and gain agreement when you use their reasons to
move forward with the project. This sample template has minimal “boilerplate”
content, because you don’t want it to get sent to the legal department. This form
leaves room for you to use your best judgment and the information that you
gathered from your interviews.
Services
This is what you plan to do and the justification based on your client’s answers to
your questions. The proposed project methodology consists of eight separate
phases, as described below.
Phase 1—Pre-planning Activities (Project Initiation)
Use this phase to obtain an understanding of the existing and projected security
solutions. This enables the project team to refine the scope of the project and the
associated programs, develop project schedules, and identify and address any
issues that could have an impact on the delivery and the success of the project.
Two key deliverables of this phase are the development of a policy to support the
programs and an awareness program to educate management and senior
individuals who will participate in the project.
Phase 2—General Definition of Requirements
Identify what business outcome is desired and the options to achieve that
outcome.
This phase will include the key tasks outlined in the Security Project Planning
Checklist found on page 63.
Phase 3—Business Impact Assessment (BIA)
Identify how the security solution will augment business processes, including
sales. This can be done with trial installations or by examining industry case
studies. Use the information gathered in the Security Opportunity Profile on page
57.
Page 52
Phase 4—Detailed Definition of Requirements
During this phase, a profile of security requirements is developed. This profile is
to be used as a basis for analyzing alternative strategies. The profile is developed
by identifying resources required to support critical functions identified in the
previous phase. This profile should include hardware, software (vendor supplied,
in-house developed, etc.), documentation (server, user, procedures), outside
support (networks, content creation services, etc.), facilities, and personnel.
Another key deliverable of this phase is the definition of the plan scope,
objectives, and assumptions.
Phase 5—Plan Development
During this phase, security plan components are defined and documented. This
phase also includes the implementation of changes to user procedures and
upgrading existing security procedures required to support the plan.
Phase 6—Testing/Exercising Program
The plan testing/exercising program is developed during this phase.
Testing/exercising goals are established and alternative testing strategies are
evaluated. Select testing strategies tailored to the environment and establish an
ongoing testing and monitoring program.
Phase 7—Maintenance Program
Maintenance is critical to the success of a security solution. The plans must reflect
the environments that are supported by the plans. It is critical to revise existing
change management processes to take into account the maintenance of security
solutions. In areas where change management does not exist, recommend and
implement change management procedures.
Phase 8—Initial Plan Testing and Implementation
Once plans are developed, conduct initial tests of the plans and make any
necessary modifications to the plans based on an analysis of the test results. Use
the information from the Security Installation Checklist on page 69 to help.
Security Solutions
Page 53
Predicted Outcomes
Here’s where you discuss the predicted outcomes that have come from the
Executive Questions on page 41. This section should match the client’s criteria
words that you’ve noted.
Software Specs
Add the software specifications from your data sheets.
Hardware Specs
Add the hardware specifications from your data sheets.
Page 54
Security Solutions
Page 55
Glossary
10-Gb Ethernet is the newest and fastest version of Ethernet; 10 Gb is the best
choice for supporting high-bandwidth applications (remember, 10 Gb devices will
not perform at maximum speed without the appropriate network infrastructure).
This may be an ideal network backbone for new IPVS installations.
802.11 Wireless Standards––new versions of this standard with more security
features are continually being released. When evaluating the need to add secure
mobility to a network, it may also be time to consider wireless as a solution.
Business continuity (BC), sometimes called disaster recovery (DR) or business
process contingency (BPC), describes how to deal with disasters or breaches that
make normal operations impossible.
DDoS and DoS—Compromised computers called botnets are used to launch a
directed denial of service (DDoS) attack on a Web site or email server. A botnet
bombards the target site with Web page requests or spam, overloading the server,
making it unavailable for legitimate users, called denial of service. Think of
DDoS as creating a computer busy signal.
Failover is a backup operational mode in which the functions of a system
component are assumed by secondary system components when the primary
component becomes unavailable through either failure or scheduled down time.
GLB is the Gramm-Leach-Bliley Act (GLB Act), also known as the Financial
Modernization Act of 1999, a federal law enacted in the United States to control
the ways that financial institutions deal with the private information of
individuals.
HIPAA is the United States Health Insurance Portability and Accountability Act
of 1996. Health Information Technology for Economic and Clinical Health
(HITECH) extends the complete Privacy and Security Provisions of HIPAA to
business associates of covered entities.
