Unlocking cybersecurity

7 min read Cybersecurity
With UK businesses continuing to invest in cybersecurity technologies, Comms Business examines where the opportunities lie, and what support is on offer for resellers and managed services providers.

With many budgets squeezed by direct and knock-on effects of the pandemic, the channel is thinking long and hard about where technology investments are being made. One area that remains ripe with opportunity is cybersecurity. Businesses and organisations across the UK are waking up to the reality that cybercriminals are around every corner. As such, many are examining what technologies are needed to meet both regulatory commitments and customer expectations.

Cybersecurity might not be a new avenue for the channel, but some resellers have historically been cautious about adding cybersecurity to their portfolios. There are signs this is changing.

“Ten years ago, before board members truly understood the risk cybercrime posed, cybersecurity was classed as a ‘niche market’ made up of a majority of small businesses. As a result, resellers had little or no desire to add cybersecurity to their product portfolios,” said Davoc Bradley, security and product director at Intercity Technology. “However, the once small cybersecurity businesses have grown exponentially, forcing resellers to think twice.”

There has also been a perception that offering customers cybersecurity solutions poses some risk to resellers and managed services providers. Malek Rahimi, group operations director at BDR Group, explained, “Offering cybersecurity products and services comes with inherent risk and that has played a large part in why resellers have been historically hesitant to include them in their portfolios. If a reseller’s customer suffers an attack that ‘slips through the net’, there could be a myriad of negative consequences; loss of the customer and credibility not to mention the legal ramifications too.”

James Arnold-Roberts (pictured right), chief revenue officer, FluidOne, added, “Fear of the unknown has hampered progress as many resellers failed to understand the full services on offer and the capabilities needed to deliver a strong cybersecurity offering. “The impact of Covid-19 has meant that some of the channel has pivoted towards becoming the single point of contact for all ICT requirements within their existing client base, forcing them to launch new services or expand on existing ones to offer services such as cybersecurity.”

Evolving cyber threats have intensified these trends. Mark Nutburn, group IT director at British Assessment Bureau, said, “Cyber threats show no signs of slowing down and more businesses than ever now need resellers to help them safeguard their data.”

Martyn Brownlie, channel director, Sophos, disagreed with the idea that resellers have steered away from cybersecurity in the past. He said, “I don’t think it’s fair to say that resellers have been cautious about adding cybersecurity to their portfolio. From my experience, any partner failing to offer some degree of security support to their customers isn’t fulfilling their role.

“That being said, with the pandemic expediting the trend for remote working, partners are definitely taking security more seriously. With employees no longer safely behind the corporate firewall, cybercriminals are taking advantage of the situation and unloading ransomware that could very well bring a business to their knees. This has therefore placed an emphasis on having next-gen cybersecurity solutions which can protect distributed endpoints.”

Amidst these market conditions, cybersecurity is no longer solely offered by specialist resellers or managed services providers. Kirt Jorgenson, senior director, channel strategy at Imperva, explained, “Historically, our top partners have specialised in cybersecurity, but over the past few years we have seen more and more broadline resellers investing in their security practice. It’s often the fastest growing part of their portfolio.”

Evolving cybersecurity technologies are changing how the channel offers their customers these solutions. Bradley, from Intercity Technology (pictured left), said, “As we look ahead at the way security solutions are implemented, resellers will need to acknowledge the shift from traditional and physical devices to more licensed-based, cloud solutions. Resellers have, for some time, been accustomed to selling physical kit, such as endpoint security systems, access points and routers for businesses that required on-premise or co-lo solutions.

“With growth in the cloud drastically increasing, security products are becoming more virtualised and this shift is affecting the way we sell such products. We’ve gone from physical device sales to infrastructure as a service (IaaS) or software as a service (SaaS) type licensed models that are no longer perpetual but instead deliver recurring revenue for resellers.”

