Channel Manager’s Playbook Volume 15: Selling Security Sponsored by
gloCOM Video conferencing with screen & file share, meeting chat, drag-and-drop functionality and more. www.bicomsystems.com Sales: +1 (954) 278 8470
You Don’t Have to Sell Out to Cash In AppSmart Invest pays you upfront capital based on your business's monthly recurring commissions and empowers your business with the industry's leading technology services platform. Join successful agency owners nationwide that are benefiting from AppSmart Invest. Secure your future with immediate liquidity and the stability of recurring income. Meet us at Channel Partners Booth #1615 or email invest@AppSmart.com to book an appointment.
THE CHANNEL MANAGER’S PLAYBOOK ADVERTISER INDEX CONTENTS AireSpring (www.airespring.com) 9 AppSmart (www.appsmart.com) 3 Bicom Systems (www.bicomsystems.com) 2 C3 Cloud (c3cloud.com) 11 Corel (corel.com/en/partner-program) 35 CVx Expo (cvxexpo.com) 23 Dialpad (dialpad.com/partners) 13 Ericsson (www.ericsson.com/en/partners) 25 FaxSIPit (www.faxsipit.com) 31 Fusion Connect (www.fusionconnect.com) 7 Granite Telecommunications (www.granitenet.com) 21 Great Plains Communications (gpcom.com) 33 NHC (nhcgrp.com) 5 NUSO (www.nuso.cloud/partners) 23 One Stream Networks (www.onestreamnetworks.com) 15 PlanetOne (www.planetone.net) 17 Powernet (www.powernetco.com) Back cover Profitec (www.profitecinc.com) 29 Spectrum (partners.spectrum.com) 19 Disclaimer: This index is provided as a free service to our advertisers. Every effort is made for accuracy, but we cannot be held liable for any errors or omissions Volume 15: Selling Security Martin Vilaboy Editor-in-Chief martin@bekabusinessmedia.com Bruce Christian Senior Editor bruce@bekabusinessmedia.com Brady Hicks Contributing Editor brady@bekabusinessmedia.com Percy Zamora Art Director percy@bekabusinessmedia.com Rob Schubel Digital Manager rob@bekabusinessmedia.com Jen Vilaboy Ad Production Director jen@bekabusinessmedia.com Berge Kaprelian Group Publisher berge@bekabusinessmedia.com (480) 503-0770 Anthony Graffeo Publisher anthony@bekabusinessmedia.com (203) 304-8547 Corporate Headquarters 10115 E Bell Road, Suite 107 - #517 Scottsdale, Arizona 85260 Voice: 480.503.0770 Fax: 480.503.0990 Email: berge@bekabusinessmedia.com © 2022 Beka Business Media, All rights reserved. Reproduction in whole or in any form or medium without express written permission of Beka Business Media is prohibited. ChannelVision and the ChannelVision logo are trademarks of Beka Business Media Beka Business Media Berge Kaprelian President and CEO 8 SASE’s Slow Roll Network complexities increasingly require SASE; the complexities of SASE require patience By Martin Vilaboy 12 The Remote Rush How COVID-19 has changed telecom security investments By Brady Hicks 16 Forget Passwords A guide to taking SMBs passwordless By Brady Hicks 22 Triple Residuals with WiredIQ’s BrainBox SASE Appliance By Brady Hicks 24 Fear Fatigue How to limit risk in a changing work landscape By Brady Hicks 28 Work-from-Home Safe Home Meeting the demand for SaaS-based threat defense and DDI By Scott Jacobs 32 A Safer Transition Overcoming the challenges of migrating to an MSSP By Mark Romano 4
NHC’s Partners & Their Customers Are Priority One Integrity isn’t just a hackneyed word to us. customers and good compensation – they get both because we treat their customers like our own. For 20 years, we’ve worked to provide the best experience for both partners and their customers. If our partners succeed, we succeed. Need proof? Ask a partner. Kevin Zimmerman TCG VP National Sales TCG is a National Master Agency based out of Fort Lauderdale, FL in business for 30 years. TCG has over 4000 nationwide agents and 19 channel managers across the country. “No greater example of the success that NHC has with TCG than the REPEAT business NHC continues to get from our agents. NHC is the only provider where our agents have fostered long term relationships not only with sales support teams but also NHC Project Managers. We simply don’t see that with other providers. In fact, I’ve heard our partners say we just send everything to NHC, thank you for introducing them to us. Our industry is tough, stuff happens but NHC makes things right. The NHC team is outstanding at resolving both implementation and repair issues. It’s done with complete transparency and constant updates. Every customer receives escalation lists with direct contact to all departments and the personal cell phone numbers of top management. The way that NHC does business makes it easy for me to evangelize its message.” Is it time for you to work with a partner you can trust? Scan here to watch how we STACK™! nhcgrp.com/partners | @stackNHC YEARS THE Communications STACK ProviderTM
THE CHANNEL MANAGER’S PLAYBOOK 6 Network complexities increasingly require SASE; the complexities of SASE require patience SASE’S SLOWROLL By Martin Vilaboy For increasing percentages of enterprise network decision-makers, the deployment of secure access service edge (SASE) is less about “if” and more a matter of “how.” Analysts at Gartner expect that by 2025, at least 60 percent of enterprises will have explicit strategies and timelines for SASE adoption encompassing users, branches and edge access, up from the 10 percent that had SASE in the works in 2020. Dell’Oro group, meanwhile, estimates the SASE market will grow at a compound annual growth rate of 116 percent, reaching a market value of $5.1 billion by 2024. Much of the expected rapid growth around SASE, which combines network and security into one framework that is software-defined and delivered through the cloud, can be attributed largely to the fact that corporate networks have grown increasingly diverse, dispersed and complex. As company resources increasingly reside in the cloud, and workers, devices and compute power increasingly move to the edge of networks, network security and access also must flexibly follow to the edge. “What once was a relatively straightforward equation of building a virtual moat around the network perimeter has become infinitely more complicated, given that the notion of the network perimeter, itself, has become obsolete in a borderless cloud-based environment in which almost anything can be delivered as-a-service,” said Ken Presti, analysts for Avant Research & Analytics, in a report on the state of SASE.