ISO 27002 standard is the rename of the ISO 17799 standard and is a code of
practice for information security. It basically outlines hundreds of potential
controls and control mechanisms, which may be implemented, in theory, subject
to the guidance provided within ISO 27001.
Maximum Tolerable Downtime (MTD) is how long a business function can be
unavailable before the organization will be out of business.
Payment Card Industry Data Security Standard (PCI DSS) is a set of
guidelines developed by the credit card industry to help those processing credit
Page 56
card payments and storing or transmitting data to minimize the threats of fraud
and other security vulnerabilities. Compliance is mandatory, but companies
processing fewer than approximately 80,000 transactions per year are allowed to
complete a self-assessment.
Recovery point objective (RPO) measures the time between the latest backup
and a potential disaster.
SLA is service-level agreement (SLA). It is a contract between a network service
provider and a customer that specifies, usually in measurable terms, what services
the network service provider will furnish. Oftentimes, failure to meet agreed-upon
SLAs results in a monetary penalty assessed against the provider.
SOX is the Sarbanes-Oxley Act of 2002. Often shortened to SOX, it is legislation
enacted in response to the high-profile Enron and WorldCom financial scandals to
protect shareholders and the general public from accounting errors and fraudulent
practices in the enterprise.
Security Solutions
Page 57
Security Opportunity Profile
Account Profile
Company name and location
New account (how did you find
them) or existing account (what
have you sold them?)
What is their mission?
Is the department growing?
How much? Why?
How many employees?
How many customers?
What is the opportunity size?
What is the lifetime value of
this client?
How easy (1-10) will it be to
get this business?
What other channel partners are
involved?
Key Player Profile
(Name, phone, role, affinity)
CEO
COO
VP Sales
Page 58
VP Marketing
IT Director
Legal
Procurement
Security Director
Others:
Authority Profile
What is their buying process?
Who is responsible for security
policy?
Who is responsible for making
the commitment?
enforcement?
Who is responsible for disaster
recovery?
Who signed for the last
purchase like this? Are they
available?
Have they purchased security
solutions before? Affinity?
Who needs an ROI analysis?
What criteria?
Who needs a risk analysis?
What criteria?
Technical Profile
What hardware?
What content platform?
Security Solutions
Page 59
What enterprise applications are
they using? Mobile enabled?
What databases are in use?
What network-based
applications?
What other applications?
Telephone systems?
Security plan now?
Backup location now?
Disaster recovery plans?
When was the plan last tested?
Do they use consultants? Who?
Needs Analysis
What business need is being
addressed?
How does this project support
mandated departmental
objectives?
What are the threats to the
organization?
What are the opportunities?
What are they using now?
What do they like best?
What do they like least?
What would they like to
change?
What’s the current solution cost
structure?
Page 60
What products would be used to
solve the business problem?
How many locations are
anticipated? Specifically,
where?
What physical locations need to
be secured with video?
Specify:
Video storage and access
requirements?
Budget Profile
Where is the budget coming
from?
What other departments can
fund this?
What would it be worth to
move forward?
What would it cost if nothing
happened?
What is the cost of downtime?
What would be the cost of a
data breach? Is this budgeted?
Commitment Profile
Who is most against this
project?
Who most benefits from this
project?
What similar projects are others
doing?
What staff is in place or what
staff will be hired for this
project?
What project must finish before
this one starts?
Security Solutions
Page 61
What deadlines have they
committed to that require this
project to first be completed?
What are their internal
deadlines? When is their dropdead decision date?
When do they want to go live?
What training will be required?
How long?
What is the recovery test
schedule?
Action Plan
What is your strategic plan?
What resources do you need?
What Ingram Micro resources
do you need?
What vendor resources do you
need?
What are the barriers to getting
this business?
Who are the competitors? How
can you neutralize them?
What are the elements required
to get this business?
Page 62
Security Solutions
Page 63
Security Project Planning Checklist
Company name and
location(s)
Who is responsible for the
business outcome?
Create metrics for measuring
desired outcome
Pilot project or full rollout?
Scope? IT only? Network?
Telecom? Physical locations?
List to copy on all
management level project
memos
Execute system design
contract or letter of intent
policy approval?
Compliance mandates
Business rules
Metrics
Approval process
enforcement?
