​Chasing channel dollars in cloud security

James Henderson (ARN); Dane Meah (InfoTrust); Daniel Dannielli (Arrow ECS A/NZ); Pennie Stevens (Dicker Data); Nick Savvides (Symantec); Ian McAdam (Symantec); Audrey Lyon (Aquion); Craig Bovaird (Ingram Micro); Louis Abdilla (Content Security); Ronnie Altit (Insentra) and Joe McPhillips (Symantec)

As organisations pursue cloud-first agendas, and cyber hackers become more sophisticated, the security market in Australia continues to accelerate at a rapid rate.

Advancing upwards, to the skies, businesses now seek greater protection for cloud deployments, with information and assets a mission- critical commodity.

But while the industry is well- versed in the rising levels of cloud and security investments across the country, clarity is required from a channel perspective.

Because cloud, much like security, remains hyped and widely misunderstood, creating market confusion as a consequence.

“Security is now a board-level conversation,” Symantec managing director of Pacific Ian McAdam observed. “Security features on every monthly agenda and with cloud now part of the business vernacular, this added layer on top is driving behavioural change.”

Through elevating risk up through the company, along the corridors of power and into the boardroom, executives are now entering the security game, prompted by cloud but driven by concern.

“Boards are asking questions today that they didn’t ask 12 months ago,” McAdam said. “Because board members are on multiple boards, they are all comparing notes about what is best practice in a cloud security context. It’s not about competing, rather comparing.

“The fact is that if boards don’t pursue this agenda, they risk exposing both themselves and their business.”

In taking a boardroom view of the world, many businesses still lack established organisational knowledge of how to implement strategic security plans, a task complicated further by increased cloud adoption.

With Australia no longer on the sidelines — instead a serious player in a market where security breaches at large corporations dominate the headlines — the ambiguity that surrounds cloud computing can make securing a business a daunting prospective.

“Cloud doesn’t make securing a business more difficult, it just makes it different,” Insentra co-founder and CEO Ronnie Altit said. “The conversations I’m having with partners and their end-users are based on ‘we don’t know what we don’t know’ because once businesses move to the cloud, it almost becomes nebulous.”

While most businesses across the country are now familiar with cloud, or at least the idea of cloud, misconceptions and misunderstandings about what the technology can offer are pervasive.

Likewise, the challenge exists not just in the security of the cloud itself, but in policies and technologies for security and control of the technology.

“There’s a huge need to continually educate the customer around what issues are emerging and the challenges ahead,” Aquion general manager of sales Audrey Lyon added. “There’s lots of new technology in the market because there’s a lot more problems to deal with.

“But IT budgets haven’t followed the demand because there’s always a lag at the end-user side.”

In working with organisations across the entire business spectrum in Australia, Content Security is a leading information security consulting firm, working with over 800 customers nationwide.

According to founder and managing director Louis Abdilla the wants and needs of the customer vary by size, scale and sector, creating complexity around establishing viable go-to- market strategies.

“As a small or medium-sized business, cloud provides a stable environment because businesses don’t have IT professionals on tap,” he explained.

“But at the larger end of town, enterprise is becoming more worried about security in the cloud. It stems from a fear of losing their reputation should a breach occur because as experience shows, brands struggle to bounce back once the trust is broken.”

As an emerging security focused start-up in the channel, InfoTrust is a specialised partner providing consultancy, professional services and ongoing support, delivering a range of best of breed technologies including cloud services.

Since starting out in 2014, CEO, Dane Meah, has witnessed sizeable change in end-user appetite for cloud security services, with requirements fluctuating as the market shifts.

“Organisations are now expecting IT to enable the business and deliver outcomes as opposed to manage technology,” Meah said. “Today, businesses are driven by outcomes and your ability as a channel partner to deliver that outcome.”

But in response to changing market conditions, the ability of a channel partner to deliver an outcome will now be impacted by the recent introduction of long-awaited mandatory data breach notification laws in Australia, following its recent passing in Parliament in February 2017.

Specifically, Australian businesses with an annual turnover of $3 million or more will have to disclose information breaches that involve individuals’ personal information, putting into motion new laws that will see local organisations that are subject to regulation by the Privacy Act required to notify the Australian Information Commissioner and affected individuals of an eligible serious data breach.