Visit us at the Channel Partners Expo Booth 1107 Industry’s Best and Most Comprehensive Service Guarantee Customer Satisfaction ©2022Fusion Connect, Inc. All rights reserved. Fusion Connect Service Guarantee INSTALLATION GUARANTEE Fusion Connect will meet the agreed-upon installation date(s) for UCaaS and/or SD-WAN services. If the targets are not met, the customer is credited with one month’s MRC for the service. 100% UPTIME GUARANTEE A 100% uptime guarantee for customers who purchase both UCaaS and SDWAN, or Fusion Connect provides a credit. RATE LOCK GUARANTEE Rates for Unified Communications and SD-WAN services will not change for the life of the customer’s contract. FUTURE-PROOF TECHNOLOGY GUARANTEE Ongoing upgrades to the next generation of UCaaS and SDWAN technology will be implemented at no additional cost. CUSTOMER SATISFACTION GUARANTEE Customers will be satisfied with the quality of our Unified Communications (UCaaS) and SD-WAN services, and any issues will be resolved to their satisfaction, or the customer may cancel the service(s) without penalty.
“As enterprises pivot towards becoming cloud-first and mobile-friendly, they are running into the structural deficiencies of the hub-and-spoke model and need alternatives,” said Mauricio Sanchez, director at Dell’Oro Group. “The need for more agility, better scalability and ubiquitous security has driven the vendor community to respond with the convergence of software-defined WAN (SD-WAN) and secure web gateway (SWG) solutions into a new architecture under the SASE umbrella. As a result, enterprises’ interest in SASE is skyrocketing.” Yet in a cloud survey by Frost & Sullivan, 48 percent of IT decision makers stated that they decided to repatriate applications from the public cloud after experiencing security incidents such as unauthorized access. “That is a staggering percentage, and the entire cloud model will be unsustainable in the long run if cloud, network and security planning is not done holistically,” argued Roopa Honnachari, a director in Frost & Sullivan’s network services and edge computing practice. The increased complexity of corporate networks, not so surprisingly, also comes into play as enterprises incorporate SASE into their networks. As Gartner analysts warn, “Enterprises can’t flip a switch and adopt SASE.” Instead, the transition to SASE generally is done on an incremental basis, according to experts and providers, with technologies introduced consecutively rather than concurrently. A survey by Avant Research & Analytics, for instance, found that more than 90 percent of customers intend to adopt SASE on an incremental basis, as opposed to using a single engagement approach. Indeed, the vast majority of enterprise SASE adoption, said Gartner analysts, will take several years to complete, with executives prioritizing areas of greatest opportunity in terms of cost savings, mitigating complexities and reducing risks. “By introducing new technologies consecutively, as opposed to concurrently, any glitches are generally easier to identify, locate and resolve,” said Presti. The intended benefits and drivers of SASE can be somewhat simplified: enhanced security and improving application performance. In practice, however, the implementation touches multiple teams and resources within the customer organization, must cross organizational silos and can impact multiple existing solutions and vendors. In addition to SD-WAN, zero trust network access (ZTNA), cloud access security broker (CASB), firewall as a service (FWaaS) and secure web gateway (SWG), a SASE implementation can involve a number of other capabilities and consideration, including DNS protection, remote browser isolation, sandboxing and API/application protection. “A full SASE implementation requires a coordinated and cohesive approach across network security and the networking teams,” advised Gartner analysts. “For midsize enterprises, this is an easier problem to address, as a separate security team may not exist. Within large organizations, these organizational structures, budgeting processes and responsibilities are quite rigid.” And don’t expect SASE to magically fix any underlying network issues. BetFactors Driving Involvement with Emerging Technologies Source: CompTIA Top Reasons to Engage Trusted Advisors in SASE Decisions Source: Avant Research & Analytics 54% 51% 37% 36% 10% 12% 46% 43% 42% 42% 16% 38% 46% 15% 37% 48% 15% 12% 76% 9% 7% 5% 2% Customer demand Better revenue opportunity Competitive diferentiator Avoid obsolescence Vendor pushing us to do so Dovetails with existing portfolio Major factor Minor factor Not a factor Education Product/Solution Selection Integration with Legacy Systems Developing Migration Strategy Coordinating Buy-in within Customer Organization Organizations’ SASE Implementation Timelines Incremental migration planned 46% Likely to be incremental migration 44% Not likely to be incremental migration % No incremental migration planned 5% Source: Avant Research & Analytics THE CHANNEL MANAGER’S PLAYBOOK 8
ter to fix something before deploying new components on top of it. “The only exception would be if you had some kind of compliance requirement that needed to be addressed immediately,” said Michael McKinnon, senior vice president of solutions and engineering at Globalgig, as part of the Avant report. “I don’t see any problem with deploying SASE ahead of that. But typically, if you apply SASE while you have an underlying network issue, you’re only complicating matters because now you have multiple new components and you have to determine what’s causing the problem.” Providers recommend organizations start with a thorough review of their unique circumstances, suggested the Avant study, before building a three- to five-year strategy of action that leverages a cross-functional team representing security, networking, compliance, finance and IT management, along with any outside trusted advisors. “The discussions should begin with preferred business outcomes and then drive downward into more specific details to support users, applications and remote locations leveraging the cloud and wide area networks,” advised Presti. “As the migration continues over time, conduct ongoing audits to ensure that the desired effects are being achieved.” “The choice of what to prioritize