End To End: The Security Story
The security landscape is rapidly evolving. We speak to distributors and vendors in the region to learn how they are leveraging this evolution and the transition in security investment patterns in the Middle East.
“Ten years ago, employees were assigned laptops and told not to lose them. They were given logins to the company network, and told not to tell anyone their password. End of security training,” says Saeed Agha, regional manager at Cisco UAE.
Suffice to say today the situation is far more complex as a combination of technology trends place immense pressure on IT teams to secure the network and the company’s digital assets.
“Today, ‘millennial’ employees—the people you want to hire because of the fresh ideas and energy they can bring to your business—show up to their first day on the job toting their own phones, tablets, and laptop. They then expect the IT teams to figure out ways to use these devices to access work related as well personal information, anywhere and anytime. For the IT teams, this involves using a series of web and cloud applications that bring the integration elements the employees need at half the cost yet opens the networks up to huge risks,” Agha explains.
Peter. C Geyentenbeek, EMEA channel director at Tripwire agrees. “Although virtualisation and cloud are changing the IT-landscape drastically the fact remains that you cannot outsource risk. Cloud computing actually makes the case for why automated security controls are essential. Whether systems and data are implemented in conventional ways or in the cloud, a comprehensive set of automated controls are essential to ensure one’s security policy is in place and effective. You can’t outsource or virtualise control,” he says.
The limited visibility associated with constantly migrating sensitive data in virtualised environments make the task even trickier.
“In virtualised environments, it is very difficult to authoritatively ensure that all copies of a virtual instance have been permanently removed, if you wish to do so,” says Sebastien Pavie, regional sales director, MEA at SafeNet.
Meanwhile, as more businesses embrace cloud computing and hosted services, cybercriminals are also looking to the cloud for moneymaking opportunities with cloud infrastructure hacking, Agha believes.
Geytenbeek believes that the growing incidence of security breaches is driving the adoption of the latest security technologies even further. “Breach is now a statistical certainty and the right technology investment are needed to quickly discover and remediate the effects of a breach before critical data is lost. This is achieved through a comprehensive framework of automated preventive and detective security controls,” he says.
So how does this scenario affect the vendor and regional distributor landscape? We find out.
The distribution angle
Regional distributors report an increase in revenue associated with security technologies.
According to Mohan Punjabi, VP – ICT Infrastructure at InterTec, Middle East organisations are showing signs of increased interest in the IT security arena much like their global peers.
While more people are engaging in both personal and business transactions over the web, the benefits of centralised IT infrastructures associated with cloud and virtualisation technologies have been offset by reports of intrusion and cyber attacks.
Both public and private sector organisations have realised that cyber attacks are not restricted to IT infrastructure. The thought of intrusion, today, poses an equally imposing threat to other real time automated systems integrated or supported by IT on the back end such as utility, power, transport, machinery, biomedical, financial channels and every other aspect of life.
“Therefore, to protect data as well as the IT environment, network security is becoming more and more essential. The security solutions that are fast gaining grounds with end users in the region today comprise of the security offerings for virtualised and cloud environment, log and event management, DLP and two factor or multi factor authentication solutions,” Punjabi says.
He adds that InterTec has witnessed approximately 40-50% increase in the network security business over the last three years.
Stephan Berner, MD at help AG says, “We have seen a growth rate of 80% year-on-year over the last 3 years. There is a clear interest in distributed-denial-of-service (DDOS) prevention solutions. The reason for this is that the region has seen so many of these attacks in recent times and while they are still rather basic in nature, they can cause significant damage to both the enterprise’s business operations and its public image. Other key trends in network security have been modern malicious malware protection and mobile device security solutions.”
Although, Bulwark Technologies, a value-add distributor of network and data security solutions doesn’t report any concrete figures, the company’s MD, Jose Thomas, says that they have witnessed a significant increase in revenue year on year.
“In some fiscal quarters, we have seen that the revenues from SMB sales has been more than that from high-end enterprise products and vice-versa. There is a shift in the way organisations today manage their IT security environments. They are looking for holistic and integrated solutions to protect their data and networks. There is a growing popularity for IT security appliances like UTM amongst SMEs and corporates,” Thomas says.