“This has been a long time coming for the Australian market and will change the game from a security perspective,” Symantec manager of cyber security strategy APAC Nick Savvides said. “It’s placed the entire security conversation at the front of mind for large businesses across Australia.”

In instances where it is not certain that a breach has occurred, the new laws give organisations up to 30 days to investigate whether a breach notification is needed.

According to the Bill’s explanatory memorandum, an eligible data breach will occur in situations where unauthorised access to, or unauthorised disclosure of, information would be likely to result in serious harm to any of the individuals to whom the information relates.

“There’s now a growing need for self-assessment in a security sense alongside identifying maturity levels for customers,” Intalock Technologies account executive David Bowens added. “Businesses now want to know how their competitors and industry peers are sizing up from a security perspective so there’s growing opportunities around providing a benchmark for the industry.

“As a partner if you can provide a score ranking for a business, it helps drive security projects that align alongside IT strategies. Our role is to demonstrate how a business can move from 1.5 to 3.5 out of five by following our advice and guidance.”

Despite the introduction of new local laws, in a cloud sense, ambiguity remains about what the technology actually delivers to an organisation and compounded by a variety of real and imagined concerns about the security and control implications of different cloud models.

Crossing the chasm

Today, resellers remain challenged by cloud transitions from a security standpoint, with partners unsure how to monetise the market, whether through managed services, consulting or specialist plays.

“From a business perspective, the industry is still driven by large CAPEX projects but the market is changing and a transition is underway,” Symantec channel director A/NZ Joe McPhillips added. “The channel is moving towards a subscription-based, monthly priced economic model that vendors, distributors and partners must consider.

“That represents a very different way to run your business as a reseller and during the next few years, we expect a significant move towards a subscription model in the cloud.”

Consequently, McPhillips acknowledged that the conversation topics currently dominating the channel agenda will change, evolving into the business implications to consider when transforming business models in the cloud.

For many security focused resellers, cloud has arrived. Yet for the traditional players, the financial implications of crossing the chasm remain too difficult to negotiate.

“So many integrators have hit the wall in Australia because they’ve tried to make the transition and have failed,” Altit observed. “Many partners in the industry struggle to create services themselves, they can’t build a help desk or provide support.

“And for those operating with managed services today, because they are transitioning to being on the drip, they are struggling to invest in additional services to bolster their capabilities.”

Highlighting a sober point amidst an industry drunk on hype and buzzwords, the harsh reality remains that cloud continues to impact how solution providers run business operations, impacting staff, compensation plans, go-to-market strategies and delivery methods.

With large meaty upfront deals drying up through the rise of cloud, security experts must differentiate to deliver new levels of customer value, or risk losing long-standing end-user relationships as a result.

“Partners that do not adapt or develop into delivering security through cloud and managed services will suffer,” Savvides cautioned. “There’s definitely a new set of skills to be applied and that’s what the customer is looking for.

Page Break

“For the partner to become a trusted advisor today, they must understand the entire landscape and develop specific skills.”

Echoing Savvides’ observations, McPhillips said partner value can be found through being “sticky”, adopting an approach built around servicing customer needs in new ways through adding increased value layers on top of security technologies.

“When you’re in the cloud services game, it’s easy for a customer to switch to another provider so you need to become sticky,” McPhillips explained.

In looking back at previous practices, Bowens said resellers used to traditionally “build up” over the duration of a year to try and trigger a renewal, with a shift to monthly billing and managed services now changing the customer engagement landscape.

“The shift means partners are less complacent and instead track progress on a more regular basis from a consumption perspective,” he said.

From an InfroTrust perspective, Meah said 80 per cent of the company is built around delivering managed service in the market.

“We’re less than three years old but we’ve set the business up to operate this way and naturally, challenges occur along the way,” Meah acknowledged. “Billing issues can bog you down as a business but we continue to deliver ongoing value throughout the entire customer lifecycle.

“This approach has provided a foundation to build on our trusted advisor role within the market because if you look after the customer, the renewals will take care of themselves.”