always begins with the question of what’s not working well. What do people complain about? What’s keeping people from being optimally productive? What causes end customers pain? Those are the places you want to start.” advised Mark Peay, channel director at Cato Networks. With so many systems and staff impacted, there could be some managerial reluctance to take a stand in favor of a SASE migration, continued Presti. In these cases, executive leadership may need to clearly articulate the direction and assign team members to take direct action. At the other end of the spectrum is the potential there are simply “too many cooks in the kitchen,” Presti warned, creating a situation in which “networking people, security staff and others may begin jockeying for budgetary position, in which case the resulting strategy may become less coherent. In extreme cases, you may see multiple tools serving the same function because a clear strategy was not in place.” “The network and security teams sometimes don’t like each other,” added Bill Franklin, senior director of cloud engineering for Avant. “Some teams have been stepping on each other’s toes for years, in which case you need to start at a place where both sides can agree.” What’s more, some individuals within an organization may be more cloud-focused while others are more appliancebased, “which means you may be displacing vendors with whom they’ve been working for a long time, and that could cause friction,” Franklin continued. “In such cases, it’s not just a technical decision; it’s a political decision as well.” To the extent that non-cloud related assets continue to be in use, Presti recommends organizations consider a cloud migration as a prerequisite to a SASE migration. “It’s a different kind of platform that moves away from the current paradigm of appliancerendered capabilities for networking and security,” added Peay. “Technology needs to be looked at more holistically; to center the enterprise network around the user and identity, as opposed to the data center.” The good news is, as organizations navigate their technology options and challenges on the way to their SASE implementations, channel partners as trusted advisors can play a key role, as they tend to have a detailed understanding of clients’ needs, circumstances and technology ecosystems. This is not lost on business IT departments. According to the Avant Research & Analytics survey, 76 percent of organizations said they will turn to a trusted advisors to provide educational assistance for SASE. And as part of that education, adviser would be wise to start off by preaching patience. o Source: CompTIA Top Reasons to Engage Trusted Advisors in SASE Decisions Source: Av n Research & Analytics What, if any, security challenges are your enterprise customers/subscribers facing if they are supporting an increasing number of employees working remotely? 15% 76% 9% 7% 5% 2% Roadmap Timeline for SASE Convergence Source: Gartner • Establish a cross-functional team spanning security, networking, workforce transformation and branch office transformation • Develop an overall SASE strategy and adoption timeline with specific, measurable goals • Phase out legacy network-level VPN for third-party access • Consolidate SWG, CASB, ZTNA and RBI as contracts renew. • Drivers Enable “branch office of one” anywhere, anytime access • Consolidate vendors to reduce complexity and costs including replacement and dedicated circuits • Shift security skills from maintaining boxes to supporting business access requirements • Adopt a zero trust security posture to remote access • Continued vendor consolidation to reduce complexity and costs • Sensitive-data visibility and control access channels, including at rest in public clouds • Zero trust security posture for office and campus locations • Consistent and measured user experience • Digital business dexterity, speed in provisioning and supporting change • Sensitive-data visibility and control across endpoint, cloud and on-premises • Full zero trust security posture • Protection of edge comput- ing and distributed compos- ite applications • Continued vendor consolida- tion to reduce complexity and costs. • Measure end-to-end user experience for all access • Phase out legacy network-level VPN for remote access; keep ZTNA active when returning to the office/branch • Phase out remaining dedicated network security appliances • Enforce contractual SLAs from SASE providers • Establish a permanent, unified cross-functional organization for secure access engineering • Consolidate to 1-2 vendors covering SD-WAN and secu-rity services • Activate continuous authorization for all access requests and monitor continuously for unusual or risky behaviors using machine learning • Phase out dedicated circuits Drivers Timeline indicates when to begin. 2021 2025 Drivers Education Product/Solutio Selectio Integr tion with Legacy Systems Developing Migration Strategy Coordinating Buy-in within Customer Organization THE CHANNEL MANAGER’S PLAYBOOK 10
In 2020, the world as we knew it was forced into a groundbreaking state of flux. Organizations that had traditionally operated out of a conventional office were suddenly forced to alter their business models amidst precautions governing how they could – and could not – conduct business. As remote and hybrid work became the norm, many enterprises responded by embracing the communications service provider (CSP) for virtually all aspects of communications, collaboration and connectivity. With those changes, however, concessions were inevitable. At a time when companies struggled just to stay afloat, security became a factor that many temporarily eschewed. Despite dangerous instances of malware, ransomware and other cybercrime reaching an all-time high, organizations were forced to depend on safe employee practices, as well as the individual CSP, to keep vital information secure. After all, most thought 2020’s work-at-home trend was just a temporary reaction to a pandemic. The times, though, have changed. According to data published by A10 Research, about two-thirds of communications service providers do not anticipate a massive return to the office, an assertion reflected in a 55 percent increase in CSP service demand. What, therefore, are the effects on telecommunications security investments? Perhaps most obviously, today’s CSP faces a dramatic shift in customer expectations, with 52 percent seeing clients as hesitant regarding service resilience and 44 percent having increased views of what network security they should be able to provide. With this pressurized backdrop, the F.B.I. reports that How COVID-19 has changed telecom security investments THE REMOTE RUSH By Brady Hicks 12 THE CHANNEL MANAGER’S PLAYBOOK
