Jamie Box, VP Global Sales at SentryBay disses the necessity for vendors to stay loyal to partners and not succumb to direct requests from end-users who can’t get access to the local knowledge and face-to-face interaction they are used to from resellers and changes in how security software is being purchased.
The past year have been a gamechanger for everyone, not least resellers working in the security software market. For businesses that pin their success on face-to-face interaction and a deep, local understanding of a customer’s requirements, the rug was literally, and quite devastatingly, removed from under them.
While visits to customers and working on-site became out of the question, many resellers simultaneously found themselves scrambling to meet urgent customer demands for security solutions to protect suddenly vulnerable corporate networks. Or they were being pushed out of the buying loop altogether as enterprises went directly to vendors.
The bottom line is that the pandemic has accelerated the security software market in the same way that it has accelerated digital transformation, but resellers have been hampered in how they could respond to it. A year ago companies needed systems in place that would support remote working models, now they need systems in place that support hybrid working, but in the meantime, accepted processes and timescales have gone awry.
Ordinarily a CSO would assess the security stack, identify where improvements could be made, balance urgency against the available budget, and then, in consultation with an integrator, put in place a 12-month minimum plan. Since the pandemic, the same CSO’s have had to adapt their approach at breakneck speed and action short-term projects that deliver new security solutions within just two to three months.
This increased and urgent demand is extraordinary in an enterprise market in which resellers and vendors are more accustomed to being the proactive, rather than the reactive party.
More change afoot
The situation is now changing again. As offices begin to open and employees are encouraged to come back, at least some of the time, the question of which devices they can safely use has re-emerged, but it must be looked at in context. For many enterprises, the cost of deploying hundreds of managed devices to remote workers last year was deferred by creating a BYoD estate in which employees could use their own devices to access a VDI.
Whilst remote access environments like VDI are not disproportionately vulnerable to risk, compliance auditors are now increasingly demanding that organisations properly audit and take reasonable measures to protect devices before allowing remote access to corporate systems.
The most significant security weaknesses faced when using VDI are keylogging, screen scraping and browser vulnerabilities. Companies have found that, in order to be compliant with important regulations such as PCI and HIPAA, the framework demands protection against these risks in particular, and it is not optional.
In recent months, as silicon shortages and supply chain delays have forced enterprises to adopt BYoD and VDI, security companies like ours have worked closely with the channel to rapidly deploy endpoint protection not only against attacks on the network, but also to ensure compliance. Now, as the workforce becomes more mobile again and greater numbers of employees come off their furlough arrangements, the need for endpoint protection is set to accelerate.
The channel is fundamental in the process of educating end-users and reiterating the importance of securing endpoints. Keylogging, along with spyware, has been ranked as the most commonly seen malware globally, and along with screen capture, it is essential for companies to defend against it. However, making the best security solutions available to end users is not enough. Enforcement techniques need to be implemented in order to ensure unmanaged devices have a suitable level of protection prior to accessing corporate environments. Integrators have a significant part to play in encouraging enterprises to use solutions that facilitate employee onboarding and give clear oversight regarding levels of engagement.
There is little appetite among end users to install security software on their own devices, particularly mobiles and iPads, despite them being regularly used to access corporate data. But CISOs need assurance that their workers and their devices are compliant, and the best way of achieving this is not by prohibiting use of virtual desktops, but simply by making sure they are being used within a secure environment. Concerns about employee privacy can also be laid to rest, because while personal devices become protected clients, with the right security solution, they can still be used anonymously by the device owner.
Implications for the channel and vendors
From a security software vendor perspective the changing environment is advantageous. We’ve probably had more direct contact from end-user organisations in the past year than in any other, but fallout from the pandemic should not be a reason for vendors to change channel strategies, in fact, now is the time to remain loyal.
Specialist security integrators will need to rebuild their relationships with local customers for whom they bring unique value, years of insight and experience and a focus on the enterprise that would be hard for any vendor to replicate. The level of trust that ordinarily exists between an organisation and a reseller will return as face-to-face contact and activities including training and workshops resume.
The huge advantages of dealing with one company to supply an entire system, manage onboarding, training and deliver ongoing support, cannot be underestimated.
But alongside this, vendors must clearly show their commitment to the channel. While being understanding of the end user’s point of view, vendors should not succumb to direct requests but should instead steer companies towards trusted partners. Now would be a good time to invest in systems and collateral so partners can adequately support customers and still give them all the benefits of their unique expertise. Initiatives such as implementing a PRM will ensure partners have the information and support they need to make processes work more easily and provide them with access to the resources they need, when they need them.
This is not entirely altruistic of course. Resellers reinforce the credibility of vendors; it is their role to evangelise a vendor’s product and the power is with them when it comes to upselling solutions that benefit vendors. It goes without saying that if a partner we are working with is specifying a VDI solution, we want to be recommended in tandem as the best endpoint security software.
Given the significant change in the dynamics between vendors, resellers and end-users, however, the onus is now on us, as vendors, to make sure our relationship with the channel comes first. The focus should be on identifying and providing the support that partners need and driving them as champions of our products. We can anticipate continued changes in these uncertain times, but our commitment to the channel should be steadfast. Trusted partners are valuable, they are the difference between winning a new customer or not, and we have something to prove to them after the tumult of the past twelve months.
Read the latest edition of PCR’s monthly magazine below: