Just off U.S. Highway 101, the main artery between San Francisco and Silicon Valley, is Our Lady of Peace Church in Santa Clara, California. Outside the church is a 32-foot, stainless-steel statue of the Blessed Virgin, which is visible from the freeway. For more than 35 years, “the awesome Madonna” has loomed large over commuters and travelers.

Over the shoulder of Mary, high on a modern office building, is the corporate logo of software security giant McAfee. Though the proximity of the statue and the McAfee “shield” are a coincidence, their juxtaposition calls to mind how millions of small businesses approach cybersecurity: They buy a little of technology, and double-down on a lot of faith.

Alas, studies reveal this approach isn’t working. Consider a story written by my colleague Edward Gately, who reported recently that a new McAfee study pegged the annual cost of global cybercrime to be $600 billion. While a staggering sum – $114 billion more than the annual revenue of Walmart – it’s probably an underestimate.

Amid that backdrop, I rolled into the parking lot of McAfee’s corporate headquarters recently. What, I wondered, has McAfee been up to of late? And how have things gone since April 2017, when McAfee spun out from Intel Security? For answers, I turned to channel chief Richard Steranka, McAfee’s head of global channel operations. Steranka oversees McAfee’s ecosystem of system integrators, service providers, MSPs, OEMs, VARs and distributors. Last I checked in with him, the security giant was wrapping its 2017 MPOWER Cybersecurity Summit in Las Vegas last fall. (You can read the news from MPOWER here.)

Scenes from the McAfee MPOWER 2017 Cybersecurity Summit

Scenes from the McAfee MPOWER 2017 Cybersecurity Summit

In a wide-ranging conversation, we talked about McAfee’s 2018 partner objectives, channel trends and more. One thing I was surprised to learn was that McAfee doesn’t aim to be all things to all people in security. Instead it aspires to be the absolute leader in the areas in which it competes. These include data protection and encryption, network and server security, security analytics, management and endpoint protection.

“Instead of being a competitor with everyone in the industry, we actually want to be quite open [to working with other companies], including those who happen to be in direct competition with us,” Steranka says.

To that end, McAfee is hard at work developing APIs, attracting companies to its Open DXL platform and recruiting members to its Security Integration Alliance (SIA) program. That’s in addition to refining its partner programs and benefits. With effort, there’s no reason McAfee can’t develop the most competitive ecosystem in all of security, Steranka, a longtime veteran of Avaya and Cisco, believes.

We started our conversation on McAfee’s shift “from a value to volume channel,” which has big implications for some of McAfee’s largest and most traditional platinum-level partners. For perspective, he took me back to the beginning of 2017 when it was clear that some of McAfee’s top partners were falling behind in term of their technological sophistication. In particular, Steranka worried about fulfillment partners that did not maintain, operate or even install McAfee solutions. What kind of end-customer experiences were they providing? he and others at the company wondered.

So, in 2017, McAfee asked platinum partners to put at least two service-delivery specialists on their payrolls. While most partners complied, many did not. Some dragged their feet all through 2017. When the year drew to a close, several asked for an extension. McAfee extended the deadline until the end of this March, but expects that a quarter of its 230 platinum-level partners will ultimately fail to comply and thus lose their premier status.

“What we end up with is a stronger and more committed and more technically capable channel at the top end of our business than we have ever had before,” Steranka says.

Richard Steranka

Richard Steranka

Why the hard line? End-customer satisfaction, Steranka says. Rather than recommend a generic security specialist that represents a plethora of security companies, McAfee prefers to send in true partner loyalists. Steranka says the company is not stepping away from partners that specialize in product fulfillment so much as it’s trying to better reward those that provide the best customer experiences possible. This includes members of the “new channel” who are emerging in the security world.

According to Steranka, members of the Global Service Provider (GSP) community, which is comprised of systems integrators, global SIs, consulting firms, MSSPs and pure-play service providers including telcos, are growing faster than any other part of McAfee’s channel business.

