Partners Have Opportunities At The Juncture of Cloud Security And Analytics
Cloud security presents a big opportunity, but analytics capabilities pose an added revenue bonus that solution providers should make sure they don't miss, security experts said.
As more mature customers adopt more cloud solutions, data and cloud metrics are becoming a "big factor" in their security operations center and security information and event management (SIEM) strategies, said JD Sherry, vice president of strategy and innovation at Denver-based Optiv Security. In particular, he added, companies are looking to leverage emerging machine learning and artificial intelligence technologies to automate and orchestrate threat intelligence information.
"We are fundamentally seeing the evolution of the security operations center as it pertains to incorporating cloud security data and metadata in security decisions," Sherry said.
[Related: Netskope: Malware On The Rise In Cloud Apps Blessed By Enterprise IT Departments]
In cloud security, two kinds of opportunities pertain to analytics, said Doug Cahill, senior analyst for cybersecurity at the Enterprise Strategy Group, Milford, Mass. The first involves user behavior through cloud access security broker solutions, he said, which allow companies to identify anomalous behavior on cloud applications.
The second, Cahill said, is an opportunity for partners to leverage the cloud as a platform for greater analytics capabilities, particularly around SIEM as a service solutions, which he said help democratize SIEM for businesses of all sizes.
As customers look to close the gap between moving to the cloud and looking to secure that adoption, Cahill said, these types of analytics solutions are key.
"Organizations are closing the gap between their adoption of cloud technology and their readiness to secure that adoption," Cahill said. "Channel partners that have a core competency in security can engage and consult their clients on how to close the readiness gap."
Because of that consultation and engagement, it's much more than just a revenue-builder, he said. "It's certainly a revenue opportunity, but I think it's a strategic consulting and trusted adviser opportunity,’ said Cahill.
Erin Malone, vice president of North American channel sales at Abingdon, England-based Sophos, agreed, saying that while there's a "large revenue opportunity" around cloud security analytics, the bigger opportunity is for partners to establish themselves as trusted advisers.
"It makes [partners] become a trusted adviser and gives them another tool in their belt to retain that customer and provide exceptional value to them," Malone said. "I think that's what customers are expecting of partners now."
Rick Caccia, chief marketing officer at Exabeam, a security services provider based in San Mateo, Calif., said the trusted adviser position is more important as customers move to the cloud. Partners have a key role, he said, in helping customers make the most of their cloud solutions through analytics, as well as securing them to prevent blind spots created by growing cloud usage.
"Customers are trying to figure out how to integrate cloud security and cloud security analytics into their overall IT strategy," Caccia said. "The opportunity for partners is not just on the product side -- it’s much more important to bring expertise around cloud security strategy, best practices and how to operationalize cloud security. The partner that can become the trusted adviser for cloud security strategy has a much larger opportunity than the partner who simply sells cloud security products."
For managed service providers, there is an added opportunity in the midmarket, which is seeing higher demand for analytics technologies but might not have the same in-house capabilities that an enterprise might, said Thom Bailey, senior director of product marketing at Sophos. Customers are looking to outsource those functions for better efficiency, lower costs and better capabilities, he said.
"I think there's a huge revenue opportunity for partners to not only provide security tools that can help protect, but to provide analytics, to provide data and that level of forensic investigation," Bailey said. "I think people will pay for it and I think the market is showing that people will pay for it."
Julian Martin, vice president of product marketing at London-based solution provider Mimecast, agreed. He said he sees "thriving" partners that understand the shift and can help customers balance between on-premise and cloud environments through managed services, he said.
"Nothing has changed for the end user, and they still want to sign off the responsibility to a third party," Martin added. "This post-infrastructure era delivers a wealth of opportunity for the partner if they understand where that opportunity now sits, and with what vendor partner. Nothing has changed for the client; their business still runs the same. It still faces the same threats. The same security, resiliency and business principles still apply but now in a cloud or [Software-as-a-Service] world."
However, as partners help their customers maximize the security opportunity around the cloud, it’s important to ensure that a strong security foundation is in place before taking it to the next level with enhanced analytics, said Rene Bonvanie, chief marketing officer at Palo Alto Networks, Santa Clara, Calif.
Bonvanie said partners should focus on learning traffic and user patterns to better understand the environment. Then, that information can be used to look at potential threats and anomalies.
"The security will eventually end up giving you enforcement and prevention, whereas the analytics gives you the hope that you understand more things, but in reality it doesn't necessarily give you better security," Bonvanie said. "You have to start with enforcement at the core of what you do, with analytics to help you improve your enforcement."
"The analytics never come before security," he said.
Optiv's Sherry agreed, saying that analytics has to be put in place "thoughtfully and pragmatically" to make sure it improves the security posture, instead of potentially leaving visibility gaps between existing investments. However, there's a huge opportunity for partners that can accomplish that successfully, he said, and remove the complexity of analytics for customers.
"To take the incredibly complex but make it abstracted and make it incredibly simple -- that is our whole goal," Sherry said.
Follow all of CRN's Cloud Security Week 2016 coverage.