Security Lockdown!

By on
Security Lockdown!

Recently, market researcher Yankee Group predicted that 90 percent of global security infrastructure would be outsourced by 2010. Not surprising given that organisations are increasingly becoming hungry for the services required to protect their precious company data.

With the constant proliferation of attacks such as viruses, malware, spyware, phishing and in the worst cases, cyber terrorism, the security market is one of the very few in this industry that is on a constant upward trajectory. With many of these threats a reality for so many companies these days, the market is ripe for resellers and service providers to take advantage.

And coupled with a big trend towards outsourcing these services over the next five years, there are good dollars to be had for channel players in the right position – most certainly as managed security service providers (MSSPs).

Companies worldwide are also coming under pressure to comply with regulations such as Sarbanes-Oxley, and Basel II, and are increasingly turning to outsourcing. Yankee says the MSSP market will grow from US$2.3 billion in annual revenues in 2004 to US$3.7 billion by 2010.

If you believe Yankee's optimistic prediction for the future, MSSPs will dominate the security market in years to come.

But will this really be the case? Sven Radavics, country manager at security appliance vendor Watchguard certainly thinks so, despite commenting that Yankee's prediction was a bit ambitious.

Radavics says he would like to see the security market go down the managed services path. 'Security is an area that requires a lot of expertise and knowledge and that's always changing,' he says.

Over the past few years in Australia there has been a high adoption of managed security services by big enterprise clients, but the SME market is still behind mainly due to the fact that SMEs haven't been educated enough that managed services are available.

'Security consulting firms really have got the advantage. Security is not a box, security is a process not a product and that's where resellers that understand recurring revenue and consulting will have an advantage.'

Even today there are too many box droppers in the security space, he says. Watchguard trimmed its reseller base throughout 2004 in order to stick with 'the right resellers,' Radavics explains.

These days, selling security is about understanding business process, and managing and mitigating risk, not box dropping and basic consulting, as Radavics points out: 'I think a lot of resellers will sell a firewall today like a product. They'll sell basic consulting and that's it. They'll call [the customer] in a year and remind them that their license is due for renewal.'

Big security player, Symantec started selling managed security services in early 2003 and partner-wise, initially went down the telecommunications path signing up the likes of Optus and Macquarie to sell the service.

A year earlier, it had also spent US$145 million to acquire MSSP Riptech and with that acquisition came a partner program.

David Blackman, national VAR sales manager, says telcos are primarily focused on selling data and voice, not managed services, which presents a big opportunity for the channel. The telecommunications companies don't necessarily get it, he says.

Security and is extremely labour-intensive and expensive, Blackman says. 'If you have one firewall, one intrusion detection system, it could bring you [as a customer], one million log files every month. You would need five people to manage that full time. With one million logs, you could potentially have two serious threats. It's like finding a needle in a haystack.'

Therefore, for the channel partner, it's is a great business from a customer 'stick' point of view, he says. This nice thing about [offering] a managed service is that it's a monthly recurring revenue [stream]. You could sign a three year contract [with a customer] and people will know that they need you.'

Still, there's a huge learning curve involved in becoming an MSSP and the Australian market is behind other markets around the world such as Europe.

'In Europe, the channel and customers are much more educated about outsourcing security,' he says, adding that in Australia, we are behind in terms of channel training. We're [Symantec] investing heavily in training but it will take a lot of time,' he says.

Service provider SecureTel has been in managed security for the past five years and has built a successful business around it and brands itself as a secure ISP with upwards of 500 customers. These companies are under contract for everything from security packet filtering through to intrusion detection.

David Stevens, MD at SecureTel, says offering managed security is 'bulletproof' revenue-wise. 'We've got the voice, WAN and ad-on products and it's 100 percent recurring in its nature.

He agrees that it's a difficult market to play in given that threats are always changing. 'But the value proposition to the client doesn't change at all,' he says. 'It's all about scalability in this market too – you need to put the biggest and the best kit in place.'

Niche security value-added distributor Firewall Systems is running training sessions to educate resellers on selling security. 'The training sessions aren't about technology and the reason they're not about technology is that your customers aren't talking about technology.

'The IT channel is used to selling business productivity, applications, networks and all that kind of stuff. The entire channel is used to talking that way but when they're talking about security to end users it's like talking a different language.

'The end user is talking about risk mitigation – and that is at the governance level and it's also talking about business continuity at the CEO level,' he says.

Customers are interested in security policy and the reseller being able to provide a service level that meets that policy. 'They're saying: 'That's impossible for anyone to do unless you're a specialist – vendors aren't doing it and distributors aren't doing it. So we partner with our vendors at that level with a service model that provides monitoring and management services, renewal services and even products that we're going to be launching in the future.' Forthcoming products around neural networks (supposedly networks that learn and stop threats from happening) will be announced in the future, Verykios says.

'We'll be offering that service and what resellers will be selling is something that has a service level agreement attached to it, constant monitoring, managing and reporting and also updating so they've got an annuity stream coming their way.'

Firewall recently added the 'missing piece' to its managed security offering for the channel signing an agency with Exinda Networks. Firewall is marketing Exinda's Optimiser appliance which lets service providers report on their data communications and voice infrastructure and pinpoint where problems lie without any downtime (see story in Distribution & Logistics).

The important thing that resellers are understanding is that they have an opportunity to do two things,' Verykios says.

'Previously the best they could possibly do is rent a customer based on a drive-by [sale],' Verykios says. 'Now they can actually start to think about owning the customer. They can sit in front of them every month telling them what's going on in their network. Because of what they've sold them and made money on they can go further and say because of what we know, we need to do this to your applications and network services and they're actually starting to sell back to the customer what they're good at,' he says.

