With each passing year, security vendors issue evermore dire warnings of what to expect from the online threat landscape.

Value-added resellers, systems integrators and managed service providers will have their hands full with respect to security, but what should be the top priority for them as we head into 2011? Partnerpedia asked a few IT security executives for their insights:

Dr. Hongwen Zhang, president & CEO, Wedge Networks:

“Given the state of economic uncertainty, we have found that businesses are focusing on three main objectives: growth, cost reduction, and compliance. IT departments are facing major challenges to fulfill these objectives due to risks introduced by the so-called ‘enterprise 2.0’.

“The growth of content borne attacks is outpacing the traditional network intrusion based attacks. These attacks are easily sneaking through mainstream filtering devices. The increased usage of third-party web services, cloud computing, etc., means the traditional perimeter-based solutions are confused and are losing effectiveness. Moreover, not only are employees using social tools more, but business usage of social media is gaining popularity, increasing risk and malware threats. Traditional reputation based security measures are powerless in dealing with this trend. Meanwhile, mobile security usage is now a primary IT challenge. With underpowered defense ability, sparse security intelligence update frequency, and data roaming outside of protected zones, the mobile data devices are sources of great security risk not only for enterprises but also on service providers/carriers that serve them.

“On the individual level, each of the above risks is a headache for the existing defense systems. Adding salt to the injury, the volume of these risks is increasing exponentially. It is estimated that typical bandwidth use of a business will increase four times from now until 2014. Conventional solutions that install on individual hosts or packet based inspections are no longer sufficient, real time Deep Content Inspection on the network is the only way to protect against these new threats.

“Given this dire state of security, I believe that the industry needs a shake up; new and innovative methods of ensuring only clean content are transmitted over the network must be deployed in order to eliminate these risks that have evolved beyond traditional scanning devices and security beliefs.”

Fernando Quintero, vice president, Americas channel sales & operations, McAfee:

“Data protection is and will remain a concern for our partners and their customers through 2011. According to Verizon’s 2009 Data Breach Report, 90 major breaches last year resulted in 285 million records being used for some type of criminal activity. With breach reports like these, it's clear that data protection must become a central focus in a business’ IT policies. They must increase their awareness of where critical data resides, how it’s used, how it leaves the protected network and how to protect sensitive and regulated data wherever it may be located.

“The consumerization of IT and explosion of mobile devices in the workplace further complicate data protection and will continue to do so in 2011, as more tablet and smartphone devices become available. We also see virtualization and the consolidation of security infrastructure and consoles as significant trends for our partner community in 2011."

Ian Moyse, channel director, EMEA, Webroot:

“Despite forecasts for 2010 predicting doom and gloom for the channel, we have seen successes coming from the growth of cloud and virtualization, two areas that can demonstrate rapid cost savings to customers in a time when the end user is pressured to do more with less. For an end-user IT manager, reducing costs whilst delivering enhanced services to their user base is not an easy task. This has allowed forward-thinking resellers to truly advise their clients and in reducing clients’ costs, they have grown their own sales in these new lucrative areas of technology. With the majority of security threats coming from the Internet, this has driven the need to fight the battle at its source, the Internet, which in-turn is driving an awareness and growth in acceptability of cloud security.

“Cloud/SaaS has also started to level the playing field, with many smaller VAR’s able to compete on larger client opportunities due to the scale and backing that cloud providers bring . . . we have also started to see a new breed of reseller emerge. New SaaS-only resellers with a more cost-efficient business model that doesn’t require the costly infrastructure of engineers and backend costs associated with a reseller who has to support installations and break/fix.”

Daniel Stevenson, director, partner marketing, Iron Mountain:

“The channel (VARs, SIs and MSPs) are well-positioned to educate their customers when it comes to better securing their companies and their information. Vendors and industry associations tend to talk in general terms, while channel partners have the ability to understand each customer's unique environment and situation, and then recommend the right solution to fit those requirements.

“‘Security’ is still a very large and poorly defined category when it comes to technology. It ranges from technology to protect your physical assets, to technology to keep digital intruders out to protecting your digital assets. Smart channel partners will focus on areas where they have knowledge and expertise and can add value. Networking VARs are doing well positioning solutions that address network security, while MSPs and storage VARs are well positioned to help customers' select secure cloud storage solutions.

“We see two primary drivers when it comes to technology purchases (be they products on-premises or services): the need to be compliant or meet electronic discovery requirements and the need to secure an organization's information.”

Tony Bradley, chief product evangelist, Zecurion:

“Social networking will continue to be a double-edged sword for businesses. Customers will need products and services that help them take advantage of the benefits offered by services like Facebook and Twitter, and at the same time recognize and manage the risk of leaking sensitive information. The challenge will be to find solutions that mitigate the risks without taking draconian measures like simply banning access to social sites that might also hinder legitimate productivity and marketing opportunities.

“The rise of mobility -- and the evolution of the capabilities of smartphones and tablets -- put a nail in the coffin of the concept of a ‘network perimeter’. The days of an ‘us vs. them’, inside/outside approach to security and data protection are long gone. Malware will continue to exist, but with the state of malware detection tools it is almost a trivial threat for many organizations. The bigger issue is the threat of authorized insiders exposing or compromising sensitive data, either intentionally or inadvertently, and of gigabytes of data being so easily lost or stolen on mobile devices and removable media. Customers need tools that protect data no matter where it is, without regard for being inside or outside of the network.”

Fred Patterson, director of enterprise channels, Symantec (Canada) Corp.:

“A top priority for the channel in 2011 will be to help customers protect their information from cyber threats. According to Symantec’s 2010 Information Protection Survey, more than two-thirds of Canadian small to midsized businesses saw cyber-attacks in the past 12 months.  In fact, 28 percent said those attacks were somewhat/extremely effective. With cyber-attacks becoming more significant and focused, SMBs are turning their attention towards prevention as just one attack can compromise critical information and impact profitability. It will be important for system integrators, managed service providers and VARs to help customers prepare for such cyber-attacks by recommending complete protection and by helping them educate their employees on best practices to prevent these attacks. Cybercriminals continue to play a cat-and-mouse game with security vendors. It is important for VARs to work closely with security providers so as to ensure customers stay one step ahead of them.”

Rick Carlson, president, Panda Security U.S.:

“Panda Security research proves that a third of all malware ever recorded was created in the first 10 months of 2010, and over 50 percent of malware is active for only 24 hours. The traditional client-server protection model simply cannot scale with this situation: It requires additional IT infrastructure and staff to manage the surge in threats, not to mention increases strain on individual PCs.

“Given the continued growth of malware we are seeing, cloud security needs to be a big priority for VARs, MSPs and system integrators next year because it delivers the near real-time protection needed in today’s environment without eating up system bandwidth. By bringing malware detection and remediation processes into the cloud, service providers can provide security at a lower total cost since no hardware infrastructure is required. The remote management component also means one guy can literally manage security for thousands of seats at a time. In short, cloud security services address the whole economies of scale issue in IT security that many providers are currently struggling with. While we saw numerous providers adopt this model in 2010, 2011 is going to be the year it goes mainstream.”