Page 64
Identify design specs:
RPO
RTO
MDT
TTO
Identify property insurance
liaison and discuss project
Identify security liaison and
discuss project
Security issues
Emergency access
Non-emergency access
Identify legal/compliance
liaison and discuss project
Compliance issues
SLA
Identify IT liaison and discuss
project
SLA
Hardware
Security Solutions
Page 65
Middleware
Applications
Infrastructure
Network (wired and wireless)
Telecom
Power
Environmental factors
Personnel factors (e.g.,
monitoring employees)
Who onsite will facilitate
installation?
Who will facilitate training?
Who will facilitate testing?
Perform site survey at each
location to identify risk and
recovery issues and mitigation
plans
SLA
Hardware (including video
cameras)
Page 66
Middleware
Applications
Power
Telecom provider
Personnel factors
Identify recovery infrastructure
requirements
Hardware
Applications images
Database images
Telecom
Power
Personnel factors
Identify solution specs
cameras and mounting
methods)
Applications images
Database images
Telecom
Security Solutions
Page 67
Power
Choose vendors
cameras)
Middleware
Applications
Power
Telecom
Identify any changes in
property insurance to cover
equipment
Identify potential reductions in
property insurance premiums
because of recovery plans
Discuss maintenance
agreements and equipment
insurance contracts
Create installation plan
schedule and test schedule
Page 68
Execute contract for project
Security Solutions
Page 69
Security
Installation Checklist
Company name and
location(s)
Order system components
Expected delivery dates
Order back-up network and
telecom services
Contracts through legal
department
Who onsite will facilitate test
and maintenance?
Create test and maintenance
schedule
Prepare for installation
Page 70
Inspect hardware and
software on arrival
Install and test software
Mount “call for service”
labels
Install system onsite
Hardware
Applications images
Database images
Telecom
Power
Environmental mitigation
Train users
Hardware
Applications
Content
Security
Help desk
Responsible party sign-off on
installation
Security Solutions
Page 71
Train contacts responsible for
maintenance
Conduct test
Measure outcomes
Review and vigilance
On-going training
Updates for new threats
Review outcomes with
management
Identify unexpected outcomes
Page 72
Performance
Costs
Benefits
Create upgrade schedule
Create plan for additional
locations
Gather testimonial letter
specifying outcomes
Security Solutions
Page 73
Your Action Plan
Now that you have a good understanding of what it takes to create a security
practice, you need to put it into play. Here’s a simple step-by-step plan for the
next 90 days.
30-day Plan
Choose a Target Prospect
Choose a prospect who you know could benefit from a security solution. Trust
your abilities, and we’ll work with you as you grow your practice in exchange for
your personalized attention to details.
Sign a bilateral non-disclosure agreement (NDA) because you’re going to be
discussing marketing and sales plans as part of your research. A benefit of this
agreement is that your proposal will fall under the NDA, protecting your
intellectual property and guarding the project from being reviewed by your
competitors.
Explore How You Can Help Them
So, how can you help them? Do they need to protect confidential data? Comply
with regulatory legislation? Ensure continuous business operations? Prevent theft
of business assets, including intellectual property? Use the Security Opportunity
Profile on page 57 to help.
Ask the qualifying questions on page 41 to help you understand their business
issues and know how you can help them with a security solution.
Engage Ingram Micro Resources to Help Design Your Client Solution
Call Ingram Micro technical resources to help you configure the hardware and
software necessary to create your client solution.
Page 74
60-day Plan
Choose Vendor Partners
With Ingram Micro’s help, identify solutions that match your client’s business
needs. Get to know these vendor partners because they will help you build your
security business.
Create and Implement Your Initial Solution
With the help of Ingram Micro’s technical resources, configure and install your
initial solution.
Get Feedback from Your Client on Effectiveness
Monitor your client’s success concerning the effectiveness of the security
solution, helping them to tune their business processes to take advantage of their
new technology.
Write a Case Study for Internal and External Marketing
Write a simple case study consisting of three sections: a business problem,
technical solution, and business outcome. Include a photograph of your client’s
business along with the case study. This is the most powerful marketing material
you can use to grow your Security practice.
Document the Sales Process You Used
Identify the steps that you went through to close this sale so that you can repeat
this process with other clients and teach it to your sales staff.
Identify Other Clients in Your Practice with Similar Needs
Make a list of other clients with characteristics that indicate they need security
solutions. Contact them and offer your case study to illustrate your ability to
deliver this type of solution.
