Former Cisco Veteran Unveils New TraceSecurity IT GRC Partner Program


IT governance, risk and compliance vendor TraceSecurity, which has been selling its software primarily to small banks and credit unions, unveiled a channel program in an attempt to broaden its market penetration.

The Baton Rouge, La.-based company said the new program gives auditors, consultants, resellers and MSPs an opportunity to gain insight into customer security risks to generate additional sales revenue. TraceSecurity unveiled TraceCSO, its cloud-based IT GRC service, in October. The service was developed for businesses with minimal or no on-premises IT staff but need to conduct a thorough risk assessment, vulnerability and configuration scan to meet compliance mandates.

Alan Fortier, TraceSecurity's new director of channel sales, said his goal is to have more than 50 percent of the company's revenue generated by the channel in the next two to three years.

[Related: How To Sell IT Security Services To Your Customers]

"We're committed to keeping our program simple, flexible and profitable," said Fortier, who joined TraceSecurity after 15 years with Cisco Systems. "This goes above and beyond just selling the TraceCSO product."

The risk assessment provides sell-through opportunities with other security products because it gives partners the means to identify weaknesses that could be addressed with other security technologies, he said.

"This is not only providing an opportunity for increased profitability and value, but if they go through the implementation and assessment phase there could be many vulnerabilities or threats identified. Those services and products, such as disaster recovery or a firewall implementation, can be provided by the partner as well," Fortier said.

IT GRC products appeal to IT security pros because they often need to convince management that there are weaknesses and system problems that need to be addressed, said John Noble, a senior account executive and certified expert at Tempe, Ariz.-based MicroAge. Noble said small and midsize businesses, which have few employees on staff with technical know-how, are seeking automated tools and services for security.

"When a business is large enough to have a corporate compliance officer on staff, you know they get it, but SMBs certainly don't have one and they're constantly looking for expertise," Noble said. "There's value in these automated tools and support services."

TraceSecurity, which was founded in 2004, said it has more than 1,500 customers spanning financial services, health care, government and other regulated sectors. Fortier said the company's sales force is not competing head-on with larger IT GRC vendors, which include RSA Archer, Agiliance, Symantec and Easy2Comply. All those firms are targeting MSSPs, with Agiliance the latest to launch an MSSP partner program in February.

New TraceSecurity clients are typically choosing between continuing with manual processes or automating compliance and risk assessment, Fortier said.

TraceSecurity's new partner program includes technical training, sales and marketing support. The company will give partners free evaluation software to use with potential new clients. The company said the first round of technical training is free. There is no technical certification.

The program is based on a standard tiered discount structure. A partner portal provides information, includes deal registration and co-mingling, Fortier said. "We will register all deals in Salesforce.com so that there will be no surprises as to where the partners are selling and where they are in the sales cycle," Fortier said. "Also, our direct sales force has no incentive to compete with partners and we will avoid overlapping partner coverage."

Referral commissions for partners that refer business directly to TraceSecurity begin at 10 percent, but each level has a different structure. Resellers will get discounts off the list price and VARs, which sell, implement and provide ongoing support services will get perks and added support, Fortier said. Partners can participate in multiple levels simultaneously.

Fortier said his experience at Cisco will help him create a flexible program that avoids partner frustration. At Cisco, he developed and managed the global channel program for Cisco's Physical Security products. "My goal is to keep this simple," Fortier said. "There's nothing worse than partners out there who don't know who to call for assistance."

PUBLISHED MARCH 20, 2013