Cisco To Partners: Make Security Part Of Every Deal

That has become something of a mantra for Susan Don, worldwide security channels lead at Cisco Systems. She wants the vendor's channel partners to think of security more as an adjective than as a noun.

"We want partners to stop thinking of security as a stovepiped operation. Don't just sell wireless, sell secure wireless. Don't just sell VoIP, sell secure VoIP," Don said in a recent interview with CRN.

Cisco and its partners agree that making security an integral part of every infrastructure component, operating system and application provides the best defense against tomorrow's threats. However, both camps also acknowledge that redefining the way security is positioned and sold is going to require significant investment in training, messaging and personnel.

Cisco is articulating the value of its Self Defending Network vision by enabling more high-level integration between its product lines, adding "hooks" that allow different offerings to work well together, said Don.

For example, Cisco's threat control and containment solution, unveiled at the RSA conference in San Francisco earlier this year, ties together Cisco's IPS and SSL VPN products with Cisco Security Agent (CSA), Cisco Security Mitigation Analysis and Response System (CS-MARS), and Cisco Security Manager (CSM) to enable administrators to effectively monitor and manage network activity and threats.

Cisco's Secure Wireless Solution, which combines the vendor's WLAN hardware and software with its security offerings, is another step in that direction, Don added.

However, while Cisco has made great progress in developing a security strategy that goes beyond point products, its message isn't always conveyed by the vendor's sales and channel reps, solution providers said.

Pat Grillo, president and CEO of Atrion Communications Resources, a security specialist in Somerville, N.J., said Cisco does "a great job of educating the market," but needs to recognize that its vision doesn't always resonate with hungry sales reps.

"Local sales teams tend to want to move boxes, and if you try to layer security, it slows down the deal. And if it adds a little bit to the cost of a deal, they don't want to hear it," said Grillo.

Another solution provider said the vendor also needs to work on aligning its own internal messaging to ensure that partners understand the benefits of adding a security component to every deal.

"I find that the messaging is still very point-product-oriented, and doesn't really build on a complete end-to-end security strategy," said the source, who asked not to be named.

A lingering point-product focus also detracts from Cisco's training efforts, which don't concentrate enough on security guidelines and compliance issues that many clients face, said another channel partner, who requested anonymity.

Cisco could help by providing partners with access to demo equipment at no cost and making a Cisco lead available to assist them in building a lab and security practice, said the source. "If Cisco were better equipped to train partners, many of the issues that partners face would diminish," the source said.

Don acknowledged that Cisco's approach to training will have to change to allow partners to see the value of a solutions-oriented strategy. "The curriculum for authorized training partners is going to need to evolve so that partners have the ability to demo multiple products as a solution, and we're working to do that," said Don.

Cisco will build different labs as part of this evolution, and authorized training partners will have to adjust their environments as well, Don added.

The changes could be more difficult for the channel, where many networking solution providers still regard security as a point solution, and many security VARs look at networking and unified communication as technologies in the same way, said Tim Hebert, president and CEO of solution provider Atrion Networking, Warwick, R.I.

"Solution providers should take responsibility for building a strong security practice that is holistic in nature and not focused on selling point products," said Hebert, adding that this could be a Cisco or best of breed solution.

The channel will also need to make investments in the right type of personnel to be completely effective with Cisco's security strategy, according to Hebert. "The same people who install some of these point product security solutions may not able to provide higher end security consulting and integration solutions," he said.

Solution providers that embrace this approach will be able to create additional revenue streams, both one-time and recurring, said Hebert. These could come from security assessment services, partnerships with security consultants to round out their product offerings, or managed security solution and maintenance programs, he added.

The human factor represents the biggest challenge to Cisco and its partners, both of which will have to think about how they're going to do business differently, said Don.

For example, sales teams should be working cross-functionally to allow security to be woven into deals and not be sold as its own isolated technology, she said.

"There has to be a change about how we work together to pull this off, with a more collaborative work environment to complement the technology," said Don.