The value add
While these distributors credit increasing figures to the rising demand for security solutions, they also believe that their ability to add value to a vendor’s existing solutions has helped them sustain this growth.
“At help AG we specialise in IT Security. It’s one thing being able to make a successful pre-sales and sales-pitch, but it is much more important to deliver the consultancy and implementation services with hands-on experts and a strong local support team. We maintain a very strong technical team and invest heavily in research and development. In fact, 80% of our workforce is divided between technical engineers and consultants. We have deployed our vendor products across our internal IT infrastructure so that our engineers are accustomed to working with the solutions we offer,” says help AG’s Berner.
He adds that the company’s strong focus on achieving the highest partner status also differentiates its offerings as a distributor.
“Over the years we have achieved the highest possible partner level with a number of our vendor partners, such as F5 Gold Unity Partner, Palo Alto Platinum Partner, Symantec Encryption Solution Specialist, Symantec Data Loss Prevention Specialist, Symantec IT Compliance Solution Specialist and Blue Coat Gold Partner. We have even signed support partner agreements within multiple partner programs. This has not only allowed us to excel in technical solution delivery to customers but has also strengthened our vendor relationships,” he adds.
Punjabi says that InterTec’s 15 years of operations in the regional network security arena has earned it the credibility and a reliable relationship with vendors and customers alike.
In addition to this, the company provides pre-sales consultancy, on-going implementation support with SLAs and project management capabilities.
“These capabilities are coupled with quality initiatives at each stage of our offerings, as we are an ISO 9001:2008 certified organisation. Further, we ensure that all the relevant resources are trained and certified across their field of operations be it sales, pre-sales or technical services,” adds Punjabi.
“We deliver value to the vendor solutions through in-house technical assistance, channel growth and development through training, pre-sales support and post-implementation customer services. The quality of our internal team, technical resources and expertise along with the constantly expanding reseller network is no doubt Bulwark’s key differentiator,” says Thomas.
Reseller training, distributors believe is imperative not only to keep these partners abreast of the emerging opportunities but to equip them with the skills required to sustain a competitive edge.
“We believe that resellers are the brand ambassadors of our vendor partners and hence they need to be equipped sufficiently with the necessary knowledge and support to take the products to the market. Hence, we empower them through training sessions on a regular basis, which are sales and product oriented and accredited by the vendors. The training programs are designed to help the resellers stay competitive and realise their full potential to provide best business benefits to the end-users,” explains Thomas.
Berner agrees saying that help AG believes that the ‘human’ factor plays a critical role in network security and therefore must never be overlooked. “This is why we conduct awareness training sessions focused on organisational aspects including people, processes, procedures and policies. help AG offers customised training options wherein customer requirements are turned into hands-on training sessions on how to maintain, administer and troubleshoot their network security infrastructure. In addition, we have recently been recognised as the authorised training partner for Palo Alto Networks. This knowledge is shared in basic and advanced certification trainings with existing and potential customers,” he says.
“InterTec offers training programmes for end users focused on knowledge transfer, detailed training for deployed solutions as well as formal procedures offered by the respective vendors. Apart from these, we conduct regular technology workshops at various customer premises,” says Punjabi.
The back end
Berner says that vendors need to do more when it comes to training associated with security.
“Vendors need to focus much more on technical expertise, quality and customer satisfaction. Too often the emphasis is only on selling the box. This might work in the consumer market but certainly not for enterprise businesses. In addition, I think vendor programmes should offer benefits that encourage partners to invest in their training, certifications and demo labs,” says Berner.
Punjabi agrees saying that vendors need to focus more on building awareness in the region.
“Vendors need to bring more awareness and training programs for end users, including proof of concept activities, so as to boost their confidence enough to invest in network security solutions, while helping them understand how to build a comprehensive business case to justify these investments,” he adds.
