CRN Exclusive: CyberArk Goes All-In On MSSPs With Multi-Tenancy, Pay-As-You-Go Pricing

CyberArk has redoubled its efforts around MSSPs with multi-tenant and consumption-based pricing initiatives intended to grow the company's base of business with mid-sized customers.

The Newton, Mass.-based privileged account management vendor said the expansion of its capabilities for MSSPs will streamline onboarding and provide channel partners and end users alike with greater flexibility and lower prices, according to Scott Whitehouse, vice president of channels and alliances for CyberArk.

"Not every customer wants to consume privileged access management solutions in the same way," Whitehouse told CRN.

[RELATED: CyberArk Buys Vaultive To Strengthen Cloud Security]

MSSPs will no longer have to purchase different infrastructures for different customers, which Whitehouse said requires both an outlay of time to build base infrastructure as well as the purchasing of licenses for space. Going forward, Whitehouse said MSSPs will be able to leverage a single infrastructure for all of their customers.

Moving from perpetual pricing to multi-tenancy will make it possible for MSSPs to reduce their cost by between 65 percent and 70 percent, Whitehouse said. The added flexibility will make it possible for CyberArk to get into markets the company hasn't traditionally tapped such as the mid-market, according to Whitehouse.

Although some enterprise customers have looked at subscription-based offerings, Whitehouse said it's bigger in the mid-market. That's because multi-tenancy is providing the most value when a single service provider – such as an MSSP – is providing security to multiple customers, according to Whitehouse.

Although a few enterprise customers might want multi-tenancy to support different business units, Whitehouse said the real driver for the capability was the MSSP market.

CyberArk typically defines companies with annual revenue exceeding $1 billion as enterprise, while companies with more than $250 million in sales are considered mid-market, according to Adam Bosnian, EVP, global business development.

A perpetual pricing model requires a large capital expenditure for end users with a small maintenance charge each year, Whitehouse said. But with consumption-based pricing, Whitehouse said MSSPs are only paying for the number of users and targets they have under management.

Pricing for MSSPs will be adjusted quarterly based on the latest usage data, according to Whitehouse.

A single-tenancy model, meanwhile, forced MSSPs to build a new infrastructure for each new end client, according to Whitehouse. Requiring a different system for each client made onboarding new customers more difficult, Whitehouse said, since building a new infrastructure was both cost and labor-intensive.

The new model can still be profitable for CyberArk since the vendor will continue to realize consumption-based revenues after the first year, Whitehouse said, while revenue trickled to a bare minimum after the first year under the old model.

Under a single-tenancy model, supporting 10 customers took ten times the effort of supporting a single customer, according to Bosnian. But with multi-tenancy, Bosnian said supporting 10 customers only requires 1.5 times the effort of supporting a single customer.

Some MSSPs currently have only three or four customers on single-tenancy architecture for CyberArk today, Whitehouse said. Others, though, will now end up supporting potentially dozens of end customers on a single multi-tenant infrastructure, Whitehouse said, with the base infrastructure costs split across all clients.

Roughly a quarter of CyberArk's 350 global channel partners have actively discussed getting into managed security services, Whitehouse said, with a smaller number actually doing managed security today. With the new offering, Whitehouse anticipates that half of CyberArk's partner base could pretty easily get into managed security services, with an additional 25 percent potentially investigating it.

From a vertical perspective, Bosnian said CyberArk's offering have been strongest in industries that are security-conscious or highly regulated such as banking, retail, finance, or health care.

Privileged access security until now has typically required large enterprises to invest hundreds of thousands of dollars upfront for licenses and infrastructure, said Petri Heinala, security offerings architect for Tokyo-based Fujitsu.

But a pay-as-you-go model opens privileged access up to smaller organizations that lack the cash or bandwidth for an upfront investment, according to Heinala.

"Now the smaller organizations have an opportunity to do similar things," Heinala said. "It's much cheaper to just start and pay as you consume that service."

Multi-tenancy, meanwhile, means that Fujitsu doesn't have to build up a new platform each time the company takes on a new customer, Heinala said. Fujitsu has tens of CyberArk customers in Europe today, and Heinala expects customer count in the region to easily double over the next year since Fujitsu can now target smaller organizations and less-regulated verticals more easily.

Multi-tenancy takes advantage of economies of scale to allow MSSPs to scale while ensuring that costs don't get out of hand, said Rex Thexton, who lead the digital identity practice at Dublin, Ireland-based Accenture, No. 2 on the 2017 CRN Solution Provider 500. It has become more widely accepted in the security sector as adoption widens to include industry leaders such as Okta, according to Thexton.

"It's very complicated to move products from single-tenant to multi-tenant, and they've done it well," Thexton said. "It aligns well with where we see the industry going, and the managed security business."