It's not quite boom time but growth remains a certainty for the IT security channel. From top-end vendors through to savvy channel partners, there is an abundance of forces driving security innovators to continue to invest in solutions that best guard end-users from malicious activities, despite the economic downturn.
And today there's all the more reason for end-users to spend money and time implementing them. Generally, such motives include protection against surging cybercriminal activity, but in these economic times there are a variety of reasons compelling CEOs to spend, such as the protection of sensitive data from spiteful former employees and compliance requirements.
In a recent research report, The State Of Enterprise IT Security: 2008 To 2009, Forrester Research reveals that this year's hot security areas include data security, application security and managed security services, with an additional focus on business continuity, access management and client security.
Another contributing factor is that businesses simply need to cut costs to compensate for reduced revenues and CEOs are on the lookout for innovative measures to help them do just that while their systems remain safe.
Who's spending?
Globally, varying reports highlight the fact that IT security spending is defying the downturn. The buoyant signs appeared just weeks after September's stockmarket meltdown. A report from Forrester Research stated that "the role of the security and risk management professional is never going to be more important than it is right now".
Similar signs appeared as the months went on. Finjan, a vendor of secure web gateway products, conducted an online survey of 200 IT and security professionals in the US in December. It revealed that IT budgets for 2009 were reduced compared to 2008, however the IT security budget outlook was more optimistic. About 38 percent of all respondents stated that they do not expect a change in their 2009 IT budgets, while 34 percent of the respondents indicated that their IT security budgets for 2009 will increase. The survey also found that the upward trend in IT security budget allocation was more pronounced in the financial and governmental sectors than in others.
Similarly, in Australia, the general view is that all verticals, especially government, are continuing to buy security, and only large projects have been put on hold.
In the case of network and gateway security vendor Check Point, government has probably spent more in the past six months across local, state and federal, with proportionally more in local government, says Scott Mckinnel, regional director for Australia and New Zealand at Check Point. "Additionally, we're getting our business out of education, infrastructure utilities, manufacturing and secondary financial institutions."
Allen Male, vice president for open source vendor Sourcefire in Asia Pacific and Latin America, says unfortunately, no vertical is immune to security threats and the bad guys are looking for opportunities across the board. He too sees significant traction in government, as well as financial services, utilities and natural resources and retail industries. "All these verticals continue to purchase but are very focused on total cost of ownership and reducing operational costs," he says.
Dominic Whitehand, manager director of distributor WhiteGold Solutions, agrees that government is still buying but he argues education will also remain strong due to the Digital Education Revolution initiative and associated funding from the Federal Government. Furthermore, he says carrier and ISP businesses will still buy security technologies. The need for security is "driven by the massive increase in content demand and needs to be provided at the gateway level to protect their end-users," Whitehand says.
However, Whitehand's confidence is greeted with caution as other sectors plummet. "The next 12 to 24 months will certainly be an interesting and perhaps nervous ride for everyone in the channel. Retailers who carry clothing and luxury items such as cars are very likely to be stagnant or very poor performers, while food retailers look set to perform very well and will therefore have an increased likelihood of spending on technology," he says.
Local reseller Dimension Data's financial year 2008 ended in September. It exceeded its targets for the year despite the credit crunch and is now six months into its 2009 financial year. It has hit all its financial targets so far, claims Darren O'Loughlin, general manager for security. "Dimension Data is measured on technology, professional services and managed services. In each metric we're clearly seeing growth. Our new financial year targets weren't set flat, they were set with growth in mind, so for us business is increasing."
The reseller's key partners are McAfee, Check Point, Nokia, Crossbeam, RSA, Cisco and Blue Coat. Based on its forecast for security projects, the future still looks really healthy. However, Dimension Data has seen a move towards professional services in sectors in which it previously may have had technology sales, says O'Loughlin. "Across the board we're engaged everywhere," he says. "Some larger projects are postponed or scaled back but from our forecast and pipeline perspective there's more than enough there to show all verticals and client requirements are still there."
Fighting the slowdown
Regardless of the specialty, a majority of security vendors and their partners have posted growth in their quarterly and annual financial statements. And even in this cash-strapped global economy, security giants from around the world have continued to report cash balances that climb up into the billions.