Thomas feels that vendors are already doing a pretty good job in providing continued support both on the sales and technical end of operations in addition to joint marketing initiatives. “Handholding exercises in the initial stages of the relationship are essential and we do the same with our reseller partners,” he says.
Berner points to a few other challenges associated with the network security market and deployments in the region.
“Too many people want to take a shower without getting wet. For a successful implementation, both the customer and the VAR need to be committed to deploying the product, solution, technology or project. There can’t be anything in between. Time is always of the essence which is why planning and flexibility are so important. Another problem in the Middle East market is that enterprises are focused on products rather than solutions. They base their IT purchases on information obtained from research agencies and on the popularity of the vendor without consideration and not based on what their actual requirements are,” he explains.
Despite these hurdles, distributors are optimistic about the future of the network security market .
“Security is not a one-off investment; organisations need to re-assess and re-evaluate their existing security systems on a periodical basis, while embracing new technologies and adding new business applications. Security evolves with business needs and the changing IT environments in the organisation. Hence, businesses should be geared up to handle these threats by pro-actively building a strong defence. IT security is no longer seen as a stand-alone issue, but as a part of the larger critical business strategy. With the explosion of mobile technologies and virtual environments, the demand to invest in the right solutions to keep risks at bay will only grow further. Having noted this trend, we have consciously begun expanding our security portfolio, while expanding our reach through a larger reseller channel spread across the GCC,” says Thomas.
Punjabi concludes, “With the heavy adoption of VOIP and unified communications solutions, customers are also beginning to realise the need to protect voice communication and information therein. We are working with some of our principal companies and getting ready to offer VoIP security solutions to our end-users in the market place. With these initiatives in place, we seek to capitalise and prosper in terms of our overall market share.”
The vendor story
In the chain of events, vendors too have reported a significant increase in revenue from various security solutions and products.
Swivel has seen an exponential increase in demand for strong and two factor authentication over the past two years in a direct correlation with the growth in cloud services adoption, says Fraser Thomas, VP international at Swivel. “Many organisations have recognised the vulnerability of moving their applications and data into the cloud and outside the local network security shield. This has led to more businesses looking to implement Swivel as the proxy authorisation platform for managing access to applications such as Office 365 and Google Docs using the same 2FA process as for their VPN access to their corporate networks. Swivel revenue has been growing at over 20% per annum for the past four years and is projected to continue at or above this rate for the foreseeable future. The company now has customers in over 34 countries and a total of over 1 million users,” he adds.
“The demand for security has become more complex; users not only have to secure the on-site infrastructure but also must have strict policies in place for the cloud based services. This combined with the consumerisation of IT – social media, web 2.0 and BYOD drives the demand for next-generation firewalls and secure remote access solutions. SonicWALL, as a security vendor, has seen its revenues grow by approximately 40% in the Middle East last year (2011) and is anticipating a similar growth in 2012,” says Florian Malecki, senior product marketing manager, EMEA, SonicWALL
Similarly, Saad Khan, regional MD, Middle East at Ciena says that the company is witnessing growing interest in its encryption solution from businesses across the board – not only in the Middle East, but also in Europe and the US.
“The benefits of an optical layer encryption solution are clearly starting to get recognised – especially in bandwidth-intensive and latency-sensitive applications, where the encryption solution integrated with the transport layer allows deployments that minimise the number of network elements, while still adhering to the highest security standards,” Khan says.
SafeNet has witnessed tripling revenues from 2007 to 2010, according to Pavie. “The outlook for the region remains strong and in fact we are forecasting a robust acceleration in 2012. The expected regional growth rate this year in our market space is in the range of 20% to 25% with some segments growing faster than others. We reckon that private cloud, network upgrade and DR projects in both the government and commercial sectors will keep driving the demand for high speed encryption. But also new e-government and e-banking service initiatives spreading fast across the region are definitely contributing to such demand,” he explains.
In a bid to leverage this explosive growth in demand for the latest security products, platforms and solutions, vendors are investing in the regional channel through sales and technical training in addition to marketing support and other initiatives.
