CompTIA CEO: Solution Providers Should Explore Cloud-Based Offerings And Double Down On Security

CompTIA CEO Todd Thibodeaux said cybersecurity and cloud-based Software-as-a-Service (SaaS) offerings represent the most immediate money making opportunity for channel partners.

The Downers Grove, Ill.-based IT trade organization said a gigantic number of companies have come out of the woodwork with cloud-based applications, addressing everything from human resources and payment processing services to customer relationship management (CRM) and enterprise resource planning (ERP).

Thibodeaux said channel partners could, for instance, unlock additional credit or payment processing opportunities by helping their customers move from Peachtree or Quicken-based financial management products to cloud-based application services. But not many solution providers have taken advantage of this possibility, Thibodeaux told CRN leading up to CompTIA ChannelCon 2017 in Austin, Texas.

[Related: CompTIA to Double Down on Education, Mentoring To Remedy IT Skills Gap]

Sponsored post

"When you talk to the average partner, they haven't embraced very many of those," Thibodeaux said. "They're still working on the transition from desktop or notebook-based Office installations to Office 365, making transitions of existing infrastructure, disaster recovery backup, and remote monitoring."

To succeed in selling cloud SaaS products, Thibodeaux said solution providers must adjust to a different sales motion that offers fewer opportunities to engage the customer following the initial implementation. That's because solution providers delivering cloud-based applications are no longer responsible for ongoing maintenance, patches or updates, according to Thibodeaux.

"On the cloud platform, they're not on your system anymore," Thibodeaux said.

Solution providers, therefore, need to find different reasons for maintaining consistent engagement with their clients. Thibodeaux said this might come in the form of adding capacity or, if the platform has a good application program interface (API), doing project work to extend or build out the platform.

Channel partners additionally need to gather more information about how their clients' businesses operate, Thibodeaux said, ranging from the flow of payments and how they keep track of employers to how they manage healthcare administration and their relationships with banks and creditors.

"You need to have a deeper knowledge of how your customer's businesses operate beyond just, 'how are they using technology in their business?'" Thibodeaux said.

Solution providers can gain this knowledge through both internal and external means, according to Thibodeaux. Internally, Thibodeaux said channel partners should speak with their outsourced human resources and finance providers to get a better understanding of how they manage their business and deal with customer flow.

An even better experience, Thibodeaux said, would be shadowing various departments within the client's organization for a day to get a first-hand perspective on how the company operates and what their organization is like.

"Some partners are already doing this kind of stuff," Thibodeaux said. "But the majority probably aren't."

In the cybersecurity arena, Thibodeaux said an increasing number of partners have started to make that their sole practice area to address increased demand and awareness among their customer base.

"Some people are just ditching the rest of their business and concentrating solely on cyber[security]," Thibodeaux said.

Developing a cohesive strategy around cybersecurity has become a larger challenge as end users increasingly use several different devices and networks to conduct business, Thibodeaux said. As a result, Thibodeaux said solution providers have to manage more data and platforms with less direct control.

Compliance requirement for businesses have increased, Thibodeaux said, not only in industries regulated by HIPAA and PCI, but also due to actions taken by various state governments.

Solution providers building a pure-play security practice tend to invest heavily in areas like penetration testing, phishing detection testing, infrastructure design and management and cloud security, according to Thibodeaux.

"The portfolio of things you can offer from a pure cyber[security] perspective has probably increased," Thibodeaux said. "It would have been tough a few years ago to build a practice exclusively around cyber."

The first thing solution providers looking to build a pure-play security practice need to do, Thibodeaux said, is realign their staff. Specifically, Thibodeaux said security-focused partners don't need as many break-fix technicians, salespeople or ongoing customer support agents, but need to beef up expertise around compliance, cloud security, mobile security, and app and platform security.

Channel partners can start the realignment process by training their existing technical people in security through certification, university and online programs, Thibodeaux said. From there, solution providers can recruit students coming out of cybersecurity programs at local colleges and universities.

To overcome the recruiting disadvantage SMB partners face when competing against large vendors looking for security talent, Thibodeaux said they must be willing to offer competitive salaries, pay relocation fees, and look well outside their local geographic area.

On the upside, Thibodeaux said solution providers could offer up-and-coming security talent the autonomy to come in and touch and deal with many different aspects of cybersecurity right out of the gate.

Channel partners transitioning to a pure-play cybersecurity practice will want to team up with another solution provider who can provide non-cyber services such as help desk, maintaining existing infrastructure, purchasing equipment, or managing contracts with broadband providers, Thibodeaux said.

"Otherwise, you're leaving your customers in a hole," Thibodeaux said. "You're leaving them in the lurch."

Business Continuity Technologies has been opening more service tickets around specialty cloud application problems that clients are experiencing, according to CEO Lester Keizer.

The Las Vegas-based CompTIA member has focused on helping its clients be more productive and profitable by leveraging cloud solutions, Keizer told CRN. But many traditional VARs have struggled with figuring out how to monetize cloud application sales, he said.

"Solution providers still don't fully understand how they can make money out of the cloud world," Keizer said.

Business Continuity Technologies has also developed a greater specialization around security over the past year or two in response to all of the media reports about ransomware, Keizer said. The company, therefore, has built out a unified threat management tool with a firewall and business continuity service on the back-end, which Keizer said is cloud-based and protects in the event of ransomware.

"Clients are still not very knowledgeable about the security play," Keizer said. "They think a simple anti-virus protection plan will help them."

At the same time, Keizer said he hadn't seen many MSPs transition into pure-play security partners since they're still interested in providing holistic care to clients and helping them with their business practices.

"There are some oncologists, but there will still always be the need for the internist or the general practitioner," Keizer said.