3 Strategies for Selling Zero Trust in the Channel

By Tina Gravel

Tina Gravel

Zero trust is among the hottest trends in the enterprise security space today yet despite the hype, there remains a great deal of confusion within the channel in terms of how to effectively market, package and sell zero trust to customers.

If you’re not already familiar with the concept of zero trust, the first thing to understand is that it’s not a technology per se but rather a framework that represents a shift in how we think about security. The internet was built under the premise of “trust but verify,” which prioritized access and connectivity over security. A zero trust approach flips this model on its head by saying, “never trust, always verify.”

Zero trust emerged as a response to the conventional castle-and-moat approach that emphasized defending the perimeter while assuming that everything inside didn’t pose a threat. This is one of the reasons we’ve seen so many calamitous data breaches over the past couple of years as threat actors, upon sneaking past the front gates of the corporate firewall, have been able to move undetected through internal systems without much resistance.

Sizing Up the Zero Trust Opportunity

Regardless of how long the current pandemic persists, it’s become clear that the way we work and connect will be forever changed. A survey conducted this past June by 451 Research reported that 47% of respondents said they are likely to reduce their physical office footprint due to the pandemic and will instead promote telework and maintain sustained social distancing practices over the long haul.

For the better part of the last two decades, virtual private networks (VPNs) were the cutting-edge technology of the day, providing users with a relatively simple and straightforward way to securely access protected network resources. While VPNs remain synonymous with secure remote access for many, they are among the most vulnerable components of network security and are being aggressively targeted by threat actors who can piggyback on a compromised connection.

Gartner has forecast that as many as “60% of the VPNs in place today will be replaced by some form of zero trust access technology by 2023.” With the current global VPN market estimated at anywhere between $25 billion and $40 billion, this shift in the market represents a massive opportunity for the entire channel ecosystem.

Because of these converging trends, CISOs are prioritizing and investing in a software-defined zero trust access solutions to reduce their exposure to potential data breaches, pare IT infrastructure complexity and drive down their fixed costs.

3 Strategies for Selling Zero Trust in the Channel

Zero trust has become such a pervasive topic among security decision makers that if you’re not discussing it with your customers now, you can be sure that someone else is. A survey conducted by Forrester Research in late 2019 found that CISOs allocate the highest portion of their time to strategy and planning initiatives and given that zero trust is considered among the most strategic IT initiatives, VARs, MSSPs and other channel partners have a natural opening to kick-start a dialogue.

Moreover, because the journey toward zero trust is often measured in years and not months, it can often produce additional sell-through opportunities that we have found will yield above average margins of between 20-22%. As someone who has spent the past two decades working within the channel and the past seven years in zero trust, I offer these three strategies to help you …

… take advantage of this unique opportunity.

1. Choose Your Technology Partners Wisely

It seems that every security vendor has jumped on the zero trust bandwagon. But like the principles of zero trust itself, which demands that you validate the credentials of whomever is trying to connect to your network, it’s imperative that a similar level of vetting is applied to your own vendor selection process.

Because zero trust encompasses such a large swath of the IT stack, you should also be skeptical of any single vendor who claims they can do it all. What proven ability does the vendor have deploying zero trust in both the cloud and on-premises? What technology partnerships does a vendor have in place to ensure redundancy and minimize latency? What assessments have the industry analysts at research firms like Gartner and Forrester published on a given vendor? These are just a few of the questions that should be part of any comprehensive vendor evaluation process.

2: Sell Differentiated Solutions, Not Commodity Services

The market for zero trust is already crowded and there’s a great deal of overlap between vendor solutions, providing channel partners with an opportunity to add value by helping their customers navigate this confusing landscape. Armed with the right portfolio of zero trust-enabled technologies and a well-enabled team of trained staff, a channel provider will be better positioned to build and sell tailored zero trust solutions that can address the specific pain points of their customers and in turn, effectively differentiate themselves in the market.

This can be an especially effective strategy for channel providers that have expertise in selling to specific industry verticals such as health care, financial services and government, verticals subject to more stringent customer data protection regulations.

3: Invest Now in Training, Certifications and Enablement

Once you’ve decided to make zero trust a core area of focus, it will only be successful if the people in your organization who are selling and deploying these solutions are equipped with the proper educational training and enablement tools. Specialized zero trust certification programs can help ensure a cross-functional team can speak the same language and collaborate on a comprehensive, enterprise-wide strategy. Research firm Forrester offers two versions of its popular zero trust certification program and online education sites like Pluralsight, Cybrary, and many others have built their own affordable zero trust curriculum and certification programs that provide an easy starting point for those just embarking on their own zero trust journey.

As we move into a new year in which a great deal of uncertainty remains, we can say one thing is relatively certain: enterprises will continue to boost their investment in network security. And if past is indeed prologue, they will also undoubtedly look to a wide range of channel partners to help guide them along their path.

Tina Gravel is the senior vice president of channels and alliances for Appgate, the secure access company that provides cybersecurity solutions for people, devices and systems based on the principles of zero trust security. She previously was Cyxtera senior vice president of global channels and alliances/business development. Gravel was named a Top Gun 51 in 2019. You may follow her on LinkedIn or @tgravel or @AppgateSecurity on Twitter.