dialpad.com/partners Talk. Message. Meet. Support. One beautiful, Ai powered workspace for team and customer communications. WORK BEAUTIFULLY
cybercrime grew by 69 percent in 2020, totaling nearly 792,000 complaints and resulting in $4.1 billion in losses. To complicate matters, the rush to at-home work meant a similarly proliferated attack surface for cybercriminals to exploit. Companies can no longer be content to secure a single corporate network against malware strikes; they now must account for potential entry points that are opened up each time a remote staffer accesses assets. After all, as A10 noted, the organization’s security “will only be as secure as the home networks they are on.” As a result, CSPs have had to reallocate network capacity, scale up in some locations and increase overall headcount to better meet demand and improve network security coverage. Revived Focus on Sound Security Policy As seen with this year’s Colonial Pipeline breach, conventional security practices mostly fail when they are overlooked. “Password theft started so many breaches,” said Corey Nachreiner, chief security officer of WatchGuard. “The Colonial Pipeline’s ransomware started with a lost password. Some of the managed service provider attacks that happened before the latest zero-day started with lost passwords. Just having something as simple as enterprise-wide MFA (multi-factor authentication), you kind of block the initial vector to lots of these attacks.” This need for improved end-user awareness via passwords, MFA and even cybersecurity education services is reinforced by A10, which indicated that CSPs widely believe corporate customers need firm MSP policy (47 percent) and bringyour-own-device (BYOD) best practices (42 percent). These statistics are also amplified by an observed 56 percent demand increase in online platforms and portals that support subscriber self service. Increased Need for DDoS Investments Unparalleled increases in targeted malware and ransomware attacks this year only underscore the need for solid, granular, customer-level distributed denial-of-service (DDoS) mitigation by the telco provider. In all, 45 percent of CSPs believe DDoS software needs to be a top priority, with 43 percent calling it the “most important investment” a provider can make in fending off cybercrime. Other traditionally “high-priority” CSP security investments include upgraded firewalls, security appliances and mitigation software. Growing 5G and Multi-Cloud Concern Security investment issues are only compounded by the rapid proliferation of 5G and cloud services. For example, as companies’ operations continue to evolve with time, so too do their purchasing strategies. According to the CSPs surveyed by A10, as much as 58 percent of customers tend to promote resiliency by distributing internet workloads and traffic across a conventional telecom provider and non-telecom cloud service. With the fragmented worker base increasingly embracing these types of technology, today’s service provider must match security service levels to maintain its customer base. Top concerns cited by CSPs include preventing outages (48 percent), maintaining regulatory compliance (44 percent) and achieving consistent subscriber services (41 percent). As a result, A10 noted that more than half of providers have updated their solutions set to address new need for both security (52 percent) and public cloud services (50 percent). Sure, COVID-19 has had a likely permanent impact on today’s business world, changing not just most operations but the solutions offered by the very service providers that support everything that they do. With new challenges in security, however, come opportunities for new developments. And in today’s world, those occasions allow us to see just how far we have come. o What, if any, security challenges are your enterprise customers/subscribers facing if they are supporting an increasing number of employees working remotely? Source: A10 Networks Source: Gartner Timeline indicates when to begin. They need to offer better security to their employees for their remote network and endpoints to ensure that they protect againt increasing cyber attacks They need to revise their employees cybersecurity training program to reflect the hybrid cloud environment They need to roll out multi-factor authentication to their workforce to enhance security They need to update their BYOD policies to make sure that security is robust They need to ensure that employees have adequate local network access from their remote location N/A there are no security challenges my enterprise customers/subscribers face by supporting increasing number of employees working remotely N/A my enterprise customers/subscribers are not supporting an increasing number of employees working remotely 0% 60 50 40 30 20 10 0 55% 55% 47% 42% 21% 1% 0% 14 THE CHANNEL MANAGER’S PLAYBOOK
& onestreamnetworks.com © Copyright OneStreamNetworks 2022 Best-in-Class Services The Voice of Digital Transformation Global Cisco Webex Webex Calling Webex Contact Center and more... Webex Teams Cloud Calling PSTN Partner for Cisco Webex Calling VAR Certified SIP trunking Microsoft Teams Direct Routing Certified PSTN Partner OneStream Networks is purpose-built for enterprise-grade cloud-based SIP trunking, SD-WAN, Cloud PBX and Contact Center Services. Global PSTN & Reach 70+ Countries/8000 cities New DIDs and Porting DIDs Localized In-Country Dial Plans International Toll Free Services (ITFS) Integrated Emergency Services and E911 With OneStream Networks, customers enjoy seamless voice capabilities, from single-sites to multi-sites to multi- nationals, with the industry's most extensive worldwide local phone number and service coverage. With OneStream, customers are at peace knowing that we provide Global PSTN and SIP trunking in 70+ countries. The end result is ONE company, ONE service center and ONE invoice. Highlights: Cisco & Microsoft Certified Partner OneStream is Cisco Certified for UCM Cloud and Webex Calling with licensing and a Microsoft Teams Direct Routing Certified PSTN Partner. Cloud Voice Hub Cloud Voice Hub is the industry’s first multi-platform integration network enabling seamless PSTN and on-net call routing across all platforms and that’s available in an unprecedented 70+ countries. Even better - this multi-platform enables calling for Cisco, Microsoft, Genesys, Avaya, Zoom, and NICE inContact. For product information, partnering or pricing. 800-869-0315 or +1-585-563-1850, press option 2. OneStream Differentiators The Voice of the Digital Transformation