So, how can resellers and managed services providers start their cybersecurity journey? BDR Group’s Rahimi said, “Finding a trusted partner is essential for resellers looking to build a robust cybersecurity proposition and there are plenty to choose from, considering the technical prowess both in the UK and across the pond. Though, the relationship between vendor and supplier itself is what will make or break the partnership. Honesty from both sides in their capabilities and limitations is essential, as is a robust plan of the steps to be taken if an end-user suffers an attack that is out of the ordinary.”

Meeting customer needs

There are plenty of reasons why partners should consider adding cybersecurity to their portfolio. Dan Warelow, product manager, Giacom, pointed out the need to remain competitive. He said, “If a reseller has not yet added cybersecurity services to their portfolio and has yet to speak to their customers on their security setup, then there is another reseller just around the corner that is ready to do just that.

“Protection against cyberattacks is simply a modern requirement for doing business. Security has been, is, and always will be a growth opportunity for the channel, and adding security services to a portfolio is not as hard as it maybe once was.”

James Arnold-Roberts, chief revenue officer, FluidOne, added, “A number of cybersecurity services are now relatively easy to onboard, operate and support, which allows any partner to add it to their portfolio and offer a full spectrum of services to their clients. The key to success is channel partners finding the right set of solutions for their client base.”

For those on the fence about adding cybersecurity to their portfolio, it is worth considering that core offerings might become a customer expectation. Michael Wood, CMO at Versa Networks, said, “It’s becoming almost inevitable that cybersecurity will be implemented within a reseller’s portfolio. For example, offering networking, applications and end user capabilities cannot be done without the addition of security in order to protect resources.

“Resellers are in the business to generate revenue and gain profits and security is one of the best ways to do that right now. Every company needs to secure their infrastructure, resources, IT, services, users and applications, so there is a massive opportunity for resellers to generate revenue and profit. Resellers that become trusted advisors for cyber security are going to be in a phenomenal position to drive greater business and revenue.”

Andrew Clarke, global head of channel at One Identity, agreed that customers are compelling resellers to revise their approach here. He said, “The rise in managed service demand from customers, prompted by a desire to reduce overhead and increase focus on core business activities, is creating a shift within resellers that are embracing these new challenges and those that aren’t. Resellers are adding depth to their offerings to extend traditional cybersecurity offerings to include solutions such as identity and access management; risk management and overall cyber resilience.”

The right partner

Cybersecurity vendors often present the channel with plenty of reason to strengthen their portfolio with cybersecurity solutions. Identifying what makes a good partner programme is particularly important in this area as the fluctuating shape of cyber threats requires good relationships between all parties. Versa Networks’ Wood said, “A partner programme needs to be well-structured and clear. One that outlines what the company expects from the reseller, and what the reseller gets in return is attractive because it highlights the benefits for both parties. Part of a good partner programme is showing how the reseller, coupled with the product, can be a powerful force within the market where both the reseller and the vendor will profit.”

For Phil Jude, director for channel sales, PCI Pal, what is needed fits into three areas. He said, “There are three basic principles that need to be considered, which will ultimately help create value for resellers and make it easy for them to do business – onboarding, enablement and support.

“The effort that is put into these three activities often correlates to the success and commercial output. It is imperative resellers understand the proposition and are equipped to convey the value of cybersecurity software. This may involve providing demos, discussing use cases and building a business case that includes desired outcomes and return on investment data.”

Access to expertise when required is a clear way in which vendors can provide much needed peace of mind for their partners. Arnold-Roberts, from FluidOne, said, “The ideal cybersecurity partner programme is a combination of automation and a robust skillset. There is no point in having a great product, with white labelled collateral and pricing via a portal, if there isn’t the expert resource to underpin the service. Cybersecurity should not just focus on selling products but should provide ‘cyber as a service’ where a client’s needs are assessed and a tailored solution of services provided. Cybersecurity is about human behaviour and how it impacts technology, therefore industry expertise, practical design and consultancy, that imparts professional wisdom, is also key.”

There are also considerations around the company culture of the vendor being considered. Chet Namboodri, vice president, worldwide business development & channel at Nozomi Networks, said, “A good partner programme actually starts with a good product and culture. These make doing business together fundamentally better and worth overcoming any obstacles that inevitably arise.”