Security Solutions
Page 75
90-day Plan
Consider Getting Vendor-Specific Certifications
Talk with your Ingram Micro rep about getting vendor-specific certifications that
will grant you access to more margin, more prospects, and more opportunity.
Teach Your People Your Successful Sales Process
Conduct classes with your sales people using this material, your own sales
process, and your own case study.
Officially Announce Your Security Practice to Your Clients
Launch the expansion of your Security practice with a marketing campaign using
your case study.
Page 76
Security Solutions
Page 77
Action Ideas that Will Make Me Money
Use this page to jot down ideas as you read through this document. These are the
ideas that will allow you to rapidly implement a profitable security practice.
____________________________________________________________________
____________________________________________________________________
____________________________________________________________________
____________________________________________________________________
____________________________________________________________________
____________________________________________________________________
____________________________________________________________________
____________________________________________________________________
____________________________________________________________________
____________________________________________________________________
Page 78
____________________________________________________________________
____________________________________________________________________
____________________________________________________________________
____________________________________________________________________
____________________________________________________________________
____________________________________________________________________
____________________________________________________________________
____________________________________________________________________
____________________________________________________________________
____________________________________________________________________
____________________________________________________________________
____________________________________________________________________
Security Solutions
Page 79
Ingram Micro Services
Ingram Micro Solution Centers
These state-of-the-art facilities are designed to address all your training and
customer demonstration needs. Use these facilities as an extension of your
business; you can increase your productivity and profitability by offering
trainings, seminars, proof-of-concepts, and demonstrations to help your customers
make confident investments in technology. Visit
www.ingrammicro.com/solutioncenter for details.
Agency Express
Develop fast, affordable, and customized marketing campaigns to increase your
sales. Agency Express offers access to customizable template mailers, mailing
services including postage, printing and delivery, as well as a database-ordering
service to increase the effectiveness of your targeted campaign. Marketing funds
are available to qualifying solution providers. Visit
www.ingrammicro.com/agencyexpress for details.
Technology Solutions Engineer
Win incremental sales, gain a competitive advantage, and become a strategic
partner to your customers by extending Ingram Micro’s world-class technical
support into the field.
Our technology solution engineers (TSEs) accompany you to customer sites to
provide pre-sale consultative services and education. TSEs are also available to
help you train your sales staff and conduct client seminars. To request assistance,
call your Ingram Micro sales representative.
CAP—Customer Advantage Program
CAP is a goal-oriented partner program. Through CAP, Ingram Micro Solution
Providers can request funding from manufacturer partners for training, events,
advertising, promotions, etc. Customer-facing marketing activities are supported
by our manufacturer partners through the On Demand Events (ODE). These
events are centered around relationship building including open houses, grand
openings, monthly customer networking events, and customer appreciation
events.
Page 80
Partner Connections Summit
Ingram Micro Partner Connection Summits are three-day VAR conferences
featuring high-profile keynote sessions and industry-leading educational content
on business strategies and opportunities within the SMB market across key
technology categories. The Partner Connection Summit provides you the
opportunity to gain insight into best practices by networking with top
manufacturers, key Ingram Micro executives, and your peers.
Technology Boot Camps and Roadshow Seminars
Our expert Technology Solution Engineers and Solution Center Engineers will
provide sales and technical training through presentations, hands-on
demonstrations of manufacturer products, and a facilities tour of the Solution
Center during these two-day events. For information on upcoming events visit
www.ingrammicro.com/events.
Ingram Micro Services Network (IMSN)
The IMSN is Ingram Micro’s industry-leading, solution-provider delivered
professional services network and the cornerstone of the services division.
Powered by IMOnsite, a proprietary service-management software platform, the
IMSN allows solution providers to leverage an established, SLA-driven service
infrastructure to expand geographic reach and improve services capabilities
across North America. For more information please call (800) 235-4128.
Manufacturer SKU’d Services
Ingram Micro offers a comprehensive selection of services to help you grow your
business and provide complete product solutions. Ingram Micro’s SKU’d Services
includes thousands of services from more than 100 manufacturer and service
providers.
E-commerce Partner Referral
Ingram Micro maintains relationships with respected e-commerce providers on
your behalf. No matter what your e-commerce needs, we can find a partner to
help.