Check Point's Mckinnel believes the positive cash flow reports are a response to the dotcom bust earlier this decade. "I think a lot of people running security companies were a little bit rattled after the dotcom crash in 2001 so there was a big shake out then," he says.
Check Point itself reported US$1.444 billion in cash and investments as of 31 December, 2008 compared to US$1.242 billion in 2007, and the vendor doesn't see that changing. "I can assure the expectation for the Australia and New Zealand business unit is growth," Mckinnel says confidently.
"We haven't seen anything yet. We know somewhere most markets will be hit somehow but no one really knows when or what.
"For us what we're really doing in terms of battling through is continuing our normal products and planning and revenue growth as per our normal business."
Part of Check Point's success story is aligned with the company's fiscal policy which remains consistent regardless of the economic times. "The reason why we're not out of control is because we run a fiscally tight company and have done so from day one," says Mckinnel. "It's fair to say the American culture is famine and feast: in the good times they put on a lot of staff and go on these massive expansion schemes because their employment legislation allows them to and when they are in the bad times they cut, cut, cut.
"[Instead,] we run a very lean model when it comes to staffing numbers," says Mckinnel. According to the company's CEO, Gil Shwed, Check Point will not be making any redundancies of staff globally.
The vendor will not be making any staff cuts from Nokia's Security Appliance Business unit either, which it acquired in December. "Making an acquisition in this market and then actively seeking not to make any redundancies probably gives you an idea about the strength of the company," says Mckinnel. "Instead, Check Point is on a big cost-reduction exercise which includes restrictions of expenses such as travel."
For RSA, the security arm of storage giant EMC, business in Australia has doubled in size in the past 24 months. Revenue grew 39 percent last year compared to the previous year and the company forecasts 30 percent growth this year.
"Locally that's what our expectations are [based on] the way we're looking at the business right now and the projects our customers are talking to us about [that] we can see will materialise," says country manager Mark Pullen. He says the growth is the direct result of the solution space RSA is in - information governance. "These are the challenges enterprises have, the management of risk around information," says Pullen.
Privately owned Russian internet security vendor Kaspersky Lab also forecasts an upward trend this year and sees strong growth across all the regions it sells in. The Asia Pacific region is among the company's fastest growing. "We are broadening our distribution channels everywhere," says Alexey Gromyko, director of channels Australia and New Zealand.
Kaspersky's local business grew by 165 percent in 2008 and in 2009 the company expects this figure to grow significantly, particularly as the vendor forms new alliances in the tier one retail segment, explains Gromyko. "It's important to note that in other markets, such as parts of Europe and in the US, Kaspersky is growing very quickly. We know the competition is worried about our success, and they know our future product roadmap is very strong," Gromyko claims.
Meanwhile, in its December 2008 quarter, internet security firm Symantec reported a non-GAAP (generally accepted accounting principles) revenue growth of 1 percent over December 2007. The vendor claims its growth is driven by consumer, storage, data loss prevention and services businesses. The Europe, Middle East and Africa region represented 31 percent of total non-GAAP revenue for the quarter but declined 9 percent year-over-year.
Instead, the Asia-Pacific/Japan revenue for the quarter represented 14 percent of total non-GAAP revenue and grew 1 percent year-over-year. Overall the company is in a strong cash position exiting the December quarter with a cash balance of US$1.5 billion.
David Dzienciol, senior director of channels for Symantec Australia and New Zealand, believes there is a strong correlation between regulation in Australia and the continuation of the buoyant security market. There has been a steady increase in the number of regulations and laws in Australia that call for better management, security and storage of information.
"These legislative changes and compliance requirements are driving many Australian organisations - both large and small - and government departments to adopt technologies," Dzienciol says. "That will help them automate key IT compliance processes to reduce IT risk and operational costs while achieving internal and external compliance objectives."
Nick Verykios, marketing manager for Distribution Central, believes the mystery of cybercrime is keeping the market strong more than regulation. "You still don't know what the threats are that we're going to be protecting against. We just don't." He dismisses the notion that governance is the driving force behind spending in Australia. Instead he argues business continuity is what makes security vital to his customers today.