Today’s SMB (small to medium-sized business) faces way too many challenges. Whether it’s related to issues from the pandemic, supply chain shortages, economic downturn or poor decision-making, many companies have been left reeling in recent times. Factor in the ever-present threat of hackers and other malicious bad actors targeting one’s operations, and the threat of disaster only grows. That’s right – ransomware, spyware and other sophisticated cyberattacks are no longer the exclusive problem of the “big guys.” According to data presented by the U.S. Department of Homeland Security, an estimated 50 to 70 percent of all ransomware attacks are actually made against today’s SMB, which traditionally has fewer resources to either address or absorb such a strike. And when cashflow, reputation and success hinges on preventing downtime, these types of breaches can have devastating consequences. Companies need a plan to account for common mistakes such as credential sharing and poor password creation, elements the majority of SMBs do not have a handle on. For smaller organizations, the harsh reality of passwords is that nearly half of all workers choose their login credentials based on “personal information, meanings and memories,” per NordPass, while less than one-third of staffers create a unique password when setting or resetting their credentials. It’s common for employees to use the same login across multiple accounts, and password-sharing among employees abounds. Meanwhile, according to LastPass, staff can spend as many as six hours per week either verifying identity or managing logins, and as many as 85 passwords are often employed per worker. The answer for many companies is to go completely, 100 percent passwordless. By Brady Hicks A guide to taking SMBs passwordless FORGET PASSWORDS THE CHANNEL MANAGER’S PLAYBOOK 16
R E A L - T I ME COMM I S S I ONS I S H E R E . Watch the Fastball Demo LIVE! Wednesday, April 13 | 11:51am - 11:57am GET STARTED OR REQUEST A DEMO TODAY! PLANETONE.NET/SENTIENT Location: Level 2, The Venetian Ballroom F Channel Partners CONFERENCE & EXPO TM Speakers: Jake Schuman Sr. Vice President Ted Schuman CEO
What is Passwordless Authentication? The notion of eliminating employee logins is inspired by convenience as much as security. Generally speaking, passwordless authentication is any process that can confirm a user’s identity without requiring their credentials (i.e. passwords). As a newer approach, smaller organizations are increasingly using this method because of its effectiveness in reducing or eliminating password theft, whether by scam, misuse or some other exploitation. The act of going completely passwordless allows access to be determined only when identity has been validated, either by MFA (multi-factor authentication) or another option. As is often the case with trends in the tech industry, new identity-confirming techniques constantly surface. The Push Notification System Among the more common passwordless options, with push notifications, the user is sent a one-time verification code or link to a previously authenticated device. Assuming that user then completes the required action within the pre-set time, the identity is confirmed, and they are granted access to critical files, software or systems. Like other non-passwordbased systems, push-based authentication can be employed as either a standalone option or as part of a series of verifying measures. Unfortunately, as with any type of credentialing, push identity has been hit with some attacks. In particular, users can be bombarded by such prompts – initiated by the bad actor – in the hope that they accidentally complete the verification process. These potentially devastating strikes, which prey upon human error and what has been called “push fatigue,” have grown by as much as 70 percent in recent years, according to research done by Kaspersky Lab. The ‘Magic’ Link This form of verification is similar to push notifications in that the user receives a time-sensitive URL with an embedded token, delivered via email or SMS text. In most cases, the employee is given the choice as to which interface the link is delivered, and an active session is opened in a separate browser window. Plus, because the link expires after a pre-set period, any later login attempt is thwarted. Magic Links can similarly be exploited. They also rely on the 24x7 accessibility of technology, devices and accounts. Without access to all three, one cannot get in. The One-Time Password This single-use credentialling method requires the input of a temporary, automatically generated set of characters that are pushed to one’s email or mobile device. Most often, OTP comes as part of a more-compreBenefits of Passwordless Authentication for IT Infrastructure Benefits of Passwordless Authentication for Employees Increasing security 69% Quicker authentication 65% Eliminating risk 58% Fewer passwords to remember 57% Saving time 54% Convenient access from anywhere 53% Gaining more control and visibility 53% Streamlined access to multiple applications at once 52% Saving cost 48% Not updating passwords as often 44% No benefit 3% Not worrying about password breaches 39% No benefits 1% Source: LastPass, LogMeIn Global Sur vey Workplace Password Malpractice, % Saying ‘Yes’ Do you currently save work-related passwords in a document in the cloud? 49% Do you currently save work-related passwords in a document on your desktop? 51% Do you currently save work-related passwords on your phone? 55% Have you ever shared a work-related password via text or email? 38% Have you ever logged into an online account that belongs to your previous employer after you left? 32% When creating a new password for a work account, have you ever used your company’s name? 37% Does your company share passwords for accounts that are used by multiple people? 46% Do your currently use the same password for personal accounts and work-related accounts? 44% Do any work-related passwords have your significant others name or birthday in it? 34% Do any work-related passwords have your child’s name or birthday in it? 31% Source: Keeper Security; Pollfish THE CHANNEL MANAGER’S PLAYBOOK 18
