IDL, an independent consulting company that markets channel programs for the IT industry, has landed in Australia. CRN talks to IDL’s UK-based CEO and director of strategy, Neil MacArthur, about the company’s plans here and how resellers can provide businesss-wide compliance for their customers.
CRN: So what is it that IDL does?
MacArthur: We’re a thought leader in the area of channel programs. What I do is work with [companies] like IBM and StorageTek in developing new channel programs. If you’re the president of a VAR, we’ll just look first of all at their business and work out what they want to try and achieve. If you look at a lot of VARs today, what they want to achieve is better services, revenue and technical utilisation. The way to make money as a VAR business is [through] a services model.
What’s happened traditionally is the service model has been wrapped around the infrastructure -- with a storage or server implementation [for example].
Even the services that represent the margin are being sucked into the margins of the hardware because it’s quite easy for the customer to negotiate. They know how long it takes to put in a server, so even the services [margin] isn’t so strong.
So what we started to think -- what would we look to try and do if we were running that business? What would we look to do? And clearly that is to add value.
What can I do to sell my services at a higher rate and what can I do to make those services more appealable? So we work with the [vendors] to actually understand the business model of the partner and then formalise a program around the business case for the partner. And then we take that to the vendor as opposed to the technology play.
What IDL does is reach over to the technology vendor and say, ‘Hang on a second, let’s look at this guy’s business model, let’s make them successful and then come back into where your products figure in this.’ That’s what we do.
CRN: So you consult only with the channel partner/VAR?
MacArthur: We are only interested in the business success of the VAR and then taking the MDF funds or the other resources of the vendor and align those to their business model. That’s why I’m here because what we’re launching is what we call a ‘compliance program’ because the really big plays of a VAR today worldwide are risk and compliance. We see it as so significant for the VAR, the systems integrator as well as to some degree the ISV.
What this [program] does for the first time is actually give the VAR revenue value -- so instead of [having margin] all tied to the hardware or the infrastructure, it’s now tied to the issue that the customer is dealing with. So that puts you in a more solution-selling environment.
CRN: What do you see are the issues -- if you’re a reseller or any type of channel company -- when it comes to compliance?
MacArthur: There are emerging new decision makers at the customer [site]. If you take a medium sized to enterprise company, what you’re seeing is people like compliance and security officers coming into play. Suddenly the organisation is realising that compliance is a complicated problem. So the first [people] they get involved with are auditors and attorneys -- they get to the local CPA firms, get their processes and policies sorted out.
One of the problems associated with that is there are manual semi-automated processes and these people are not IT experts, they’re experts in risk and compliance. What they do is help organisations setup a compliance program through a policy and when that company chooses to implement that policy, they will meet whatever those compliance guidelines are. For example, a bank or a credit union having to meet Sarbanes-Oxley, Basel II, anti-money laundering. That’s complicated stuff if you are an organisation having to do it yourself.
Risk and compliance has become a whole issue for end users. The problem is the policies that are being put in place by the auditors and the attorneys are policies that don’t really fully integrate the compliance efficiently within the organisation because they are not experts in that field.
We saw the gap between the emerging market for end users to get involved in risk and compliance policies and the efficient implementation. How much pain is there out there from the end user point of view in taking those policies and executing them efficiently? What’s the execution got to be? It’s got to be storage, networking, reporting, recovery, business continuity. Whose job is it to do that? Well, it’s the VAR’s job, it’s the systems integrators job.
So we said, ‘Where’s the bridge between these risk and compliance policy makers and the VAR?’
What we saw was the VAR was talking about [technology] only. So there was a huge gap here -- how do we take the VAR and make them aware of what the customer is dealing with? What I’m here to do is show a pre-formatted program that helps you engage in this type of business.
CRN: Do you see a lot of confusion out there in the VAR channel?
MacArthur: It’s absolutely enormous. One of the biggest confusions is ... a VAR is reluctant to get involved in risk and compliance because they think their job is to make the customer compliant, and it isn’t. The big difference is their job is not to make the customer compliant – it’s to reduce the cost of compliance and allow it to be monitored.
So for example, all US publicly held corporations operating out of Australia have to meet Sarbanes-Oxley 404 Internal Controls. (Section 404 requires a company to take responsibility for establishing and maintaining an internal control structure and procedures for financial reporting). The deadline for that was the 15th of November last year.
So those subsidiaries of US companies or US corporations operating out of A/NZ right now have a problem, and that is how to reduce the cost of meeting those compliance requirements. So firstly they have to figure out an infrastructure play that’s going to deal with that around storage, server integration and so on. And the second thing they’ve got to work out is, ‘How can it be monitored efficiently by their auditors?’ Because Ernst and Young [for example] may come along every quarter and plug into that company and make an assessment about its risk and compliance strategy and how it’s meeting Sarbanes-Oxley.
The core business of a VAR is to reduce the cost of meeting certain business requirements. So what we’ve done is formalise the program which a vendor such as IBM [or] HP can get involved and demonstrate a business case to the VAR. I want to make the VAR a successful business. We focus on that and go to IBM and say, ‘Look, take your [MDF] funds and invest in this way, it will pull through your product and gives the VAR a solution sale’.
CRN: If this gap is not filled, what are these VARs going to potentially come up against if they don’t have the skills that are required?
MacArthur: If you talk at the top end of the market -- Deloitte, CSC, Accenture, Cap Gemini -- these players already get it. The mid-market is going to have to figure a way. The first thing that will happen is internal IT departments will do it themselves.
So the CIO will turn around to the head of compliance and say, ‘Our VAR doesn’t have a clue about this’. If you’re talking from an end user point of view, most CIOs will ask, ‘What can I do to extend my department?’ So one option is to say that the internal IT department will win the business. The second is hosters, IBM’s on demand strategy or HP’s Adaptive Enterprise strategy. You imagine ‘compliance on demand’.
It will become a combination of hosting, outsourced services, so a lot of the hosting and outsourcing companies will realise that there’s a big play there. Now if I’m a VAR suddenly there’s nobody to sell to. I’m not going to sell to the hoster.
The end user is buying the service and I’m potentially being taken out of the play. So what were trying to do is say, ‘No you don’t have to be taken out of the play, just focus on what is a true business case and maybe even team with a CPA firm’. The end user wants the accounting advice and to reduce the cost of compliance.
CRN: What about the businesses that do not have an IT department? There are a lot of VARs that service those types of businesses.
MacArthur: This is where the VAR could see managed services. One of the things about Sarbanes-Oxley is that the US subsidiary company has to be audited every quarter, which means you’ve got to run a whole series of reports.
That means VARs have the opportunity to develop a managed service proposition in conjunction with a CPA to help them run those reports and give the report to the audit firm and say, ‘OK we’ve run the reports for you and we’ll do so every quarter and at the same time, we’ll do a health check on the system and we’ll charge you a fee for that’. It’s giving the VAR a much more optimistic outlook.