Lyncoln de Mello, practice director of communications and cloud at Brennan IT, agrees that boards aren’t overly interested in the specifics of security. Even when the board is across the security and the cloud conversation, their goals rests elsewhere.
“It’s around the device, the access to data and the management of people’s credentials and the various proliferation of shadow IT,” he said. “In our last couple of years of trading, there’s been a reduced focus on concerns about moving from one permanent cloud.”
Dane Meah, CEO at InfoTrust, agreed saying that, from his perspective, talking about product, no matter how innovative, isn’t the successful approach.
“We’re at the point where if you’re walking in to meet with senior executives outside of technology, even if it’s to solve a sole specific problem, everyone’s already talked to them about the perfect product for the problem. You’re not particularly welcome.
“The better approach is actually to remove the noise and put the problem in context, talk about business risk, and then talk about more broad, holistic approaches to mitigating risk among the business.”
The Holy Grail for the channel in engaging with boards is, as Sash Vasilevski, principle consultant at Security Centric, explained, being able to show how security solutions can open up new business opportunities.
“The biggest success we’ve had in the last 18 months is when it’s driven from the board, but it’s driven not an avoidance of risk but identification of a business opportunity. It’s in being able to show how the solution will either open up markets that they couldn’t play in, or differentiating them from their competitors.”
Succeeding by adding value
Despite the challenges of adequately engaging with customers, and defining the responsibilities around security, the consensus at the table was that it’s a good time to be in the channel in security – and particularly with regards to cloud security. The secret to success is finding the differentiator that allows you to add value.
“The MSPs are absolutely the only organisations that are in the best place to be able to sell the ongoing services of security, and they just need a little bit of assistance depending on their client’s particular needs,” Arrow ECS’ Verykios said.
"Whether they’re in medical or manufacturing or something like that, tailoring the solution to the client and vertical is important. If the reseller is truly an integrator they can provide the MSP with a lot of expertise in this area."
From the MSP perspective, there was also the acknowledgement that there are opportunities to work more closely with other parts of the channel to better deliver solutions and security to customers.
“There’s an opportunity to stretch the relationships with these point security providers because there’s a lot of stuff as an MSP that I’ll be honest that we aren’t doing that we should be doing,” TechSpecialist CEO Dushern Pather said.
“That’s not to say that our environment is insecure, because it’s not, but there’s stuff that we could be doing that’s next gen. For example, securing applications and providing consulting around things that are not within our boundary.”
Across all players within the channel, according to Core Technology Partners’ Nixon, the evolving needs around security is driving new opportunities to find competitive differentiation and value-add, for those in the channel that have an understanding of the customer.
“We’ve got a range of tools that cuts down network or security assessments that would normally take four or five days down to three or four hours. That’s a value add. We’ve changed our model so that now we go to market and provide certain assessments for free to our clients that result in engineering talk, because that is something that customers are seeing between us and another company that’s focused purely on implementation.
“It’s about having that conversation about how the client has adopted a cloud strategy, and a review into the business risks that it now has. It’s our responsibility to give a risk assessment and say to our customers ‘on a score of one to 100 you sit here.’ It protects us, too because then if in three months there’s a breach or incident, we can say that the client didn’t adopt that recommendation and that was their choice.”
Finding the right products
The modern security solution, designed to handle the perimeter-less environment, needs to look at security from three angles, according to Rickey Gilotra, business development manager at Sense of Security.
“Securing all three sides involves configuring, trying to block it from unauthorised access, and then accounting for 'pretending' to be somebody with authorisation after getting access credentials they shouldn’t have – in other words, making sure you have proper IP listing and other controls.”
Achieving this requires a solution made of combination of technologies, rather than a single vendor. Therefore the distributor is a critical piece in the development of a perimeter-free security solution. According to Josh Watts, COO at Harbour IT, the channel is increasingly relying on the distributor to provide additional expertise and resourcing in helping to secure a customer’s environment.
“We are expecting the top distributors. We would understand the technology of the products they’re bringing in, and we want distributors that are selective in who they choose and have that relationship into those vendors," Watts said.
"So it’s not just a logistics exercise. The best distributors are the ones that understand the technology and the relationships with the vendors.”
Zirilio's Mistry agreed, and added that the distributors that Zirilio works with are those that are able to support a rapidly-growing business with critical support around training and expertise that it would otherwise struggle to access independently.
“There’s only 17 of us in the group, so we look to the disties to provide that level of training and expertise that we struggle to find the time to organise ourselves. We’re constantly running out of time and double hatting. That’s running through my mind when working through initial arrangements with partners.”
Being able to find the right vendors to represent and distributors to partner with remains the biggest concern for channel organisations across the chain. According to Insentra’s Altit, the dynamic security environment means that its important to keep an eye out for a broad range of solutions.
“One of the things that we sort of pride ourselves on is not selling tier one and tier two products,” Altit said. “What we have seen is the value of the new vendors or relatively new vendors that have awesome tech and have invested heavily in the U.S.
"They want to come to market here but they’re too small for traditional distribution. There’s opportunities there to have a form of exclusivity with really cool technology.”
Regardless of the technology involved, or the structure of the partnerships, one thing’s for certain; the security go-to-market strategies that will be successful are the ones that are founded on a spirit of mutual co-operation and accountability, Solista’s Allnutt said.
“There’s a lot of great technology in the marketplace, so what makes them successful locally is the support and the people that you’re in the trenches with.
“Having that kind of shared accountability is important, because the landscape is completely changing. So, for example, historically you’re going in and having a technology discussion around IT and how to secure the data and where that data lives. But that conversation is broadening. Now we’re looking at how we can lock down IoT devices – for example, how health care can lock down health devices.
"If you can’t have that broader conversation then you’re going to lose credibility at the business level, which is everything,” Allnutt said.