THE COVERAGE CLIENTS DEMAND Offer powerful business solutions around the corner and across the country. THE SOLUTIONS CLIENTS NEED Provide a total solution, from Internet, Voice and TV to Managed Services and beyond. THE EARNING OPPORTUNITIES YOU WANT Maximize your earning power with competitive incentives and residual commissions. GET STARTED WITH THE SPECTRUM PARTNER PROGRAM TODAY. MEETING CLIENT DEMANDS. CREATING MORE OPPORTUNITIES. Services subject to all applicable service terms & conditions, which are subject to change. Services & promotional offers not available in all areas. Restrictions apply. ©2022 Charter Communications, Inc. LEARN MORE AT PARTNERS.SPECTRUM.COM
hensive MFA system, although it can also function in a standalone manner. Risk is largely limited, although the chance of email or device infiltration could pose a problem. Biometric Verification Far less common, especially in a small business setting, is biometric authentication. This method assesses the physical attributes of the user to ascertain their identity. Typically, the system analyzes distinguishing characteristics such as fingerprints, eyes or other facial characteristics. The biggest benefit is that the traits are unique to the user, thus preventing issues such as password theft or poor judgment. Potential limitation, meanwhile, relates to the technology’s effectiveness, backend issues such as network and data hacks, other forms of fraud, sensor spoofing and issues related to the integrity of the stored biometric data. Still, these are unlikely. For many small businesses, sadly, employing across-the-board biometric verification can be a costly process; it requires a unique physical scanner for each individual end user, and cloudbased capabilities are not currently supported. Those favoring biometric and other passwordless systems, however, will readily point out that its cost is more than offset by the money saved in not having critical information stolen. The Third-Party Login Although not traditionally passwordless, the option for third-party credentialling is appealing for many smaller organizations because it removes the need to remember multiple passwords for any number of accounts. Companies such as Google began supporting this concept several years ago, citing the convenience of using just their own credentials to access many different thirdparty services. Despite the comfort of being able to forget one’s passwords in this way, this practice has its consequences. On the heels of massive data breaches for companies such as Yahoo, LinkedIn and Facebook, numbering in the millions and billions of victims, the concept of third-party logins can be an ill-advised gamble. The FIDO Architecture The concept behind fast identity online (FIDO) includes open-authentication standards for helping providers to leverage passwordless user authentication. These standards came about as a result of the FIDO Alliance, which includes contributions from Microsoft, Apple, Google and others. FIDO allows the employee to use a device in a manner similar to a physical security card, making aspects such as public key cryptography (PKC) and biometrics more commercially accessible. Using a FIDO-based authenticator allows the organization to generate user credentials with both a private (stored by the authenticator) and public (shared with the service) key component. Popular sites such as Google Accounts, Dropbox, GitHub and Twitter employ FIDO authentication due to its advantages for business (protection), developer (streamlined APIs) and end user (convenience and security) alike. So, how feasible is passwordless protection? The answer likely depends on the nature of one’s operations. Is sensitive information encrypted? Do employees have their own logins? Is the expenditure practical? For some, the idea of going passwordless is a great, low-risk investment. These options generally work because they can be easily outsourced and implemented while requiring minimal backend understanding. More importantly, going passwordless limits dangerous exposure as a result of poor decisions or organizational policy. And for the SMB, any opportunity to limit threat with minimal investment is a win-win. o 43% 41% 40% 38% 33% 33% 31% 31% 27% 27% 3% 57% 56% 50% 45% 40% 35% Challenges of deploying a passwordless authentication model Source: LastPass, LogMeIn Global Survey Financial investment Regulations around the storage of the data Time Resistance to change from employees Lack of skills and knowledge Resistance change from IT department Passwords will never truly be eliminated Sense of being afraid to change what we already know Complicated to implement Concerns that it is less secure No challenges Most U.S. IT Pros Feel Optimistic About Role Sourc : CompTIA Demand for skills leading to career options Importance of tech to business objectives Reliance on technology following pandemic Strong network of technology professionals Perception that tech helps society Diverse skills available for exploration THE CHANNEL MANAGER’S PLAYBOOK 20
are to www.granitechannels.com channel-sales@granitenet.com 877-884-5200 Partner ith us an en o earnin lon ter o etiti e o ission ranite Channels stri es to sa e usto ers one uarantees our in o e an res on s i e iatel to l ient an artner nee s throu h onitorin Join us #CPEXPO Booth #1119