"The whole notion of governance has got away, it's moved from protecting myself as a director to true business continuity. It's now not so much around governance, which is the compliance story, but it's business continuity which is a tangible, measurable thing."
Verykios is yet to see a slowdown at Distribution Central. He says commoditised technologies haven't seen a slowdown yet, and a lot of the new breed security technologies are really starting to take off which is causing even more growth.
Meanwhile, sales are still looking strong for distributor Westcon Group. Stacy Hall, security and affinity business manager, says sales are strong and the pipeline is strong for the first half of this year. However, Hall admits a number of deals that were about to be signed off have stalled and come back out as tenders. "This we feel is to get the best technology at the best price from the entire channel. This has put pressure back on to everyone to reduce profitability."
What's hot?
For resellers, profits and positive cash flow are fundamental to the survival of business. While vendors are reporting large sums of cash and growth, what products will generate reseller profits and how can resellers jump on the growth bandwagon? It's all about cost effective technologies, says WhiteGold's Whitehand.
"Cost-effective technologies will be more prevalent this year. Therefore unified threat management (UTM) devices that provide protection from multiple threats will remain strong, as well as point solutions that perform well for a specific task (for example spam filtering) at a low cost both from an initial purchase standpoint and, more importantly, from an ongoing maintenance standpoint."
Fellow distributor Weston Group agrees but says the benefit of unified threat management is that it allows a collection of technologies to operate in a single console. UTM's appeal lies in its easy deployment and because it is very cost effective in rack space and time to deployment, says Stacy Hall.
He adds: "All products/technologies still have movement except for advance technologies; they will be put on the backburner until capital spend is freed up. Maintenance and support contracts are going to be important now more than ever to ensure they can keep themselves up to date with the latest releases."
Further drivers this year will be data loss prevention technologies and conversations around privacy, says O'Loughlin from Dimension Data. "It can be manual as well as technical processes and clearly that will link into privacy concerns, regulatory and compliance requirements such as PCI requirements around application firewalls."
Symantec forecasts big opportunities in the endpoint management space including data loss prevention, software-as-a-service and compliance. "Information continues to grow at an astounding rate and as such, protecting information should be a top business priority," says Dzienciol.
"By focusing on information-centric security, partners are able to take a risk-based approach that allows their customers to more efficiently secure and manage their information. And by taking a risk-based approach to their security needs, partners are helping their customers make the most out of their IT spend," he says.
Aside from data leakage prevention, Symantec also forecasts strong growth in its storage, backup and security products where there is plenty of ROI. The vendor claims the data centre business will drive storage and server management opportunities for the channel.
"Our backup and de-duplication products continue to generate a lot of customer interest. The transition of NetBackup to a platform-based architecture has enabled customers to take advantage of features, such as disk space back up and virtualisation," Dzienciol says.
With a significant increase in sales of security products, Data#3 grew its overall revenues by 46 percent last year. Laurence Baynham, group general manager, agrees that virtualisation is hot this year as it fits in with the year's theme of doing more with what you have and receiving a higher return.
For open source enthusiasts, Sourcefire claims its collaborative approach gives its products an advantage, says Sourcefire's Allen Male. "The extensive adoption of [intrusion-prevention system] Snort worldwide provides a great opportunity for Sourcefire's resellers to upgrade Snort users to commercial offerings," says Male. "The full range of Sourcefire solutions are priced right for the market and offer significant value to reseller partners not only in margin but in services offering potential.
"Sourcefire offers the channel and resellers some differentiated solutions that are gaining significant market attention," claims Male. He points to the Sourcefire 3D9800, an appliance designed to support up to 10Gbps of IPS throughput, and Sourcefire's RUA (Real-time User Awareness), which links user identities to security through their IPS system.
Security is quite profitable compared to other tech sectors, says Check Point's Mckinnel. In fact he almost guarantees its profitability, because of the complexity involved. "There's the implementation services which you would traditionally get with the technology and then there's additional consulting services and professional services.
I'm talking about everything from preliminary consulting to doing rules-based security assessments right through to the physical implementation and documentation," he explains. "Profitability depends on the sophistication of the project and how much the customer outsources. Ongoing support services are also critical."
