Security Channel Chiefs: 10 Ways Solution Providers Can Be More Successful Selling Security
The Solution Provider's Role
The security market is exploding and presents a significant opportunity for solution providers and MSPs who can position themselves to take advantage. In a security roundtable discussion, held at XChange 2017 in Orlando, Fla. last month, top security channel chiefs discussed what they see the most successful solution providers doing to make the most of the security opportunity. The roundtable included Kaspersky Lab Director Of Channel Marketing Kevin Lozeau, Fortinet Vice President of Americas Channels and Emerging Technologies Joe Sykora, Sophos Vice President of Global Channels Kendra Krause, Crowdstrike Vice President of Business Development, Alliances, and Channels Matthew Polly and McAfee Head of Channels And Operations for the Americas Ken McCray. Take a look at 10 things they said they see helping solution providers maximize their success in today's security market, as well as position themselves to win in the long term.
Integration, Integration, Integration
All of the security channel chiefs agreed that integration among different technology categories in security is key for success. However, they said they are each approaching that integration need in different ways. Fortinet's Sykora, for one, said security vendors need to open up their technologies to facilitate that integration, both with API integration and deeper technology partnerships. He said that is key for partners to get technologies integrated but maintain ease of management. McAfee's McCray (pictured) agreed, saying the company is also working to form industry partnerships in addition to organic innovation to help partners integrate across the security stack.
"We can't do it all," McCray said. "It's spurring us to innovate and to partner. … You've got to be real with yourself to say, 'What do we do and what do we do well?' If you don't do it well, you partner with someone."
Krause said Sophos also sees integration as key, but is looking to focus on integration within its own portfolio, providing a full set of security offerings for SMB and midmarket partners that are integrated with the company's security Heartbeat technology.
Make It Simple
While security is becoming more complex by the day, the security channel chiefs agreed there is a massive opportunity to help customers simplify their security stack and security management. Sophos' Krause (pictured) said the SMB and midmarket in particular are looking for simplicity, especially looking to utilize managed services as an option to help them do that.
Next-Level Managed Services
In a world of advancing cybersecurity threats, security channel chiefs said the traditional MSP security model of log management just won't cut it anymore. Crowdstrike's Polly (pictured) said MSPs "have to evolve," taking advantage of machine learning and artificial intelligence to spot anomalies and perform other baseline activities, then providing more specialized remediation and incident response services.
"The managed service has to be more than just passing along alerts or looking at logs. They have to provide that remediation. … That's where the managed service providers really have to really innovate and become the experts on how to remediate these problems," Polly said. "If they can evolve that managed service to help with incident response and reduce the time from breach to remediation, they would mop the floor with their competition," he said.
Get Back To Basics
Kaspersky Lab's Lozeau (pictured) said recent ransomware attacks, including WannaCry and NotPetya, have put the importance of getting back to basics around security at the forefront. He said there is a significant opportunity for partners to help their customers with patching and other basic security foundations to prevent these types of attacks.
"At the end of the day, it's not enough for a customer to buy the software and install it. … If they don't have the staff to maintain it and continue to follow the steps of all the updates and patches and everything, … it's kind of all for naught," Lozeau said.
Get Cloud-Ready
The cloud is here to stay, and security solution providers are in the perfect position to help customers navigate the transition and secure their cloud data and applications, the security channel chiefs all agreed. Crowdstrike's Polly said the cloud expands the threat surface, extending it from the laptop, server, and desktop outside of the network perimeter. Fortinet's Sykora (pictured) said that expansion presents a significant opportunity.
"There's a lot of confusion, and in confusion there's opportunity. Any partner out there who cracks that is going to be well-positioned," Sykora said. All of the vendors said they had formed partnerships with Amazon Web Services and Microsoft Azure around cloud security and are working to adjust their compensation and go-to-market models to meet new cloud consumption models. Sophos' Krause said partner models also need to adapt to meet the new world of the cloud, saying she is seeing born-in-the-cloud resellers and larger resellers really honing in on the market around security.
Partnering Outside Technology
Crowdstrike's Polly said he sees an opportunity for partners to branch out of the technology space and form partnerships with other industries around security. He said Crowdstrike has already looked to team up with law firms and insurance companies, both of which are looking to get into security from a different angle. He said those companies are looking to engage with industry partners around breach insurance and post-breach business needs.
"The cost of breach has gotten so high that we're seeing innovation not just from technologies and not just from customers and partners, but from law firms and from insurance as well," Polly said. He said there's an opportunity for partners to engage with these companies to help customers lower their premiums through better security, saying Crowdstrike is already working to engage with them around that type of a deal.
Educate Customers On Ongoing Risk Of Phishing
The risk of phishing persists, and security channel chiefs said partners can play a key role in educating clients on how to prevent a successful phishing attack. Sophos' Krause said phishing attacks are getting more sophisticated, citing the example of an email that circulated around the security vendor recently that looked exactly like it came from the CEO (Krause said she didn't click on it). She said partners can use anti-phishing technologies to prevent phishing attacks from getting through, as well as educating customers to recognize a phishing email. She said there are tools, including one offered by Sophos, that can send simulated phishing attacks and track employee improvement on phishing education.
Take Advantage Of Vendor Education Initiatives
As security partners face a shortage of trained security talent, vendors said they are looking to help as best as they can with free training for sales and technical staff. Kaspersky's Lozeau said a recent company found that two-thirds of MSPs feel as though they don't have enough security staff to meet demand. Channel chiefs from all the vendors said they offer some sort of training for partners, dedicated training events, as well as memorandums of understanding with some partners to put dedicated staff on site to focus on the vendor's technology or related consulting practices. Lozeau said security vendors have a "certain responsibility to provide that to our channel partners." However, he said partners also face a hurdle as partners team up with multiple vendors, then face constraints on how many engineering hours they can spend on training.
"I don’t think you can do enough [training] events for partners," Lozeau said. "I think the challenge is with the partners is they have limited engineering staff."
Focus On Security
When it comes to security, partners can't dabble, security channel chiefs said. McAfee's McCray said the partners he sees being most successful are the ones who are specializing around security. He said McAfee has "collapsed its channel" to focus its investments on those partners who are specializing in security and can provide highly capable services, instead of those just looking to grab a piece of the market.
"There are partners who are good at security and there are partners who just want to be in the security game," McCray said. "I still like all partners and I still want to work with all partners. But, to get to the core, partners who can actually remediate and make sure that the customer experience is what we expect it to be [are key]. It takes a lot of focus."
Get Off The Fence
McAfee's McCray said partners need to "get off the fence" when it comes to working with security vendors. He said partners need to pick a set of manufacturers that they will lead with and commit to those vendors, and in return the vendor can commit more resources to engaging with and supporting them.
"[Partners need to] get off the fence. They need to pick a vendor and they need to establish a relationship with that vendor and they need to go to war with us," McCray said. "Partners who are walking in with us one day and walking in with my competitor the next day, that's a problem for us."
Fortinet's Sykora (pictured) said partners will also be successful if they double down with fewer vendors, as more vendors means more money in education and training. He said he is seeing more and more partners make the move to consolidate vendors and double their focus on Fortinet or another security vendor.