WiredIQ has taken a unique approach to delivering managed services by allowing the customer to choose from a complete suite delivered with one intelligent SASE appliance called, the BrainBox. Beyond the expected feature set of a typical SASE appliance combining SDWAN capabilities with comprehensive unified threat management, the BrainBox takes it a step further by facilitating all the other managed services your customer might require into a single high availability appliance that sits at the customer premises on the edge of their network. The BrainBox reaches beyond the SD-WAN, firewall, intrusion detection and content filters in place at the edge of the customer’s network. The BrainBox also provides SD-LAN management with segregated virtual LAN networks for voice, video, guest access and secure corporate users. The Brainbox provides add-on applications for unified communications, managed Wi-Fi, managed desktops, backup and premises-based security (IoT) including surveillance, access control and burglar alarm. The customer’s PCs can also be monitored, managed and secured by the BrainBox. If you’re in the retail, restaurant or hospitality industry the BrainBox even can manage streaming music. The customer can choose any one or all of these services giving them a unified platform for all their managed services, eliminating vendor finger-pointing, saving money, simplifying their network infrastructure, and having a single bill for all of it. “The BrainBox is much more than just another SASE appliance,” said WiredIQ CEO Joe Rhem. “We take care of a plethora of hotels, restaurants and retail outlets. The more locations the better as we manage everything in one pane of glass with the Visual Cortex Orchestrator. Every phone, camera, access point, computer, switch, network connection and BrainBox is monitored every 60 seconds and supported 24 hours a day with redundant network operations centers and worldwide onsite installation and repair capability.” Recalling his time as the founder of the third largest UCaaS provider, Rhem looks back on a project with Dollar General. “We put our voice appliance at each location,” he said. “Next to it another vendor put a router, and next to that someone else put a firewall, and next to that another vendor put an SD-WAN box. That’s four routers in a row, right next to each other. It keeps going. There would be a surveillance box, a box to do access control, a box to do burglar alarm, a box that was doing Wi-Fi, and a box that was doing the overhead music. And all of these boxes were on the wall, next to each other. This was repeated 13,000 times, just for Dollar General, and it occurred to me at the time that all this could be in one box, and all of that could be on one bill. It could be installed by a single installer and, if there were any issues, there wouldn’t be fingerpointing by different vendors.” To contrast this at WiredIQ, the company replaced an entire room full of hardware with a single BrainBox at the Best Western Plus in Mesa Arizona. The phones, access points, surveillance cameras, SD-WAN, network security (SASE), and automatic LTE backup. One BrainBox, One Relationship, and One Bill. Clients, however, are not the only ones benefitting from this simplified system. “The partner also makes out well,” said Rhem. “When you’ve got seven or eight products to sell in one box, you can walk in and quickly find out what the customer needs. We average three times as much revenue per customer when compared to selling a single solution like voice or SD-WAN. Once this platform is in place it takes over everything else. We call that land and expand. Your customer becomes sticky because competing sales entities cannot uproot your customer when you have already sold them a platform that does everything they need.” For a first-hand look, visit the WiredIQ booth (#1807) at Channel Partners. There, it is demonstrating new IoT technology, as well as a unique Smart Office service that provides middleware integration for dragand-drop workflow, helping manipulate physical cameras, burglar alarms and access control systems. “We’ve got a wonderful voice platform that’s about half the cost of most competitors and has more features. At the end of the day we only have so much time, and managing things is difficult,” said Rhem. “When you buy equipment, you think you have something,” Rhem concluded. “It really has you. You need to take care of it. You need to maintain it and know that it’s working. WiredIQ simplifies that and makes it less expensive, putting it all together as one relationship and one bill. That’s what’s really unique.” o For additional information on WiredIQ and its portfolio, including BrainBox, visit www.wirediq.com or call (941) 615-1005. PROFILE Triple Residuals with WiredIQ’s BrainBox SASE Appliance By Brady Hicks One BrainBox | One Relationship | One Bill 22 THE CHANNEL MANAGER’S PLAYBOOK
100% Channel Focused Why Partner With A Service Provider Who Competes With You? For more information on becoming a partner: www.nuso.cloud/partners | 844-438-NUSO Superior Quality, Reliability and the Highest Customer Retention in the Industry! Control Your Margins for More Revenue World-Class Support and Service Changing the Velocity of Cloud Communications Expert Training and On-Boarding Real-Time Provisioning Visit nuso booth #1925 at Channel Partners Expo
Overcoming Fear Fatigue How to limit risk in a changing work landscape By Brady Hicks In just two years, the work world has changed so much. With the onset of a global pandemic, staff members were forced to abandon their offices, workspaces and cubicles in favor of a strange yet familiar setting: their homes. Employees were immediately thrust into a largely unsupervised environment in which they tried to maintain productivity despite being unable to connect and collaborate with others face to face. Compounding this issue is the expanded attack surface. As organizations increasingly adopt remote and hybrid work policies – with 61 percent of employees, according to Pew Research Center surveys preferring this model despite a return-to-office path – they can grow their workforces into newer, more far-flung locations. No matter how small the operations, the modern business can now span the country or even the world. With this enhanced opportunity, however, comes inherent risk. Today’s cyber-attacker is constantly developing new and sophisticated ways to thwart antimalware services, outsmart security policies and gain access to vital information. Every Wi-Fi connection, vid24 THE CHANNEL MANAGER’S PLAYBOOK
Enable hybrid workers. Simplify IT. Modernize the delivery of secure cloud desktops and apps with Ericsson Wireless Office. Much more than traditional VDI and DaaS, without the complexity. Partner with Ericsson today. 833.991.9679 | wo-partner@ericsson.com #wirelessoffice