Generally, Verykios says resellers are finally 'getting it.' The Lanlinks, IBMs, as well as the Netlans and security specialists. 'Netlan are doing really well – talking our model and selling it to schools,' he says.

If you believe security specialist RSA Security, identity management is a hot area in the security market that the channel should consider.

The company market SecurID, an authentication product based on something you know (a PIN number) or something you have (an authenticator) providing a better level of user authentication than passwords.

Chris Wood, channel director at RSA Security, says the identity management market is one that is potentially very profitable for channel partners due to the fact that it involves a great deal of services-related work.

'For every dollar spent on software, three to five dollars needs to be spent on services. That kind of opportunity is interesting and exciting for partners,' he says.

In the MSSP market, the services portion is quite high because it's about how businesses manage their internal processes and it's not about just banging in a VPN,' he says.

Symantec's Blackman adds that identity management has been 'coming for so long' and it's difficult to find one vendor that can do it all.' Still, this market presents a great opportunity for the system integration channel, he says.

A shortage of competent security professionals is also creating a problem for IT departments and channel partners alike, says RSA's Wood.

'There are a finite number of security specialists out there which is a problem for the channel and customers,' he says, but this trend is also naturally driving people towards the MSSP model. 'MSSPs are playing a key role,' he says, adding that it makes more sense for a third party to take control of a company's entire security infrastructure. 'Everyone wants to become a provider of these services and on paper it makes sense but in reality it's difficult.'

There are a few reasons why. Firstly, because putting in an MSSP practice can involve high setup costs although the payback is quite substantial.

'It can payoff but it's all about credibility because you're becoming a trusted partner. You're a trusted advisor and that kind of loyalty is immense. 80 percent of our customers renew through the same partner year-on-year,' Wood says.

SecureTel's Steven adds that it's a difficult sell for a reseller that doesn't have a trusted position within a firm. 'Anyone can sell a Netscreen firewall – selling a managed service is like selling thin air and the channel will struggle with it,' he says. Vendors were as much at fault as resellers, as vendors are unit-driven, he says. 'We bought the first and second Netscreen 500s in this country and haven't bought any since,' he says.

Whether or not a reseller is successful in the MSSP market depends on how they want to skew their business. 'If they want to become an MSSP, they've got to originate the service.' Otherwise, they should partner up and resell the services of a wholesale provider. SecureTel wholesale its services to companies such as reseller Harris Technology which makes a good margin stream from the arrangement, he says. 'There's more margin involved available in becoming a provider of the service but there's also a much higher cost to entry,' he says.

Firewall's Verykios claims the trend towards the MSSP model means big money for the resellers that are partnering with other channel partners. 'Who's the best person that can provide that service? The person that's already selling them the networks and the application and they don't have to do anything to it except people that are providing the managed services.

'A lot of resellers have gone down the path of providing the managed services in the past – tell me one security reseller that's still around today. We're working with the IP of the vendor and also relaying services that they want to do, borrowing parts of theirs and keeping relatively vendor-independent,' he says.

Stevens believes that the channel is 'fixated' on border security – firewalls and intrusion prevention – and many of the higher level security contracts that are tied to business processes are going to the big guys, the likes of EDS and Accenture. The channel shines selling packaged solutions that can be sold to the masses, he says.

 

Multi page
Got a news tip for our journalists? Share it with us anonymously here.
Tags:
lockdown security

Partner Content

Secure, integrated platforms enable MSPs to focus bringing powerful solutions to customers
Secure, integrated platforms enable MSPs to focus bringing powerful solutions to customers
Build cybersecurity capability with award winning Fortinet training from Ingram Micro
Build cybersecurity capability with award winning Fortinet training from Ingram Micro
Ingram Micro Ushers in the Age of Ultra
Ingram Micro Ushers in the Age of Ultra
Tech For Good program gives purpose and strong business outcomes
Tech For Good program gives purpose and strong business outcomes
Channel can help lead customers to boosting workplace wellbeing with professional headsets
Channel can help lead customers to boosting workplace wellbeing with professional headsets

Sponsored Whitepapers

Easing the burden of Microsoft CSP management
Easing the burden of Microsoft CSP management
Stop Fraud Before It Starts: A Must-Read Guide for Safer Customer Communications
Stop Fraud Before It Starts: A Must-Read Guide for Safer Customer Communications
The Cybersecurity Playbook for Partners in Asia Pacific and Japan
The Cybersecurity Playbook for Partners in Asia Pacific and Japan
Pulseway Essential Eight Framework
Pulseway Essential Eight Framework
7 Best Practices For Implementing Human Risk Management
7 Best Practices For Implementing Human Risk Management

Events

techpartner.news MSP index - Brisbane
techpartner.news MSP index - Brisbane
techpartner.news Channel Leader List / Golf day
techpartner.news Channel Leader List / Golf day
techpartner.news Pipeline Conference 2025
techpartner.news Pipeline Conference 2025
Integrate Expo 2025
Integrate Expo 2025
Security Exhibition & Conference 2025
Security Exhibition & Conference 2025

Most read articles

Australian MSP Index launched

Australian MSP Index launched
Ingram Micro Ushers in the Age of Ultra

Ingram Micro Ushers in the Age of Ultra
Announcing Pipeline 2025 tickets, theme & initial speakers

Announcing Pipeline 2025 tickets, theme & initial speakers
Vic gov to spend $100m on cyber security

Vic gov to spend $100m on cyber security

Log in

Email:
Password:
  |  Forgot your password?