GDPR is coming! Here’s what the security channel needs to focus on to create opportunity out of regulatory upheaval.
On 25th May 2018, the EU General Data Protection Regulations (GDPR) become law.
But despite the burden of compliance that this places on the channel, isn’t it also a major opportunity for channel partners to sell more of the solutions that help end-users to address GDPR-related issues?
Here’s what we found when we dug into GDPR, and the opportunities it potentially presents, a little further…
GDPR opportunities – 1: Greater technology freedom?
A noteworthy feature of GDPR is that it does not prescribe specific data protection technologies – like a certain encryption algorithm, for example – and, therefore, does not automatically exclude others.
Instead, it prescribes processes, meaning that partners potentially have greater freedom than before to choose from a palette of vendor solutions that can satisfy those process requirements.
It’s a growth outlook reinforced by the IT industry’s most high-profile membership and training organisation, CompTIA. They have publicly stated to IT channel partners that GDPR means “Clients will be relying on their providers to help them meet regulations, which is a great opportunity to build on your relationships, all while creating new business with current and potential end users.”
So, given that GDPR is seemingly less proscriptive on the technology front than we might have previously assumed, what are the GDPR hot topics to which security partners’ offerings need to provide a compelling (and compliant) response, if they are to make the most of the opportunities at hand?
GDPR opportunities – 2: Data protection controls
GDPR has serious teeth, but given our background in security software distribution, and from the point of view of security partners’ offerings, we believe it bites hardest around three key internal and three key external threat scenarios, which we’ve paraphrased from this recent research:
(including employee mistakes and malicious insiders)
- Making lost data valueless if found – in other words, encryption methods that keep data safe if a device with personally or professionally identifiable information on it is lost or stolen.
- Remote kill and wipe, to easily remove data from lost or stolen devices, or render them unusable, no matter where they are in relation to the user.
- Data loss prevention (DLP), to control the types and sensitivities of data that users move around or out of the organisation.
(third-parties exploiting the organisation)
- Locking-down, to control what kind of applications can and can’t run on an endpoint
- Virtual patching, to stop remote exploitation of unpatched vulnerabilities
- Breach detection, to flag where a network has been compromised, and thus enable users to block attempted data theft.
Should security partners be quaking at the sound of these snapping jaws? Not a bit of it.
Security solutions are already available that enable partners to deliver many of these GDPR-focused benefits to end-users, from vendors including Trend Micro (in both SMB and Enterprise formats) and others.
Plus, a recent survey of European businesses cited in this Information Age article found that 69% of those polled are not only likely to invest in security technology as a result of GDPR, but to do so in areas including file-sharing. (This hints at a growth in the cloud app-centric security requirement space, into which, as we discussed in an earlier post, at least one vendor already plays strongly.)
GDPR opportunities – 3: The size of the market
But it’s filthy lucre, predictably, that hints most effectively at the pot of GDPR gold at the end of the partner rainbow. And make no mistake, we are talking big money here.
, for example, has predicted that GDPR will create a $3.5 billion market opportunity for security and storage vendors – in which their partners, of course, will share – as the severity of fines drives enterprises to “radically shake up their data protection practices, seeking…new technologies to assist with compliance.”
An additional push factor in the groundswell of GDPR opportunities for security partners also came with the recent comment by the European Commission's Justice Directorate, according to the International Association of Privacy Professionals (IAPP), that companies judged to have invested responsibly in security can, under certain conditions, see any fines for non-compliance reduced.
Security partners, it seems, are likely to become many businesses’ new best friends!
GDPR: What next for security partners?
This piece in ChannelPro perhaps best expresses what partners need to do, as GDPR relentlessly approaches, to turn a disruptive regulation into a profitable business opportunity:
“1. Read up on the changes and ensure they become the trusted expert on the new regulations
- Educate their customers about the impact of the EU GDPR
- Ensure they’ve got the solutions available to help customers with compliance”
From where we’re standing, point 3 looks to be the least of partners’ worries…