Security Solutions
Page 81
Ingram Micro Services Division (SPEX)
This cost effective electronic–content subscription service aggregates and delivers
information from thousands of IT and consumer electronics manufacturers—all in
a standardized format ready to use on your company’s website. For more
information about the Ingram Micro’s services division, visit
www.ingrammicro.com/servicesdivision or call (800) 705-7057.
Technical Support Services
As an Ingram Micro customer, you’re eligible to take full advantage of our worldclass presale Technical Support organization. With over 150 trained and certified
professionals, we take a consultative approach in helping your company to build
complete solutions that address your client’s business needs. We even stay
attached to your opportunity, working with your sales representatives to ensure
you have an effective and cost saving solution to present to your customer. And if
necessary, we’ll even conference in your client during the build or proposal
process to help you qualify and quantify the value of the solution to their
business.
Page 82
Security Solutions
Page 83
Ingram Micro Contacts and Resources
The Security Team
Security Technology Solution Engineer (TSE)
Chris Squier, 716-633-3600, ext. 66405
[email protected]
Security Campaign Marketing Manager
Erin McNiff, 714-382-1019
[email protected]
Security Technical Support Help Desk
[email protected], 800-445-5066, ext. 76102
Security Resource Site
www.ingrammicro.com/security
Other Useful Contact Information
Ingram Micro Events Website
www.ingrammicro.com/events
Ingram Micro Services Network
(714) 566-1000, ext. 24572
eSolutions Customer Support (ECS)
E-commerce setup/support: (800) 616-4665
Page 84
Ingram Micro Sales
(800) 456-8000
Corporate Offices West
1600 E. St. Andrew Place
P.O. Box 25125
Santa Ana, CA 92705-4926
(714) 566-1000
Corporate Offices East
1759 Wehrle Drive
Williamsville, NY 14221-7887
(716) 633-3600
Customer Service
Contact Customer Service from 8 a.m.–8 p.m., Eastern time, for any order and
shipment concerns.
(800) 274-4800
New Accounts
(800) 456-8000, ext. 41
Ingram Micro West Return Facilities
Attn: (insert RMA # here)
Suite R
12510 Micro Drive
Mira Loma, CA 91752
Security Solutions
Page 85
Ingram Micro East Return Facilities
Attn: (insert RMA # here)
82 Micro Drive
Jonestown, PA 17038
Ingram Micro Financial Services
Financial Services Consulting Desk: (877) 877-0035 (toll-free)
Pre-sale Technical Support
(800) 445-5066
8:30 a.m.–8:30 p.m., Eastern time
Page 86
Security Solutions
Page 87
Premier Sponsors
Cisco
A key component of the Cisco Secure Borderless Network, the Cisco ASA 5500
Series Adaptive Security Appliances delivers superior scalability and a broad
span of technology and solutions designed to meet the needs of an array of
deployments.
Offering seamless client and clientless access for a broad spectrum of desktop and
mobile platforms, the Cisco ASA 5500 Series delivers versatile, always-on secure
mobility integrated with web security and IPS for a comprehensive solution.
Unlike most security providers that force you to choose between a high-quality
firewall and an effective intrusion prevention system (IPS), Cisco combines the
world’s most proven firewall with the industry’s most comprehensive, effective
IPS for a powerful security solution.
Cisco ASA 5505
Cisco ASA 5510
Cisco ASA 5520
Cisco ASA 5540
Cisco ASA 5550
Cisco ASA 5580-20
Cisco ASA 5580-40
Cisco ASA 5585-X with SSP-10
Cisco ASA 5585-S10
Cisco ASA 5585-S20
Cisco ASA 5585-S40
Cisco ASA 5585-S60
Page 88
Symantec
Symantec is a global leader in providing security,
storage and systems management solutions to help
consumers and organizations secure and manage
their information-driven world. Our software and
services protect against more risks at more points,
more completely and efficiently, enabling
confidence wherever information is used or stored.
More information is available at www.symantec.com.
