With businesses racking up $6 trillion in breach-related losses globally, it’s less a question of whether IT service providers will add security offerings to their portfolios and more whether they will embrace the inevitable information security challenges effectively, responsibly and profitably.
That's according to Channelnomics' State of the Market Report: Security 2018. It’s based on a survey of 127 channel businesses with the aim of getting a snapshot of where resellers are right now in terms of the opportunities they see with security offerings and what they want from their vendor partners.
Chris Gonsalves, vice president of research at The 2112 Group, edited the report and tells Channel Partners the number of partners "still mired in a traditional view of the world stands out."
"Over and over, we see a large number of solution providers in search of better margins, more lead-gen, more hands-on sales help from their vendors," he said. "We’ve been preaching for years that the best path to profitability and growth is to focus on your own value-add. Focus on your unique methodology. Sell your brand. Nowhere is that more true than with a security services practice. Clearly there’s more work to do to get this message to resonate."
Business spending on information security is expected to increase 10-15 percent annually for the next four years, well outpacing general IT spending. By 2020, information security spending will top $146 billion, with $100 billion of that being spent in the United States alone, according to the report.
"While I don’t think the optimism surrounding the opportunities in security is big news to anyone, I do hope that every solution provider that reads this report sees it as an endorsement of managed security services and an imperative for the modern IT services practitioner," Gonsalves said. "Something like one in five partners is saying here that security is the biggest opportunity they have right now. That tells the entire channel where their most aggressive, forward-thinking competitors are going to be playing in very short order. Time to skill up, staff up and get those security services off the whiteboard and onto the menu. If you don’t, the MSP across town is going to eat your lunch."
More than a quarter of respondents said they see business being a mix of managed and cloud-based services, with another 20 percent seeing managed security services as the future and the same proportion believing it will be a mix of managed, cloud-based and annual licenses. Another 15 percent chose the "strong shift to cloud" option, according to the report.
One explicit message stood out — resellers want help with sales and margins. For one-third, sales support and leads are the priority, while about one-quarter (24 percent) said great margins are the No. 1 choice.
Resellers clearly still want help in finding new customers — and they need that business to be profitable. These are the clear priorities for active partner programs.
When asked what makes them stay with their current vendor partners, two clear priorities were great products and having a trusted partnership. It’s vital that security vendors have the right product or service value, according to the report.
When it comes to what resellers look for in a new vendor partner, the clear winner is the ability to meet end-customer needs, cited by more than one-half of respondents.
And when asked what they needed most from vendor partners to help develop their security business, the two most popular responses were more sales support and leads (29 percent) and commitment to partners/less conflict with direct sales (22 percent).
Other findings include:
- Less than 10 percent said they wanted vendors to continue offering full packaged product and annual licenses, and 16 percent wanted them to move toward offering a cloud-only proposition, while 69 percent want them to offer both for the foreseeable future. The majority clearly sees a need for both approaches.
- One-third said they wanted to see vendors provide a completely integrated and unified solution that covers all the security needs of customers. But in stark contrast to this, nearly one in five want to see them developing their own best-of-breed point solutions to address a specific security issue, such as endpoint or ransomware.
- Eighteen percent want vendors to move toward integrating their products into other solutions or services, such as networking and connectivity products, or management and orchestration solutions and services.
- A further 15 percent favor vendors developing specific security offerings for specific technology areas, such as hybrid, mobile, edge or IoT, while 11 percent want to see offerings that will meet specific needs of vertical sectors, such as finance, manufacturing, education or health care.
"The biggest mistake you can make in security is to go in unprepared to handle what is a separate, uniquely challenging domain in IT," Gonsalves said. "Yes, there’s opportunity here. There’s also grave responsibility when you sign up to safeguard the critical assets of the clients you serve. It takes a new set of hard-earned skills. The cost of failure can be the elimination of your client’s business and maybe your own as well. Not every partner is prepared to handle this. Some never will be. When I look at the results of this research, I see a disappointing lack of acknowledgement of the responsibilities in security and the need to grow into robust security practices. Less than 3 percent are looking for decent training and certifications from new security vendors? That should be a lot higher. And something like 12 percent say they need better training from their current vendors. I can tell you for sure more of them need it. Hopefully they realize that in time."