eo call, online storage option, shared login and recycled password opens a potential hole for the bad actor to exploit. Cyber-criminals are well practiced at targeting this widened attack surface, while employees’ poor choices are seemingly also not going away. Today’s remote worker usually sits alone and is unsupervised throughout the day. For many, it has been this way since the most disorienting early days of COVID-19. According to American Medical Association Senior Digital Fellow, Dr. Anna Yap, one resulting malady is caused by “loss of social connection.” With “COVID fatigue,” workers tend to experience lower energy, increased apathy and, in some cases, complete burnout. These feelings, however, can also manifest in other dangerous ways, such as “fear fatigue.” With this form of exhaustion, the worker grows complacent with the numerous – and often perceived as unnecessary – security measures that he or she needs to follow as a teleworker. Complacency has become a natural result of being force-fed corporate policy that dictates they should be fearful of incessant outside attacks. Most staffers have at least a basic understanding of the risks they are taking by skirting policy but have simply grown tired of the inconveniences that sound cybersecurity habits can present. Compounding this issue is the overwhelming nature of what is at stake. The decisions made by today’s remote worker – good or bad – can have real-world implications on the employer. It is not merely the single worker ’s logins, correspondences and accounts that are potentially left vulnerable. The company’s sensitive data and overall wellbeing are exposed as well. The Dangers Fear fatigue only compounds the growing risk to which companies are exposed. The work-from-homer can become apathetic to the notion that their online decisions can have a direct impact on the safety of company information and operations. In many cases, they know the organization’s cybersecurity policies and best practices but simply do not embrace them. It can lead to sloppiness with personal choices that are so critical: sharing passwords, failing to create new ones, opening email attachments or even not securing an internet connection. While instances of this may seem to be isolated, new data published by Malwarebytes suggests that fear fatigue may be far more treacherous. This study determined that 61 percent of staff members experience fear fatigue, with as many as 27 percent feeling “particularly overwhelmed.” In other words, the modern workforce has grown increasingly tired of being afraid. “Organizations showed great versatility in shifting to dispersed work environ26 THE CHANNEL MANAGER’S PLAYBOOK
ments,” noted Adam Kujawa, Malwarebytes labs director, adding that “it also brought to light the need for an entirely different and more robust approach.” So how can you fight fear fatigue when you cannot sit with each remote employee and assist their decisionmaking process? Generally speaking, there are two schools of thought. Promoting Improved Awareness One involves bolstering employee education and general knowledge. According to Malwarebytes, 69 percent of organizations believe that workers need improved IT resources to make them generally more aware of cyber-risk. By combining cybersecurity training programs and innovative tools, the employer can help the remote worker to identify and prevent a dangerous situation, while also feeling more comfortable in turning to the organization should the need arise. While education can probably never hurt, this plan admittedly fails to fight fear fatigue at its source. It does nothing to tackle the general nonchalance and malaise that it can cause. Education presents the equivalent of taking an arachnophobe to a spider museum. Still, most experts believe that the best way to cut down on poor decisions is to eliminate misinformation in any way possible. Take the Choice Out of Their Hands Another way to fight the risks inherent with fear fatigue is to automate as many cybersecurity practices as possible. Some ways to accomplish this goal include: Increasing Reliance on CloudBased Collaboration – These tools generally feature automated security and encryption to protect information, regardless of the individual poor choices made by the worker. Automated Online Backup – By employing, for example, geo-redundancy, data is stored across multiple, remote locations to promote continuous access with minimal downtime, even if the event an individual file is compromised. Mandated Password Management – Require frequent password changes and prevent credential-sharing across multiple systems in order to isolate any account should it be compromised. Identity Management Systems/ Passwordless Options – Reduce the opportunity for penetration by eliminating the chance of credential misuse. Anti-Malware Detection – Critical to diagnosing malware before it can do too much damage. Mandatory VPNs – This is one proven way to secure the at-home network – and subsequently any networks to which the remote worker’s system connects – against penetration. As organizations continue to adapt to changes in the landscape, tweaks to their own strategies will also be needed. After all, malicious online activity is unlikely to disappear. By focusing on a two-tiered approach of limiting remote worker choice and increasing their understanding, today’s companies can help to limit not only poor employee choices but also the chance that those decisions could have devastating consequences. And, given how much the work world has changed in the last two years, fear fatigue is as unlikely to disappear as the actual cyber-attacker. J After being home for 18 months, what has changed about your company’s security posture? (Check all that apply) We have implemented new tools to enhance security 74% My organization has implemented new trainings to enhance security 71% We have required additional securities measures (MFA, etc.) 52% My organization has updated our crisis management protocols 49% We have continued the same way as at the beginning of the pandemic 13% Source: Malwarebytes 27 THE CHANNEL MANAGER’S PLAYBOOK
channelvisionmag.comRkJQdWJsaXNoZXIy NTg4Njc=