SYMANTEC SOLUTIONS
FOR SMALL BUSINESSES
For companies with 5–100 employees, with
limited IT staffing
Security
Endpoint Protection Small Business Edition
Protection Suite Small Business Edition
Mail Security for Microsoft® Exchange
Brightmail™ Gateway Small Business Edition
MessageLabs™ Hosted Email Security from
Symantec
MessageLabs™ Hosted Web Security from
Symantec
MessageLabs™ Hosted Instant Messaging
Security from Symantec
Information Protection
System Recovery Server Edition
System Recovery Desktop Edition
System Recovery Small Business Edition
Backup Exec™
Online Backup
Endpoint Protection Small Business Edition
Mail Security for Microsoft® Exchange®
Brightmail™ Gateway Small Business Edition
MessageLabs™ Hosted Email Encryption from
Symantec
MessageLabs™ Hosted Email Continuity from
Symantec
Management
pcAnywhere™
Ghost™ Solution Suite
SYMANTEC SOLUTIONS
FOR MIDSIZE BUSINESSES
For companies with 100–499 employees, with
dedicated but limited IT staff and resources
Security
Endpoint Protection
Protection Suite Enterprise Edition
Endpoint Encryption
Network Access Control
Critical System Protection
Mail Security for Microsoft® Exchange
Mail Security for Domino®
Brightmail™ Gateway
Web Gateway
Protection for SharePoint® Servers
MessageLabs™ Hosted Email Security from
Symantec
MessageLabs™ Hosted Web Security from
Symantec
MessageLabs™ Hosted Instant Messaging
Security from Symantec
MessageLabs™ Hosted Email Encryption from
Symantec
Backup and Recovery
Symantec Backup Exec™
System Recovery Server Edition
System Recovery Desktop Edition
Online Backup
Enterprise Vault™
Protection Suite Enterprise Edition
MessageLabs™ Hosted Email Continuity from
Symantec
MessageLabs™ Hosted Email Archiving from
Symantec
Management
Altiris™ Deployment Solution from Symantec
pcAnywhere™
Security Solutions
Page 89
Additional Sponsors
Fortinet
Fortinet’s products and subscription services provide broad, integrated and highperformance protection against dynamic security threats while simplifying the IT
security infrastructure.
FG-30B-US Q93754
FG-30B-BDL-US
FWF-30B-US BC3704
FWF-30B-BDL-US
FG-50B-US N73829
FG-50B-BDL-US
FWF-50B-US Y65110
FWF-50B-BDL-US
FG-60C-US DC8940
FG-60C-BDL-US
FWF-60C-US DF0112
FWF-60C-BDL-US
FG-80C-US Y65142
FG-80C-BDL-US
FG-80C-BDL-900-24
FG-80C-BDL-900-36
Q93755
BC3705
N73840
Y65111
DC8941
DF0113
Y65143
BL4876
BL4922
FG-80C-BDL-950-12
FG-80C-BDL-950-24
FG-80C-BDL-950-36
FG-80CM-US V10578
FG-80CM-BDL-US
FG-80CM-BDL-900-24
FG-80CM-BDL-900-36
FG-80CM-BDL-950-12
FG-80CM-BDL-950-24
FG-80CM-BDL-950-36
FWF-80CM-US
FWF-80CM-BDL-US
FWF-80CM-BDL-900-24
FWF-80CM-BDL-900-36
FWF-80CM-BDL-950-12
FWF-80CM-BDL-950-24
BL4968
BL5014
BL5060
V10579
BL4877
BL4923
BL4969
BL5015
BL5061
Y65114
Y65115
BL4878
BL4924
BL4970
BL5016
FWF-80CM-BDL-950-36
FG-110C-US U76949
FG-110C-BDL-US
FG-110C-BDL-900-24
FG-110C-BDL-900-36
FG-110C-BDL-950-12
FG-110C-BDL-950-24
FG-110C-BDL-950-36
FG-200B-US CC8311
FG-200B-BDL-US
FG-310B-US Q90392
FG-310B-BDL-US
FG-620B-US U76951
FG-620B-BDL-US
BL5062
U76959
BL4880
BL4926
BL4972
BL5018
BL5064
CC8312
Q90396
U76961
Juniper Networks
Juniper Networks security solutions provide fine-grained access control that
identifies, mitigates, and fully reports on the most sophisticated security threats of
the moment.