Channel assistance
This year, vendors and their partners will need to work together to overcome the falling economy. It is clear that security is defying the downturn and whatever cuts are made to IT budgets, security is less likely to be affected. Vendors and partners can avoid the worst by communicating and listening to each other. The key is to have open and transparent conversations with partners, says Dimension Data's O'Loughlin.
"We feel that [vendors] are moving closer to us as indicated by their readiness to back a large integrator such as Dimension Data," says O'Loughlin. "They need to maintain their relevancy to me as an integrator. I also need them to assist in terms of making sales easier, turning quotes around quicker, ensuring the demo stock is available and they just need to be fair and relevant to us and the way we go to market."
However, O'Loughlin says distributors are being very cautious in this market and won't extend too much credit. Data #3's Laurence Baynham agrees and would like to see more help from this direction.
"Volume rebates are always welcome especially when they add value and are relevant to the business."
Verykios from Distribution Central agrees it's his job to come up with creative terms of credit.
"We've had finance from day one which includes our seven options on how to finance a deal. It's become more and more relevant today than ever. Other distributors are doing it which is encouraging."
Recently, Westcon Group launched a financing offering for resellers called Westcon Capital. Dean Douglas, chief operating officer at Westcon Group, says it will give resellers a great deal more flexibility and liquidity. "We're very excited about it," he says.
Meanwhile, distributors want vendors to provide easy to buy, innovative technologies backed up by marketing, says Westcon Group's Hall. "Making it simple will ensure customers come to them for solutions in a tight market," he adds.
Verykios agrees: "We want vendors to go out and create as much end-user demand as they possibly can and put some excitement in their technology. They have to commoditise [technology] as quickly as they can. The channel has to do the rest."
In order to support their partners, it appears security vendors are finding ways to invest. In the case of RSA, country manager Mark Pullen says its entire increase of APAC resources will be spent to support its channel growth. "All of my headcount plan and every new additional head this year is in the channel team.
"We've been out talking to our key partners about what we're doing and how we plan to help them grow their business," he says.
Pullen says there are a few things solution providers can do to weather this economic storm and position themselves for growth in 2009.
Symantec's partner program is offering several programs and incentives to help partners drive new business, identify growth and find opportunities, the vendor claims. These include programs such as Opportunity Registration, the Symantec Referral program, the Aspire Rebate program, SMB Specialisation and SMB One-to-One portal. In addition, Symantec offers partners access to online marketing campaign materials and tools.
Symantec is also investing in training and support. One of the biggest issues Symantec hears from its partners is how to show customers ROI more quickly - which is critical in today's economic environment. "By understanding the depth of products and how they integrate and play together, solution providers can frame the business conversation with customers and help them understand the business results they'll achieve. In that light, we are offering our partners new education and training tools, such as the Symantec University for Partners program, to help them drive greater profitability."
Meanwhile, Sourcefire is hiring a "channel czar" and making investments in training, demo labs and tools specifically for the channel. In addition, the bulk of its marketing investment in APAC goes to supporting the channel and helping partners increase awareness, conduct education events and build their pipelines, claims Male.
Kaspersky is about to launch a new Australia and New Zealand channel program in the next couple of months. The newly opened local office will offer improved support to the local channel, assisting its partners with marketing, strategic advice, technical support and account management, says Gromyko.
"We now have a new regional channel manager for Australia and New Zealand who will assist the channel in growing their specific market segments. We also have a new, 100 percent Australian-based technical support team which will not only help end-users but will also improve the channel's knowledge of the Kaspersky product range by providing training in Australia. Soon we're adding an account manager and a malware expert to the team in Melbourne, which will further strengthen our support to the channel," says Gromyko.
Dominic Whitehand sums up today's security market. "The market is still reasonably buoyant, but it will be interesting to see what effect is noticeable beyond April and May this year, as we enter what is traditionally the strongest quarter for IT-related sales.
"Most of the financial market gurus are predicting that April will see the first real signs of a true recession locally - and therefore there could well be a reaction in the market to that.
All these areas focus on reducing fraud and if you stop a dollar of fraud, that dollar goes straight to the bottom line. It's almost instant ROI," says RSA's Pullen.
-1.jpg&w=100&c=1&s=0)
.png&w=100&c=1&s=0)