Chris Martin, EMEA and SAARC channel leader at A10 Networks, discussed his view that customer centricity is key. He added, “I see too many vendors in the market simply celebrating the large quantity of partners they have managed to recruit to their partner programme. How is that beneficial to the customer looking for a trusted advisor? A good partner programme is about quality partner relationships and not quantity, working only with the partners that buy into the technology in order to provide the customer with the best possible solution.”

2021 and beyond

So, what should the channel expect to see in the coming year? BDR Group’s Rahimi (pictured right) pointed to shifting service models. He said, “Importantly for resellers, SaaS and managed service models are becoming increasingly popular as they allow end-users to experience the benefits without large outlays, while the provider enjoys greater stability in their ongoing revenue expectations, adding margins without having to sacrifice significant resources.

“Now is the time for cooperation between security vendors and their partners, to build awareness and prove to end-users that the benefits of managed security services are worth the extra cost.”

Sophia Anastasi, channel manager at Skurio, discussed opportunities stemming from changing network infrastructures. She said, “With the huge growth and requirement of digital transformation seen this year and the traditional network perimeter dissipating, it’s no surprise that there’s been an ncrease in cyberattacks. During 2021, we will continue to see this transformation and growth in cybersecurity and move away from an approach which looks solely at the traditional network-centric method of securing an organisation. “The opportunity is to look beyond the network and to focus on protecting the data, wherever it lives and layering security efforts to stay as secure as possible, using both reactive and proactive security solutions.”

This chimed with the view of Jorgenson, from Imperva, who also emphasised the importance of data security. He said, “Partners have an opportunity to show value by helping customers get data security right in 2021 – a challenge that has mystified businesses for years and one that is often overlooked. Over the past year, the traditional network perimeter dissolved. Businesses need to reverse their thinking and embrace an inside-out view of data security to ensure the crown jewels are secure. To truly protect the organisation’s sensitive data, they have to start with securing the data itself.”

Intercity Technology’s Bradley said that the channel will see some opportunities arising from the upcoming ISDN switch-off. He said, “Businesses will need to switch from ISDN lines to fibre and Internet Protocol telephony but there is currently a lack of network capacity to support this transition nationally. As a result, we’re going to see more businesses adopt new ICT solutions such as SD-WAN to get the most out of their networks, helping improve efficiency and productivity for remote workforces. However, moving from an established technology to brand new one will leave businesses more susceptible to cyberattacks as there will be vulnerabilities which are not yet known.”

Pete Wilson, EMEA partner manager at Auth0, pointed out the broad need for partner programmes to be updated. He said, “The big challenge is, programmes have not caught up with the complexity of partner bases managed by vendors in the cybersecurity space. Cybersecurity has become so pervasive that advisories, global systems integrators, application builders, distributors and VARs all offer solutions or have whole practices aligned to it. Add platform players and marketplaces like AWS, Azure, and technology alliance ecosystems, and you have a wide variety of partnership opportunities. It’s much more complex than what a gold, silver, or bronze programme designed around resale can cater for.”

The channel is also uniquely placed to help customers meet their cybersecurity needs without needing to invest in specialist staff. Brownlie, from Sophos, said, “The real opportunity post-Covid-19, is to help businesses get back on their feet by adding security expertise to organisations without needing extra headcount. Partners have had to be quite opportunistic in selling mice and monitors as everyone moved home, but now is a great time for the channel to get focused and strategise in order to protect their customers. Smart channel resellers will have been taking notice of how their customers have adapted during Covid-19 and will be considering how they can help them make use of these strategies long term for greater efficiency and competitiveness.”

Cybersecurity is a serious issue that the channel can support its customer base with, particularly when it comes to the critical educational aspect of defending against sophisticated threats. Jeremy Keefe (pictured below), CEO of Nuvias UC and Konekt, explained, “There lies an opportunity for partners who are willing to be proactive when it comes to the education of their customers. It seems a simple process to sell products, but it is hard being a true partner and engaging with your customer to give them the most suitable solution, set out best practices and devise the best way to implement the chosen solution.”