Vendor criteria

But as partners process countless streams of advice and insight — while finding new ways to add value through cloud security — the two-way nature of the channel also requires a shift in approach from a vendor standpoint.

Alongside better access to training resources, the latest products and marketing support, partners are now also categorising vendors in new ways, based on simplicity and predictability.

“A solid vendor in the cloud security space is a vendor that understands that it’s not easy for the channel,” Altit said. “It’s just not easy to get across the technology while dealing with a new billing model.”

In assuming that a partner is delivering a high-quality service to the customer, and to revisit a common point of contention around loyalty, what happens when the shift towards a monthly payment occurs?

“Customers can choose easily,” Lyon added. “There must be a recognition of the relationship over time and for a partner, education and support is imperative. The worst case scenario as a reseller is setting up business that your competitor is going to take three months later.”

With issues around deal registration and customer ownership continuing to plague the wider channel, partners are no longer just seeking technological innovation from vendors, rather precise and predictable methods to go to market.

“We’re battling away to win business and chase new accounts but we have to have an understanding of what a good deal looks like for everyone at the table,” Bowens said.

“When taking customers to the cloud, there’s a leap of faith which means all parties must agree in advance how to approach a particular deal for the benefit of the wider channel.”

In essence, channel collaboration is built on the creation of “clear rules of engagement” between all parties, avoiding potentially negative experiences from the offset.

“Partners will invest heavily in vendors if they believe they are being looked after,” Abdilla added. “But it all boils down to commitment and trust, which works both ways in the channel.”

For McPhillips, “simplicity” is a key facet of any vendor program.

“In general, many vendors have struggled with this in the past,” he acknowledged. “Nobody benefits when partners are unsure about deal registration or not confident around margins. Knowing exactly what your margin will be is an incredibly important piece of information to have before entering a selling environment.

“Our new partner program addresses these issues but it also introduces a lot of common sense thinking to the market.”

As a market leading vendor, McPhillips said partners that engage Symantec early during an opportunity, will be provided with a “clear blue water” advantage over other players in the market.

“This is extremely important,” he stressed. “It’s about killing the drive by, we don’t want it and neither do our partners. If we all engage early and agree on the fundamentals, then we can go and win the deal upfront together.

“If you don’t have a partnership then you’re just another brick in the wall. Partners are right, engagement must be both ways and through our channel-first policy, our resellers will have that level of partnership to rely on in the future.”

Leveraging distribution

As the industry grapples with new ways to both implement and sell security technologies, the rise of cloud has placed new value on the role of distribution.

The importance of distribution in the cloud is heightening, with resellers challenged by changing models and a lack of technical expertise.

“There’s more enablement, there’s more webinars and there’s more roadshows,” Dicker Data general manager of software Pennie Stevens said. “And there’s a greater need for it because resellers still require ongoing assistance in a changing market.

“Technologies are constantly changing and as a distributor it’s our role to educate along the way. We’re an extension of the vendor which is crucial in maintaining a relevant relationship with our resellers.”

As an extension of the vendor, distributors are now tasked with providing value-added services to ensure partner cost of sale and speed is more efficient, removing the need for traditional methods of the past.

“It’s crucial that we have the right levels of enablement in place, alongside clearly defined programs for our resellers,” Arrow ECS A/NZ general manager of sales Daniel Dannielli added.

“But challenges remain in the industry around bringing multiple technology components together that were initially segmented to just the data centre, security or networking. Now they must be overlapped to provide a single outcome.”

In a cloud context, distributors are showing strength in aggregating technology, with marketplaces continually developing and evolving in the channel.

But despite a wealth of vendor products on show, and a deepened expertise across a range of technologies, the true value of distribution lies in trust.

“As a distributor, we have to be a trusted advisor to our resellers,” Ingram Micro national sales manager of cloud solutions Craig Bovaird added.

“We shouldn’t be afraid to introduce new vendors or technologies that we may not necessarily have because our best interests should be with the reseller and the customer.

“We can’t service every need and to be that trusted advisor, we have to also be able to walk away. It’s crucial we remain agnostic and have the best interests of the partner at heart.”

This roundtable was sponsored by Symantec. Photos by Maria Stefina.