Security Companies Look To Pivot Portfolios, Compensation Plans For New Cloud-First World

Customers are moving to the cloud, and top security channel chiefs said they are looking to reposition their businesses and compensation plans to help partners meet that demand.

The demand for cloud security solutions is clear, as is the massive opportunity it presents for partners, Fortinet Vice President of Americas Channels and Emerging Technologies Joe Sykora said in a roundtable discussion of top security channel chiefs hosted by CRN at XChange 2017 in Orlando, Fla.

"There's the opportunity for them, for any solution provider out there. … There's a lot of confusion. In confusion, there's opportunity," Sykora said. "Any partner who cracks that is going to be well-positioned."

Ken McCray, McAfee head of channels and operations for the Americas, agreed, saying the size of the opportunity around security and the cloud is one that doesn’t come by every day.

Sponsored post

"How many times in your career do we have opportunities like this? When you look at what's happening in security, the opportunity for managed services and the hybrid cloud [is huge]. If you miss this window, then you deserve what you get," McCray said.

[The State Of Security: CRN's 2017 Security Roundtable]

Todd Weber, vice president of partner strategy and research at solution provider Optiv Security, said he also sees customers looking to adapt their businesses to the cloud. He said Optiv sees most customers starting with the public cloud, then working backward to secure their private and on-premise solutions.

Weber said the cloud also means partners need to adapt their selling strategies, as customers change their consumption model with the cloud. He said the consumption model of many security vendors is changing from a Capex license model to an Opex model. He said customers are also looking for security technologies that work across public, private and on-premise environments.

"We do see clients trying to consolidate as much as possible," Weber said. He said companies like Optiv have to adapt to this new model demanded by customers.

Kendra Krause, vice president of global channels at Sophos, said the role of the vendors in that shift is to make sure they offer solutions that are channel-friendly and that partners can make money on. That requires big changes from security vendors, she said.

"We need to make sure [the cloud] is part of the partner program and that's been a big change this past year," Krause said. She said Sophos is readying the launch of a new partner program, adding to its current commission model with Amazon Web Services. She said Sophos will also soon expand to add a Microsoft Azure commission model. "It's been one of the biggest requests from our partners in this market," she said.

Crowdstrike Vice President of Business Development, Alliances, and Channels Matthew Polly said there are two aspects of transformation when it comes to the cloud. First, he said vendors have to realign their billing and sales compensation. Second, he said vendors and solution providers have to think about security technology differently, protecting not only the desktop, laptop and server, but also the cloud.

Kevin Lozeau, director of channel marketing at Kaspersky Lab, said the vendor is also working quite closely with AWS and Azure. He said it is becoming "table stakes" for partners to offer a flexible billing model for products and services.

"Honestly, I can't remember the last time I had a conversation with a partner who was not either heavily into the MSP model or was working out building out that practice area within their business," Lozeau said. "If you don't have a flexible billing model … it's going to be tough to survive moving forward based off of where all the channel partners are. It really is becoming just the state of the market in general."

However, that change isn't easy for vendors or partners. McAfee's McCray said vendors have to realign their internal staff and systems to meet that new mode and the company is working with AWS and other cloud vendors. In addition, he said McAfee sales representatives have had to undergo training on selling MSP and cloud-model solutions and the company overall has had to look at how it compensates salespeople and partners on subscription sales, which don't subscribe to the traditional quota model.

"There's an entire adjustment that the entire ecosystem has to go through internally before you can get to the partner community," McCray said. He said McAfee is taking a "conservative approach" in the transition and is still working to adjust its compensation plan for the cloud. "It's difficult because you're talking about wildly disparate models," he said.

Sophos' Krause said Sophos had to undergo a similar compensation plan when it launched its MSP program in May 2016 and said it has proved largely successful, although she declined to be specific with the competitors in the room. Kaspersky's Lozeau said his business is also going through a similar transition, saying it is a "tough one."

"As the markets shift and everything is moving to the cloud and the partners are changing their business models, we've got to change our business models and adapt at a very granular level, right down to how people are getting paid," Lozeau said.

Fortinet's Sykora said the vendor has also had to undergo a back-end systems change. He said when the company first started with AWS, the security vendor's back-end billing systems had issues processing the new type of orders. Sykora wouldn't comment on how much of an investment Fortinet has made in changing its back-end systems for the cloud.

All the vendors said AWS, for one, is coming around to working more closely with third-party security vendors when it comes to compensation. Sykora and Krause said they both experienced challenges early on with AWS not providing POS reports, but the vendor now "gives you everything" needed as of about two years ago with some requirements.

"They have seen the light," Sykora said.

However, despite the challenges, most channel chiefs said if they were going to start a solution provider business today that they would start with the cloud. Crowdstrike's Polly said it is important to "learn the cloud first and foremost." From there, he said partners can work backward to learn to protect the data center.

McAfee's McCray agreed, saying that he would also emphasize the opportunity around professional services and the cloud for partners. He said that is that is where the "puck is going" in terms of the market for security and technology.

"That's where a lot of opportunity is now to optimize," McCray said. "If you can get the customer on the right solution, you can optimize their experience. That's stickiness."

Sophos' Krause said security and the cloud is an opportunity that will have a lot of tailwind for partners and vendors in the years to come. She said cloud is "where the market is going," converging with the opportunity around managed security services and the public cloud.

"Security is not going away," Krause said. "The hype of this market is not going to go down. It's obviously a fabulous place that we're all in and continue to invest in."