**Editor’s Note: Click here for our most recent list of important channel-program changes you should know or here for our recently compiled list of new products and services.**

Sophos on Wednesday added to its partner-program lineup an initiative aimed at supporting customers’ increasing use of public cloud.

The Sophos Cloud Security Provider program will offer training, certification and financial incentives to help partners protect customer data in the cloud and make the purchase of Sophos products via Microsoft’s Azure or Amazon Web Services’ marketplaces more channel-friendly. While AWS and Azure, as well as Google Cloud Platform, increasingly see the channel as critical to growth, sales through their marketplaces aren’t always transparent to partners.

Sophos also announced that Sophos Server Protection is now available for Azure.

Sophos’ Kendra Krause

The security provider has seen steady growth in its channel engagement, recently posting a 40 percent year-over-year increase in the number of global partners selling its endpoint and network products, and a more than 90 percent jump in the number selling its Sophos Central integrated management platform, Kendra Krause, the company’s vice president of global channels, told Channel Partners. Dan Schiappa, SVP & GM of Sophos’ end user and network security group, says Sophos now has more than 30,000 partners, and Schiappa credits them with driving about a 90-plus percent renewal rate among current customers and generating $632.1 million in FY17 billings. That’s more than 24 percent growth, with 81 percent of it recurring subscriptions.

For Sophos partners looking to become cloud security providers, Krause says that current and prospective partners can request to participate. Certification as a Sophos Cloud Security Provider is available in two tiers. The Professional level is for partners who focus on consulting and selling services, while Expert-level partners are those who also have deployment services for customers. Professionals must have at least one Sophos CSP – Sales Consultant. Experts must have at least one Sophos CSP – Sales Consultant and at least one Sophos CSP – Certified Engineer.

“The technical certification is designed to be part self-service, part live labs with a Sophos instructor,” she said. “The goal is to prepare technical partners to support common Sophos POC testing.”

The Sales Certification is broken out into three sections:

Fortinet offers its own on-demand cloud provisioning platform for service providers with pay-as-you-go pricing and post-pay, points-based licensing for some MSSPs. Eric Parizo, senior analyst focusing on enterprise security with analysis firm GlobalData, says it’s time for security vendors to develop mechanisms to help partners make the transition to becoming value-added resellers of cloud-based security products and services.

“There’s little question that appliance-based enterprise security will soon give way to cloud-based alternatives that are easier to deploy, faster to update, and more affordable to acquire,” says Parizo. “Furthermore, they are typically a better fit for …

… organizations looking to automate a growing number of security processes, and that will be another opportunity for partners to provide value — namely by hand-holding customers on the road to security automation.”

Under the CSP program, Sophos partners can gain the expertise to help customers secure their cloud workloads, critical since it’s a dangerous mistake to think that deploying a service in the cloud moves liability to the provider. Under the Microsoft and Amazon shared-responsibility models, the customer remains accountable for securing the virtual machine, OS, application and data, as well as firewalls, encryption and access management. Sophos will work with CSP partners to sort out what they need to focus on. It will also help maximize revenues from bring-your-own-license (BYOL) deployment options, where customers shift existing Sophos UTM licenses into the AWS or Azure cloud. Customers may also use a pay-as-you-go model.

“To ensure we are protecting partners that are in the Cloud Security Provider program referring customers to marketplace, we automatically give BYOL deal registration for to them in case the customer wants to move to BYOL,” says Krause.

Additional Cloud Security Provider benefits include increased partner margins through rebates when customers buy Sophos products that are available in the Azure and AWS cloud marketplaces; sales and pipeline lead generation from Sophos; free and pay-as-you-go product trials; training and support from Sophos Security Architects who specialize in cloud security and migration; and enhanced lead sharing for partners certified at the Expert level based on these partners’ ability to provide pre- and post-sales support as customers deploy, run and manage applications in Azure or AWS.

While the Sophos program seems designed with parthers in mind, that’s not always the case.

“You’re going to see some cautionary tales,” says GlobalData’s Parizo. “Palo Alto Networks, for instance, announced its GlobalProtect cloud service earlier this year, but offered very little detail on how it’s enabling partners to succeed with it.” He says partners need to scrutinize the enablement angle of emerging cloud-based security solutions.

“Security vendors will inhibit their own success if they don’t have those programs at least partially baked out as they introduce the new cloud-based offerings to the market,” he says.

At least one partner is on record saying Sophos has done its enablement homework.

“The new specialized training, certification and revenue return is all channel-focused,” said Kevin Clements, chief technology officer at Sophos partner SHI International. “Sophos has succeeded in striking the right balance of advancing security into the public cloud and making channel partners a priority.”

Krause says that focus is by design: Sophos has “a select group of partners” that helped design this program, and all of them will join immediately.

“We expect a steady growth over time as more partners expand their service offerings into the public cloud,” she says. “Gartner predicts that by 2020, a corporate ‘no cloud’ policy will be as rare as a ‘no internet’ policy is today. As all of these customers move their infrastructures to the public cloud, our partners will need to help ensure that they are secure.”