'7 Minutes' with BitSight Senior Director, Worldwide Partner Sales and Alliances, Carla Morss

Ever wish you could quantify the security posture of a potential supplier or acquisition target?

Lorna Garey

December 8, 2017

4 Min Read

**Editor’s Note: “7 Minutes” is a feature where we ask channel executives from startups – or companies that may be new to the Channel Partners audience – a series of quick questions about their businesses and channel programs.**

BitSight is in the business of IT vendor risk management, essentially helping vet third-party providers to make sure they don’t open the door to attackers, put the company afoul of regulatory or compliance guidelines, or otherwise disrupt operations. After all, sensitive data exposed by a contractor is every bit as in-the-wind and damaging as data lost by an insider — just ask Target.

BitSight is based in Cambridge, Massachusetts, and says revenue from the channel has increased more than 100 percent year-over-year since the partner program was launched in 2014. Services based on the Security Ratings Platform include analysis to write cyber insurance policies, benchmark performance, conduct M&A due diligence and assess risk. Think of it like checking credit scores for a lineup of potential hires, only the scores indicate how well your own or a potential supplier’s security posture stacks up to peers.


BitSight’s Carla Morss

Customers include seven of the top 10 cyber insurers, 80 Fortune 500 companies, and three of the top five investment banks. One differentiatior for the service is the ability to manage what’s called “fourth-party risk,” such as a subcontractor brought in by, for example, a third-party facilities company.

BitSight is well known in this space, though it does have channel-focused competitors including BrinqaLockPathRiskVision and Security Scorecard. Partners that serve regulated verticals should have one or more risk management offerings on their line cards — these services don’t come cheap, but they can be invaluable, and they’re a CIO’s best friend when a PCI or SOX auditor comes around.

We asked Carla Morss, senior director of worldwide partner sales and alliances, why partners should select BitSight.

Channel Partners: Tell us what customers love about your product or service. What’s the secret selling sauce?

Carla Morss:  BitSight is such a unique product, it sells itself. BitSight pioneered the security-rating services market in 2011, transforming how companies manage third- and fourth-party risk, underwrite cyber insurance policies, benchmark security performance, and assess aggregate risk. By leveraging a non-invasive, efficient way to access business exposure with daily ratings updates for internal systems and that of vendors, BitSight provides an objective, accurate picture of risk and can allow companies to make smarter cybersecurity businesses decisions.

CP: Describe your channel program — metal levels, heavy on certifications, open or selective, unique features?

CM: Our partners can make the most of our channel program by being associated with the four levels of partnerships offered today: Silver, Gold, Platinum and Diamond. In 2018, we plan to expand our services to include a certification program, which will enable premier partners to increase their margins. We are very selective and strategic about the partners we engage with, ensuring that we find …

… the right partners based on size, geographic location, and expertise.

CP: Quick-hit answers: Percentage of sales through the channel, number of partners, average margin. Go.

CM: In 2017 (to date), we have achieved [approximately] 49 percent of sales through the channel. We currently have 131 global partners. Our margin averages are 15-20 percent.

CP: How do you think your technology portfolio will change in the next three years?

CM: In the next three years, BitSight products will be enhanced in a few areas. First and foremost, we are driven to provide the most comprehensive view of a company’s security posture as possible. Accordingly, we will expand to provide insight into other types of cyber risk, and provide greater indicators of how certain risks may affect the likelihood of data breaches or business disruption.

Second, we want to drive functionality that helps our customers automate as much as they can within their security and risk programs. Companies are outsourcing more than ever, and as a result, greater automation is needed to ensure data is handled properly and secured as it is shared with thousands of third parties, vendors and suppliers.

Finally, we will ensure that BitSight integrates seamlessly with other leading GRC and ERM platforms. Cybersecurity has emerged as a leading concern for enterprises and must be integrated and managed within greater business context. In the next three years, we will have the partnerships and integrations to ensure this can be done.

CP: How do you expect your channel strategy to evolve over that time frame?

CM: As the security-ratings market evolves, we want to ensure that our partners remain loyal to BitSight and can make money. By adding a certification program in 2018, our premier partners will increase their margins. We are continuously expanding on our training programs and encourage our partners to offer additional professional services, including remediation recommendations and vendor risk-management implementation services.

CP: What didn’t we ask that partners should know?

CM: BitSight’s reseller program is highly selective, and we see our partners as a true extension of our team. By narrowing our focus to a limited set of partners, we foster an environment of loyalty and can effectively eliminate channel conflicts. Through our extensive discount opportunities for elite partners and our deal registration program, our partners see BitSight as the ideal vendor to work with to achieve joint success.

Read more about:


About the Author(s)

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like