Cisco has long been known as a leader in channel partner initiatives, and currently more than 80% of its business is handled through the channel, according to Agha.
“Partner-led is a change in the way Cisco approaches its sales coverage model, and the initiative is designed to put even more emphasis on being a channel-based go-to-market vendor. Cisco will rely even more on partners for sales to the mid-market and SMB spaces, and to make that happen, Cisco will reward partners for their investments in the SMB and mid-market,” he says.
According to him, Cisco has three types of partner programs the Cisco Resale Channel Program, the Managed Services Partner Program and the Cisco Outsourcing Channel Program. In addition, the company offers specific Cisco Certifications such as the Cisco Certified Network Associate Security (CCNA Security) curriculum that helps partners develop a customer’s security infrastructure, recognise threats and network vulnerabilities and mitigating those threats. “This program emphasises core security technologies, the installation, troubleshooting and monitoring of network devices to maintain integrity, confidentiality and availability of data and devices and competency in Cisco’s security offerings,” Agha explains.
Mohammad Ismail, Middle East regional manager – enterprise security at Gemalto says that the company has a long standing belief that partners complete the technology picture for its end customers. “Recently, Gemalto introduced several packaged offers that allow partners to focus on specific verticals where there has been strong demand for authentication solutions, such as healthcare and defence among others. This allows partners to layer in their specific applications and provide their regional expertise as they reach out to and deploy solutions within these vertical markets,” he says.
In addition, the company has provisioned a certification process that involves a week-long training session on a bi-annual basis. “This training covers market trends, marketing tools, sales strategy and a full technical workshop for partner pre and post sales engineers,” says Ismail.
Gemalto also conducts quarterly seminars to discuss the latest product news, lead generation efforts, and marketing tools available to the partners in addition to an annual event, where partners are able to come together with the company’s top executives, familiarise themselves with Gemalto’s strategy and get an overview of the products and tools that will be available to the partners to enable their success. “This annual session took place just last month in Istanbul, Turkey. In addition to these training options, partners receive regular communication and have access to many resources through a partner portal. Partners are granted access to these resources once they have joined the partner program,” adds Ismail.
Similarly, SafeNet organises regular partner training sessions that focus on emerging trends and opportunities. “This year there will be a particular focus on virtualisation, cloud security and a number of new solutions that we are bringing to market,” says Pavie.
CommScope provides a security specialisation certification within the CommScope BusinessPartner Program that provides partners with access to a comprehensive product portfolio, extensive sales support, marketing tools and technical resources designed for the security market. “As part of the Business Partner Program, partners can also leverage our knowledge base via an online portal, which provides a growing library of historical technical solutions to common and difficult problems. The knowledge base is continuously updated by our engineers with new content based on customer support issues,” says Ciaran Forde, VP, Enterprise, Middle East and Africa, CommScope.
“Channel partners also benefit from the CommScope Infrastructure Academy – a full education and training program covering our solutions, and other industry related qualifications. Most of our course material is delivered online, but we also roll-out classroom training as required, both for our channel and in some cases our customers. We offer training and certification programs that focus on the critical skill-sets and business requirements needed to deploy and maintain successful security infrastructure solutions. For security specialisation partners, CommScope offers technical support, and engineering resources to assist with complex site deigns, proposals and specification review,” explains Forde.
ProClub is part of SonicWALL’s key channel initiative says Malecki. It is a technology forum to discuss core technology queries and share best practices within the technological community and aids in the selection of the right beta partners for extensive testing. The forum enables easy access to the state-of-the-art lab that houses all the latest products for testing and POC purposes. The company also offers a CSSA certification focused on network security in addition to trainings specific to product areas, including backup and recovery, remote access, wireless security, email security and management solution certification trainings.
Tripwire resellers can leverage the company’s Preferred Partner Program to leverage opportunities for attractive margins, marketing sales support and accredited training and certification partners, enhanced product discounts, and a deal registration mechanism that ensures protection for selected resellers.
