CRN Distribution Roundtable: Solving The Perennial Security Problem

Distributors are helping solution providers develop their security practices by identifying coming trends to vetting a host of established and up-and-coming vendors, all with an eye on an industry growing at double digits.

Distributors have an increasingly important role in helping solution providers develop new or expand existing security practices.

That was one of the big takeaways from a CRN Distribution Roundtable—titled “The Changing Face of Distribution”—in which executives from Ingram Micro, Tech Data, D&H Distributing and Pax8 told CRN they are working with partners to find and vet top-notch security offerings to better protect customer IT environments.

Pax8, the born-in-the-cloud distribution powerhouse, has introduced several new categories that should be a part of every solution provider’s customer conversations, including password management, breach awareness and breach detection, said Ryan Walsh, chief channel officer at Greenwood Village, Colo.-based Pax8. These are in addition to the standard email security, web security and endpoint security discussions partners have with customers, he said.

Sponsored post

[Related: Distribution Is Key To Helping Partners Drive Cloud Sales Growth]

"These are some of our most popular product categories, but there's new things happening now," he said. "Anti-phishing capability in the inbox. It's different. What do you do when something gets through and how long does it take you to remediate? [Advanced technologies like that] need to be a part of the [security] stack."

That’s one of the reasons Pax8 has added IronScales, an artificial intelligence-based rapid phishing response SaaS provider, to its security portfolio, said Walsh. “I see IronScales as another child that plays well with the rest of our children,” he said. “That's how we view it and that's why it's such an exciting space.”

Other examples of new security technologies for which distributors can open solution provider doors include business continuity solutions to help mitigate ransomware attacks, as well as several new types of services including SIM (security incident management) as a service, SOC (security operations center) as a service, and threat hunting as a service, Walsh said.

"These are things that are out there where you're combining a technology with a service component," he said. "I think this is starting to hit the landscape in terms of what I need to be looking at to better protect my customers."

Security issues have become a pervasive part of the IT industry and are one of the fastest-growing parts of channel sales, said Michael Diamond, director and B2B technology industry analyst at The NPD Group, a Port Washington, N.Y.-based research firm focused on indirect sales channels.

Security software sales through indirect channels grew at a 14 percent compound annual growth rate from 2015 to 2018, Diamond said.

Important drivers of security growth through the channel include the ease with which the bring-your-own-device movement allows end users to mix personal and private emails.

Ninety-seven percent of cyberattacks start with phishing emails from attackers who know what applications users are likely to use, and economic espionage that causes intellectual property loss of about $600 billion per year, Diamond said.

Distribution makes it easy for solution providers who have not had a security practice to quickly get up to speed to meet the requirements of their customers, said Scott Trinque, president and chief technology officer at EchoStor Technologies, a Hopkinton, Mass.-based solution provider working with Tech Data.

Distribution has helped EchoStor Technologies develop a managed security practice, Trinque told CRN. "We didn't grow up in security," he said. "Distribution makes it easier for us to get into this space without the need to hire more people."

Security as a service, with Tech Data's help, means EchoStor Technologies avoids such routine security tasks as installing firewalls, Trinque said.

"We can now better focus on the more important cloud-native services," he said. "If we show the clients they are secure, we can more easily address the architecture of the cloud."

Security is one of the top strategic priorities for Tech Data starting from the top with CEO Rich Hume, said Kevin Kennedy, senior vice president of advanced solutions at Clearwater, Fla.-based Tech Data.

Tech Data is building infrastructure in its Tempe, Ariz.-based facility for partners to bring in customers to explore security, including providing hacking and penetration testing, Kennedy said.

"We're taking it to the next level to invite the public in to work with our partners, give them a forum to start to test out security solutions before they go and make the commitment," he said.

One key service distributors provide for solution providers looking to build or expand their security practices is the vetting of potential vendor partners, Kennedy said.

Solution providers typically do not have the kind of critical mass needed to properly vet them, Kennedy said.

"The myriad of security vendors out there is astounding," he said. "[We] vet those out to see which are really going to be ones that the partners want to go bring to their end users, which ones are ready for the channel. Because, let's face it, we've all have brought on vendors [who are] not ready for prime time yet."

Tech Data also is investing heavily to bring its partners a full security stack that includes data analytics and the Internet of Things, said Kennedy.

Tim FitzGerald, vice president of cloud channel sales for Irvine, Calif.-based Ingram Micro Cloud, said one of the secrets to Ingram Micro’s success in the cloud has been helping partners identify early stage security-related vendor partners.

"If you look at the explosion of early stage companies that are security-related, it's a challenge for our partner community to keep up with," FitzGerald told CRN. "Being able to vet those companies and really assess their fit and application in this really challenging space we think is a critical role that we need to play. It's a role that's being played not only here in the U.S., but really around the world."

Given its focus on SMB-focused solution providers, D&H has paid particular attention to the security road map that they have to build and manage daily, said Peter DiMarco, vice president of VAR sales at Harrisburg, Pa.-based D&H.

"It is daunting when you look at the number of providers and different ways to solve the problem," DiMarco told CRN. "And the private equity/venture capital marketplace certainly doesn't help with the amount of investments going on."

D&H spends a lot of time on its end-to-end security road map to help develop solutions that not only solve a customer's immediate problem but also can be replicated for multiple customers, DiMarco said.

DiMarco cited the K-12 education market as an important security focus given the need to protect students. "Not only do we look at our traditional providers, but we introduce [partners] to other applications and providers that can help protect students from predators and other challenges that they have in marketplace today," he said.

Security done right requires an end-to-end look at customers' requirements and how to meet them, DiMarco said.

"We've got to look from the device all the way back to the server that sits somewhere," he said. "We have to connect all the dots. … We have some very creative things to do in the open marketplace, billing, applications. Solving those problems is what we do right across every element in the ecosystem."

Kennedy said that if he were to suggest to his children what IT business to focus on as a new solution provider, he would tell them to focus on security.

"I think as smart as the bad guys are out there in the world, the need for more and more security solutions is going to be pervasive, and so that's where I would tell my son or daughter if they wanted to get into technology to focus their time and attention," he said.

FitzGerald was even more specific in where he would advise budding solution providers to best invest in their future.

"My answer would be it's [a security]-as-a-service world going forward," he said. "There's lots of different solutions that have to make that up but because of the rates of growth … and the explosion of opportunity all over, I think it's a solid bet for anyone just starting their career out."

DiMarco said that cloud-enabled security services is the best investment for these solution providers.

"[With] IoT and the pervasive opportunity of security, the end user will not be able to keep up," he said. "Having an organization that goes out and is able to manage the environment [and] all of your IT devices and make them secure, that's got value for the future."