Building Secure Relationships


VARs must do more than simply choose the right products to become experts in security

ven before the tragic events of Sept. 11, the topic of security had been growing in importance for IT and line-of-business managers alike. So it's no surprise that being a security expert has become a top priority for many VARs. According to VARBusiness' proprietary research, 59 percent of those surveyed sell security software, and 29 percent list security as one of their top three software products. While the latter number may not signify a large security movement, the fact that 90 percent of VARs surveyed deploys antivirus software and 86 percent deploys firewalls does. In fact, the number of VARs deploying security solutions has risen from 34 percent in 1998 to 70 percent post-Sept. 11.

"Security is no longer a should-have; it's a must-have," says Jim Lima, channel marketing manager at Check Point Software Technologies, Redwood City, Calif. And it's the VARs' job to educate clients as security becomes more of a necessity.

It's easy to look at security from a technology standpoint. What's harder to focus on, however, is the groundwork you must cover to become a true security expert. Here are some key points to consider.

Choose Your Weapons Wisely

You can't support your clients without support from your security vendors. So, research and choose partners wisely. Your confidence in your vendors' products and staying power in the market, as well as your ability to hear clients' needs and formulate a diverse vendor solution, are key selling points.

"Clients want to invest in a company that is going to back them up in the long run, that's a proven leader with a rock-solid track record and is financially sound," says Ken Ballou, senior vice president of channel sales for Islandia, N.Y.-based Computer Associates International's eTrust family of security solutions.

That means that aside from technology offerings, it's always a good idea to research a potential vendor's financials, says Jim Hunt, president and CEO of Chantilly, Va.-based solution provider EYT. You don't want your client to open the newspaper to see that its security vendor,the one you recommended,has filed for Chapter 11.

When choosing vendor partners, give yourself ample room to operate. That means having more than one key vendor so you can offer clients a variety of solutions. Otherwise, you run the risk of painting yourself into a corner.

"Partner with tier-one developers and manufacturers," says Heath Tow, account executive for Internet and network security at Subject, Wills and Co., a Symantec VAR based in Oak Brooks, Ill. "But make sure you have the proper vendors in your portfolio so you can give the customer a true, agnostic approach to a best-of-breed solution."

Almost any VAR can call itself a security expert. So, what sets your company apart and makes its services worthwhile? Your knowledge base. In today's IT solutions market, VARs don't make money from simply selling products. It's the consulting, design, maintenance and post-implementation services that expand VARs' value-add and profit margins. That's why it's important to take advantage of vendor training.

Hunt says that before a new product is even announced, EYT sends consultants to training courses where they get to know it from all angles. "We have the company's teleservices people help us understand the build of the methodology fabric to support the product into our framework," Hunt says. "It's key, or else you are just another VAR."

To that end, there are numerous industry organizations, such as Computer Information Systems Security Professionals (CISSPs), that provide the means for security VARs to not only expand their knowledge base, but walk away with proof of expertise. According to Subject's Tow, some security vendors, such as Symantec, require VAR partners to have a CISSP-certified staff member.

It Takes a Village

Educating a company about security policies shouldn't be limited to one person. Information,including proprietary, confidential, customer, and billing and pricing,is so critical to a company's success that it's always good to build a diverse security team representing all areas of a client's business.

"There are many issues that aren't being addressed at the proper levels," says Glenn Falkowski, executive vice president of Glencom Systems, a Check Point VAR based in Linden, N.J. "IT thinks it's their problem, but it's a lot more than an IT issue. It involves the whole entity of HR, legal, accounting and executive management to really set the policies."

Preventing security breaches is also crucial. That's why many experts provide user-awareness training sessions to educate clients about not opening e-mail attachments they don't recognize and not logging on from home without a VPN or firewall.

"I think that the most common mistake [stems from lack of information. [Companies buy a solution to protect their enforcement point and not the entire network," Check Point's Lima says.

"Part of the sales process is to encourage clients to educate on the inside. It's a harder battle," Falkowski says. "You can give them all the facts, but some still think, 'This won't happen to me; that's not my company.'"

Service After the Sale

Post-implementation services sales, if done correctly, will not only bring you a long-term relationship, but a consistent source of revenue in the future.

"We like to build a partnership. We don't like to go in, sell a solution and never hear from customers again," Falkowsi says. "We are like a staff to them. They can bounce ideas off of us, and, at the same time, we go to them with a new technology that might be important."

There will always be new viruses to eradicate and hackers to hold off. It's a VAR's job to keep clients on their toes. "A continuous touch with the client is critical," Hunt says. "The whole issue with data security and threat analysis is almost more of a service than a software."