BitSight now derives half its revenue from solution providers thanks to an expanded channel organization and new partnerships with the likes of WWT and ePlus.
Business for the Cambridge, Mass.-based company started to take off after hackers breached Target in November 2013 through a third-party HVAC vendor, according to Carla Morss, BitSight's senior director of worldwide partner sales and alliances.
The breach put third-party vendor risk management on the map from corporations and governments alike, Morss said, resulting in changes from a regulatory and compliance standpoint. As a result, Morss said third-party vendor risk management has gone from being an amorphous desire to a mandate with a specific deadline.
"It's no longer a 'nice to have,'" Morss said. "It's a 'need to have.'"
BitSight launched its global channel program a year after the Target breach, Morss said, with revenue from solution providers doubling each of the past three years. The company expects to derive half of its global revenue in 2017 from 120 channel partners, and some 45 percent of its business in the United States from 59 solution providers in the region, according to Morss.
The company expects roughly 60 percent of its global business to go through the channel by the end of 2018, according to Morss. Virtually all Asia-Pacific and EMEA (Europe, the Middle East, and Africa) sales go through partners today, Morss said, so that growth is expected to come from North America.
"BitSight is truly invested in its partner program," Morss said. "We want them to be an extension of the company."
BitSight partners average margins of between 15 percent and 20 percent, Morss said, and typically resell the offering using an annual Software-as-a-Service (SaaS) licensing subscription. Some channel partners over the past year or two have begun offering their customers three-year or five-year subscriptions to BitSight, which Morss said has been well received.
Solution providers can boost their margins through a range of ancillary professional services ranging from consultation around the customer's current vendor arrangements to implementing BitSight's offering to remediating a poor rating, according to Morss. Channel partners can also opt to manage a customer's entire vendor management program on their behalf, Morss said.
BitSight's is intended for both enterprise and SMB customers, Morss said, with enterprise customers increasingly setting up their own vendor risk management function outside the security team to address the security challenges stemming from doing business with more than 10,000 other vendors. SMB customers have fewer vendors in their ecosystem, according to Morss, but still see value in the offering.