Gartner predicts the global information security market will hit $93 billion by the end of this year.

Chasing that revenue are hundreds, if not thousands, of channel-focused security providers. How do you select the best, and most profitable, solutions to sell? Which technology categories are must-haves? Which end-to-end services are needed to build a viable security practice, and what enablement can you expect?

In this security conference track titled “Selling Cybersecurity Services: Secrets to Success,” at the Channel Partners Conference & Expo, April 17-20, in Las Vegas, moderator Peter DiMarco, vice president of VAR sales at D&H Distributing, and panelist Lyle Epstein, president and CEO of Kortek Solutions, will provide a forward-looking guide to the managed-security services opportunity.

In a Q&A with Channel Partners/Channel Futures, DiMarco and Epstein provide a sneak peak of what they plan to share with attendees.

Channel Partners/Channel Futures: How do you know if a particular security service will be profitable to sell?

Peter DiMarco: In general, cloud-based services present higher margins since they can be managed via a virtual platform and don’t require personnel to be on site, so that allows MSPs to provide a base of services across a greater volume or even a greater geography of customers. This impacts profitability and reduces the need for on-site technician visits. Also, we’re seeing a lot of success with powerful solutions that address a variety of security concerns, but yet are plug-and-play or self-configurable, so they’re easier for the end customer to administer. This also requires less labor and administration on the part of the VAR.

Peter DiMarco

Peter DiMarco

Lyle Epstein: It is sometimes hard to tell what in the market will be profitable. Usually security items that affect the business as a whole sell pretty well. (An) example would be email encryption for health care.

CP/CF: What are some of the challenges of building a successful and profitable security-services portfolio?

PD: When it comes to cybersecurity, a layered approach is the most effective. This is what we recommend VARs should pursue with their customers. Networks are facing attacks from a variety of points of entry, as more mobile devices and peripheral equipment are added to the modern office environment. We’re dealing with external hackers and malware, in addition to internal threats within the network. Sometimes these are introduced via malicious software, but sometimes they come through internal employees or unauthorized activity. Solution providers need guidance as to how to assemble solutions that address both level of threats.

LE: Identifying what would be a key risk for one type of business may not be as big of a risk for another type of business. If we focus on broad products that affect all industries, then you have a much easier time adding that to your portfolio. For example, spam protection or email phishing affects all industries.

Lyle Epstein

Lyle Epstein

CP/CF: What are some of the latest security services that can really beef up your portfolio?

PD: MSPs and VARs can offer a range of hosted offerings to create a cybersecurity-as-a-service offering, including antivirus, anti-malware, mobile-device protection, email spam filtering, backup and recovery, network assessment and compliance solutions. The ability to deliver these offerings via a hosted or transactional model allows solution providers, especially in the SMB space, to transition to a managed-services model, moving to higher-margin recurring revenues as opposed to traditional hardware sales.

LE: I believe SSL inspection may be one of the biggest security services that [is] missed by consultants. We see on average more than 50 percent of traffic at an SMB client being SSL traffic. If you are not inspecting it for viruses, malware, etc., then you are not protecting the network and client. We see often that this feature is not enabled or in fact not supported by the existing vendor.

CP/CF: What do you hope attendees learn and take with them from this discussion?

PD: We want the reseller to leave with an understanding of the scope of the cybersecurity opportunity and learn some concrete ways VARs can attack that opportunity and profit from it. They’ll take away some firsthand best practices on what solutions are appropriate for what verticals, how to create a comprehensive and layered solution for each customer, and how to bring those solutions to market effectively. We’ll be speaking with real-world MSPs and IT consultants about their experiences, including what kind of partner enablement is available to help those VARs continue to take advantage. Solution providers need to know they’re not on their own in navigating this complicated but potentially lucrative market. Vendors and distributors are working to create enablement programs to educate them on their options, making it easier to successfully leverage opportunities like cybersecurity.

LE: I hope that attendees will take away that security is on many different levels, and having the knowledge of different offerings to add to their security belt will help improve what they can do for their clients.