“Our partners are the back-bone to our growth and hence we work closely with them in taking our products to different geographical markets. We have chosen distributors who are well-equipped to empower the resellers with the knowledge to position our solutions better in the market. For instance, in the Middle East we have teamed up with Bulwark Technologies, key distributor for Tripwire which has the capabilities and the resource infrastructure to impart knowledge to the resellers through product and technical training sessions. We support distributors with marketing initiatives or activities aimed at channel growth and development. For instance, with Bulwark Technologies, we jointly host reseller awareness meets and participate in trade events,” says Geytenbeek.
Following Dell’s strategic acquisition of SecureWorks the company now offers partners in the Middle East an opportunity to add to their existing security portfolio, a proven selection of security services to help protect IT assets, comply with regulations and reduce costs — without having to build internal security expertise from scratch, according to Basil Ayass, enterprise product manager at Dell, Middle East.
Ayass also says that Dell has also signed up with a partner in Saudi Arabia to establish a security operation centre built on the Dell SecureWorks deep security expertise and solutions to extend enhanced security services to customers in the region.
“Excellent channel management is critical to our business. We continue to invest in this area with resources focused not only on channel sales but also with additional resources focused on engagement, enablement and development in the security landscape. At Dell, we are building a strategic security software portfolio to address the needs of our customers with key assets in the fast-growing and highly profitable IT security solutions business. For instance, our acquisition of SonicWALL gives Dell access to unique intellectual property resources and technology that position us well in fast-growing parts of the software security business. With Dell’s Partner Direct Program, partners can leverage our intellectual property to establish a unique selling proposition and vertical expertise through continuous trainings and roadshows while simultaneously enhancing their own competency,” says Ayass.
Vendors believe that the shift in threat patterns and the overall security landscape will continue to drive the demand for security solutions, while simultaneously creating huge opportunities for the channel community to expand their security offerings at better margins.
Says Geytenbeek, “The last few years have witnessed a transition in the security landscape, from focusing on stand-alone security products to realising the benefits of wider security management solutions. We are now witnessing the next stage, as the world looks to technology to deliver risk management solutions that are integrated and comprehensive.”
“I believe that 2012 offers excellent business opportunities for the channel and especially those that continue to invest in solutions that enable customers to take control of their infrastructure. As customers have evolving complex IT infrastructure they are looking for trusted and knowledgeable partners that can advise them and are able to assist them with implementation, while vendors are looking for partners who are capable of positioning the product and maintaining a competitive edge while delivering superior service standards,” he adds.
Gemalto’s Ismail agrees. “The security landscape will continue to rapidly change as companies accelerate their adoption of cloud-based services as companies will look for stronger authentication technologies in a bid to enable the creation of trusted online identities. The greatest thing we can provide to our partners is a solution that is based on standards and provides flexibility for the customer to introduce stronger identity controls in line with their risk profile and budget constraints. This is why we consciously invest in training our partners so that they may provision and enhance the flexibility of our offerings as they work with customers to design a specific solution to meet the risk profile,” he says.
“The distribution and reseller channel has acknowledged and factored in the major trends in the security technologies landscape. In 2012 the already well-established security specialist distributor and reseller channel should keep growing, while in parallel broadline distributors and resellers are expected to accelerate the integration of security components and aspects to their overall portfolio. On top of that the channel is also actively developing its value-added services offering and capability overall but also more specifically when it comes to security in order to be able to effectively engage customers and ensure their expectations are met while integrating security solutions and supporting their implementations and evolving needs,” predicts SafeNet’s Pavie.
“SonicWALL will continue to focus on delivering the right product offerings that meet current challenges, coupled with trainings and putting in place the right infrastructure, equip partners with the skills and knowledge needed to leverage these trends and capitalise the ‘early bird’ advantage as the next 12 to 18 months witnesses more changes in the areas of virtualisation, consolidation and cloud services,” says Malecki.
With vendors and distributors focused on delivering best-in-class security products and services, now all end users have to worry about is finding a partner that understands their unique pressure points and helps them deploy and maintain a security infrastructure customised to fit their enterprise environment and culture.