What sets these channel providers apart from traditional VARs and MSPs? It’s their investment into automation, artificial intelligence (AI), software integration and big-data analysis, which enables them to offer threat hunting and other capabilities that traditional providers simply do not. As these organizations double down on these investments and bolster their managed services security-provider practices, McAfee sees some new openings.

Take the GSP partners that offer security services to large enterprises looking for help with digital transformation. As these end customers digitize business processes, embrace DevOps capabilities and increase their use of automation, they want security baked into their business solutions, not tacked on afterward. They are wary of spending millions of dollars on a digital solution to a business problem or opportunity only to find out afterward that their investment created an unanticipated security risk. As a result, GSP companies that only dabbled in security previously have responded by making security a business priority.

Over time, this will undoubtedly lead to increased competition for traditional security providers such as Optiv that work with McAfee, but to what extent is not yet known. Right now, Steranka is excited about the growth they are generating for his company.

Outsourcing On the Rise?

Another trend taking shape in 2018 is the rise in demand for security outsourcing. Frustrated by an inability to find the talent they need and challenged to stay abreast of the latest developments in security technology, many customers now believe that their money is better spent on outsourcing all or part of their security needs to a third-party specialist. Some customers want McAfee and its partners to replace what they already have and then provide security as a service for a monthly fee, while others want greater help running the infrastructure they already have. With a partner looking out for their everyday security needs, many customers hope to free their own security experts so they may focus on higher-order security priorities.

This will be welcome news to the likes of DXC and other managed security service providers.

Speaking of MSSPs, I asked Steranka how he sees this community evolving. Steranka has concerns over the model, he confides, due mostly to the large capital investments it requires. Not a lot of MSSPs are making significant money today, he notes, despite rising sales. What is more, the market is attracting a significant number of new entrants, some of whom operate at much greater scale and efficiency than regional or local providers. Unlike smaller MSSPs, these global providers have software development centers hard at work adding artificial intelligence (AI), data analytics and process automation to their security offerings. How long before these efforts create a competitive advantage over locally operated MSSPs?

Steranka wonders.

One area that shows great promise for smaller MSSPs is white-labeling security services from large-scale providers that are building world-class security operations centers (SOCs). Starting from a relatively small base today, Steranka believes that small MSSPs will soon find a number of providers to choose from. This includes telecom providers such as Verizon, PSA and RMM companies such as Continuum, and independent SOC operators and platform providers such as CyFlare and BlackStratus.

What business and rewards models will prevail remains to be seen. But it’s clear already that agent programs from white-label SOC providers are poised for significant growth in 2018.

One of the big surprises for McAfee in 2017 was the success of its Distribution Managed Partner program. Participating distributors take responsibility for recruiting, enabling and supporting VARs and MSPs that have not yet developed robust security practices, or who are new to McAfee. For these partners, participating distributors offer everything from integration support, staff augmentation, implementation design and more. McAfee has generated an additional $100 million in new business from distribution managed partners, mostly in the Asia-Pacific region. In the second half of 2017, however, both Ingram Micro and Tech Data began to see increased growth in their respective programs, and McAfee expects even more growth in 2018.

Looking Ahead

Security, Steranka believes, is transitioning. For the past two-to-three years, there has been a flood of new security tools, apps or services for partners to sell. That’s led to a jump in managed-security sales. But customers are struggling to make sense of everything they have bought from the 2,000 or so vendors competing in the market. As a result, they have shifted their priorities from perceived gaps or one-off widgets. Now, they want more automation, more data-backed assurances and better clarity on the threat landscape before them.

In addition to shifting customer priorities, there is new competition for partners, especially in the enterprise segment. In this market, large-scale security specialists now find themselves competing with organizations that sell business solutions with security baked in. In many instances, the security that accompanies the business solutions they sell to a corporate function is determined without the involvement of IT or an organization’s top trusted security partner.

Understanding these market dynamics won’t make you a more capable security provider per se, but they will help you transform into a more competitive organization.

In an era when customers need more than a prayer to keep them safe, that’s a good thing.