Story image

Exclusive: Kiwi developed security offering opening up new reseller opportunities

01 Aug 17

The Kiwi developers of a new security assessment and compliance system are urging resellers to offer more holistic services around security as the company itself scouts for resellers and service providers for its offerings.

Launched in April, SAM for Compliance provides a cloud-based service, based on Microsoft Azure, which helps organisations self-assess and manage compliance, based around different security standards including CIS Controls and the New Zealand Information Security Manual (NZISM).

Tony Krzyzewski, SAM for Compliance co-founder and director, says the company is talking with a number of services organisations in New Zealand, Australia and the United States about wrapping SAM Compliance into their service offerings.

“What we created is a product that makes it relatively easy for organisations to define standards, assess themselves and then work their way through the management process,” he says of the offerings.

While the initial offering was based around the United States-based CIS Controls, which are widely used internationally, other standards have since been added to the engine, including NZISM – creating a system Krzyzewski believes is ‘the only system on the planet’ designed for managing the implementation of the New Zealand standards – PCIDSS for PCI compliance and HIPPA, covering the security rules within the US Health Insurance Portability and Accountability Act.

While no specifically Australian standards have been used, Krzyzewski says the company has seen ‘definite interest’ in the CIS Controls from the Australian corporate sector.

SAM has already signed an large financial risk services organisation in Australia as a partner, with the company already having sold their first implementation into a ‘nice’ site.

Krzyzewski admits the SAM for Compliance offerings are not products resellers will make a lot of money from simply by selling the offerings themselves.

“We charge $3600 a year per framework and there really isn’t margin in there, but it is the opportunity to wrap services around this as a core and improve their service level offerings,” he says.

“Globally, SAM provides training for other professional services wishing to use SAM as a tool for managing and reducing risk within their client’s business.

“For resellers and VARs in particular, there are opportunities for them to quickly develop an in-house security practice using SAM for Compliance systems to assess, improve and manage their clients’ information security policies and processes.”

Krzyzewski says remediation services is one area where SAM for Compliance can be of use for resellers, helping identify where clients have a weakness in their systems, processes and technologies and then using that to help the client through the remediation process.

“And for service providers that themselves have to comply with the likes of NZSIM, this allows them to work their way through their own remediation process and be able to report back on compliance,” he says.

Late this year SAM expects to a lunch a ‘Bring your own standard’ offering.

“The engine we have created is so flexible, we can plug any standard into it,” Krzyzewski says.

“It doesn’t have to be just IT security. We could plug health and safety in there, financial… it doesn’t make any difference, providing there are pretty clearly defined requirements.

“We’re already in discussion with [the Australian arm of] a reasonable sized multinational with regards to plugging in their own internal standards to it.”

An SMB option may also be on the card, though Krzyzewski says SAM is yet to define a cut down version of standards achieveable for smaller organisations.

“One thing we are very aware of is that it’s no good having a standard you can never comply to, so we’re looking at defining pragmatic and practical controls for smaller organisations – the ones without a resident IT team,” he says.

Plans are already underway for a launch into the United Kingdom and European market next year, with the company initially targeting English speaking countries. 

"This is not a New Zealand product, we are going global," he says.

"If we have people in Singapore, Hong Kong or even India that are interested in taking this as a service we would certainly look at that too," he adds.

“There is a growing awareness of the requirement to protect information and systems outside of the IT sector now,” Krzyzewski says.

He notes that recent high profile ransomware and phishing attacks have heightened understanding about security and protection requirements.

“The channel really needs to start thinking about getting themeselves aligned into the more holistic services, rather than just trying to sell a firewall or antivirus. They’ve got to start thinking smarter and wrapping this into a service that can be provided otherwise they will be left behind.”

Kiwis make waves in IoT World Cup
A New Zealand company, KotahiNet, has been named as a finalist in the IoT World Cup for its River Pollution Monitoring solution.
Can it be trusted? Huawei’s founder speaks out
Ren Zhengfei spoke candidly in a recent media roundtable about security, 5G, his daughter’s detainment, the USA, and the West’s perception of Huawei.
Oracle Java Card update boosts security for IoT devices
"Java Card 3.1 is very significant to the Internet of Things, bringing interoperability, security and flexibility to a fast-growing market currently lacking high-security and flexible edge security solutions."
How SMBs can use data to drive business outcomes
With the right technology, companies can capture consumer, sales, and expense data, and use it to evaluate and construct future plans.
Survey shows that IoT is RoI across Asia Pacific
A recent Frost & Sullivan survey across Australia, Hong Kong and Singapore shows that IoT deployment improves business metrics by around 12%.
Sophos hires ex-McAfee SVP Gavin Struther
After 16 years as the APAC senior vice president and president for McAfee, Struthers is now heading the APJ arm of Sophos.
Security platform provider Deep Instinct expands local presence
The company has made two A/NZ specific leadership hires and formed several partnerships with organisations in the region.
Half of companies unable to detect IoT device breaches
A Gemalto study also shows that the of blockchain technology to help secure IoT data, services and devices has doubled in a year.