Cyber tech firms need integrator partners to broaden their services
- By Jodi Schatz
- Sep 29, 2017
Government agencies are looking for companies that can act as general contractors, but not all companies are system Integrators. Therefore, the goal for many companies is to have the ability to provide a more expansive, holistic offering beyond just their own product portfolio.
That hasn’t traditionally been the case among cybersecurity providers. These companies have typically focused on selling their uniquely specialized products into agencies, which understandably can limit their success in responses to requests for proposals in more comprehensive programs.
Given the frequency and severity of security intrusions in the public and private sector, cybersecurity companies are now looking for more complete offerings beyond their core capabilities. By demonstrating an ability to technically integrate with third party vendor products, these companies can show that they are able to more fully meet the needs of Federal government customers.
For the government in particular, the approach agencies to more easily make decisions on which products to deploy in complex environments.
Let’s look at how some general technical cybersecurity integrations can add benefit to customers:
Multi-Factor Authentication (MFA) – An agency looking to deploy MFA tokens to all their employees will likely need a card management system (CMS) to enroll the certificates stored on the physical tokens. Some companies offer both tokens and a CMS, but particularly when looking for high assurance tokens that were designed with the Federal government in mind, they are unique areas of expertise. Having the ability to vet out, in advance, a working solution that can be jointly offered to a customer simplifies the overall process and allows a customer to more readily select the appropriate vendor.
Storage & Key Mgt Encryption – What’s important here is whether a storage encryption solution can work with a key manager through open standards such as the Key Management Interoperability Protocol (KMIP). This type of interoperability is another way of layering levels of security and creating an overall efficient solution for the customer. It alleviates the challenge of the customer having to validate that the products they purchase will properly integrate in their environments.
Complete offerings – In some cases a company may be missing one element to an overall holistic solution. Among encryption providers, encrypt everything is the Holy Grail. Some come very close to meeting that promise with encryption solutions for web/application servers, databases, file servers, disk encryption, virtual machines, etc. Often, however, what might be missing is the ability to encrypt email and documents. Companies should pool resources to be able to offer that level of encryption and storage with hardware for root key management, to provide an integrated solution for all available data venues.
So after being a bit late to the game on the need to create integrated offerings, cybersecurity firms have come to realize that there is more value to creating a simple means for agencies to ensure their IT security than there is to owning a narrow segment of the market.
Jodi Schatz is chief product officer of SafeNet Assured Technologies LLC.