vGW Series: ALTOR-CENTER-1
MAG Series Junos Pulse Gateways: MAG2600, MAG4610, MAG6610,
MAG6611
SRX Series Gateways: SRX100, SRX210, SRX220, SRX240, SRX650,
SRX1400, SRX3400, SRX3600, SRX5600, SRX5800
Junos Pulse Mobile Security Suite: ACCESS-MSS-50U-1YR, ACCESS-MSS1000U-1YR, ACCESS-MSS-250U-1YR, ACCESS-MSS-500U-1YR
Page 90
McAfee
McAfee, a wholly owned subsidiary of Intel Corporation, is the world’s largest dedicated security technology company. McAfee delivers
proactive and proven solutions and services that help secure systems, networks, and mobile devices around the world, allowing users to
safely connect to the Internet, browse, and shop the web more securely. Backed by its unrivaled global threat intelligence, McAfee creates
innovative products that empower home users, businesses, the public sector, and service providers by enabling them to prove compliance
with regulations, protect data, prevent disruptions, identify vulnerabilities, and continuously monitor and improve their security. McAfee is
relentlessly focused on constantly finding new ways to keep our customers safe.
Manufacturer's Part Nbr
EMMCDE-AA-AA
EMMCDE-AA-BA
EMMCDE-AA-CA
EMMCDE-AA-DA
EMMCDE-AA-EA
EMMCDE-AA-FA
EMMCDE-AA-GA
EMMCDE-AA-HA
EMMCDE-AA-IA
EMMCDE-AA-JA
EMMCDE-AA-AG
EMMCDE-AA-BG
EMMCDE-AA-CG
EMMCDE-AA-DG
EMMCDE-AA-EG
EMMCDE-AA-FG
EMMCDE-AA-GG
EMMCDE-AA-HG
EMMCDE-AA-IG
EMMCDE-AA-JG
EMMCDE-AA-AI
EMMCDE-AA-BI
EMMCDE-AA-CI
EMMCDE-AA-DI
EMMCDE-AA-EI
EMMCDE-AA-FI
EMMCDE-AA-GI
EMMCDE-AA-HI
EMMCDE-AA-II
EMMCDE-AA-BA
Product Description
ENT MOBILITY MGMT PROD+ 1YR
GSA ENT MOBILITY MGMT PROD+ 1YR
INSTI ENT MOBILITY MGMT PROD+
LA ENT MOBILITY MGMT PROD+ 1YR
GOLD
GOLD
GOLD
GOLD
GOLD
GOLD
GOLD
GOLD
GOLD
GOLD
GOLD
GOLD
GOLD
GOLD
GOLD
GOLD
GOLD
GOLD
GOLD
GOLD
1YR GOLD
1YR GOLD
1YR GOLD
1YR GOLD
1YR GOLD
1YR GOLD
1YR GOLD
1YR GOLD
1YR GOLD
GOLD PROD+ 26-50U
Sonicwall
Guided by its vision of Dynamic Security for the Global Network, SonicWALL®
develops advanced intelligent network security and data protection solutions that
adapt as organizations evolve and as threats evolve.
TZ 100
TZ 200
TZ 210
NSA 240
NSA 2400
NSA 2400MX
NSA 3500
NSA 4500
NSA E5500
NSA E6500
NSA E7500
NSA E8500
SRA EX6000
SRA EX7000
SRA 4200
SRA 1200
CDP 6080B
CDP 5040B
CDP 220
CDP 210
CASS 2.0
Email Security ES8300
Email Security 4300
Email Security 3300
Email Security 300
Email Security 500
Email Security ES6000
GMS
UMA EM 5000
Security Solutions
Page 91
WatchGuard
WatchGuard XTM 5 Series appliances combine high
performance, strong security, advanced networking features,
and flexible management tools in one affordable solution for
small to mid-size businesses.
RSA
Trend Micro
Sponsoring Manufacturers
Cisco
Fortinet
Juniper Networks
McAfee
RSA, The Security Division of EMC
SonicWALL
Symantec
Trend Micro
WatchGuard Technologies
© 2011 Ingram Micro Inc. All rights reserved. Ingram Micro and the Ingram Micro logo are trademarks used under license by Ingram Micro Inc. All other
trademarks are the property of their respective companies. Products available while supplies last. Prices subject to change without notice. 6/11 M-004963.05

Ingram Micro | PracticeBuilder for IT Security

Transcription

Similar documents

Ingram Micro Physical Security

THE SEVEN LIFE PROCESSES

2014 Post Show Report

LR2045 - Motwane

ingram textbook buybacks

new ebook.rec.reading

Midjay Pro - AJAMsonic

to View the Flyer

BREAK FREE - Roto Grip