When it comes to the massive opportunity around security, solution providers need to double down, not dabble, top security channel chiefs said.
"Especially in the security field, being a jack of all trades is a challenge," said McAfee Head of Channels and Operations for the Americas Ken McCray. "There's too many different nuances that go into it. If you're looking to be very, very successful, it's about looking towards the future and specializing."
McCray, speaking at a roundtable discussion of top security channel chiefs hosted by CRN at XChange 2017 in Orlando, Fla., said the opportunity is a once-in-a-lifetime opportunity for many solution providers, but that those who try to tackle the entire market will struggle. He said the most successful solution providers will specialize in one area of security and invest big, then expand from there.
Fortinet Vice President of Americas Channels and Emerging Technologies Joe Sykora said one of the biggest mistakes he sees solution providers making in security is trying to do it all and sell every vendor line. The challenge, he said, is that they then spread themselves too thin and can't provide the expertise needed around high-stakes security technology.
"You have different levels of ranking operation maturity and that's where people make mistakes," Sykora said. "They think they can be everything and instead, they hire all these engineers, offer all these solutions, and they go out of business." Sykora said this problem is especially acute in the SMB and midmarket.
Sykora said solution providers can find plenty of success by specializing on one area of product or services, then going deep in their expertise around that area with customers.
Todd Weber, vice president of partner strategy and research at Denver-based solution provider Optiv Security, agreed, saying partners need "deep expertise" to be able show value. When at scale, he said that requires significant investment in resources, recruiting, training and knowledge management systems.
Weber said there are "certainly dangers for clients" who don't have solution providers with the right expertise to put proper controls and governance in place.
"Solution providers should consider partnering to provide more holistic solutions to clients," Weber said.
That specialization can also translate into more vendor investment. The security channel chiefs all agreed that they are focusing their partner investments on those who have a focused security strategy and double down with a smaller set of vendors.
"It's a self-fulfilling prophecy: The more they commit, the better they get at solving the customer's problem, selling the solution that they are trying to sell. … Then they get that counter-investment from the vendors as well because the vendors see that they've made that commitment," said Crowdstrike Vice President of Business Development, Alliances, and Channels Matthew Polly. "We commit to the partners who commit to us."
McAfee's McCray agreed, saying partners need to "get off the fence" when it comes to working with multiple vendors to secure that investment. He said companies like McAfee aren't looking to focus investments on partners who will quickly quote the competition to customers. By focusing on fewer, but deeper vendor partnerships, he said solution providers can get more investment from vendors and better focus their engineering and technical teams.
"[Partners] need to pick a vendor and they need to establish a relationship with that vendor and they need to go to war with us," McCray said. "Partners who are walking in with us one day and walking in with my competitor the next day – that's a problem for us. That's a resource drain on all of us and all of a sudden we've devalued the entire solution. For me, partners need to get off the fence and they need to pick the manufacturer and determine who they are going to go to market with." All the channel chiefs agreed.
Sophos Vice President of Global Channels Kendra Krause said she is seeing partners increasingly moving to this model, focusing their efforts on fewer, more strategic vendors in security.
"I think that's the trend that's happening. We're seeing more and more of that," Krause said. "The partners that are with us, are in with us."
Kevin Richards, managing director of security strategy for North America at Accenture, said he is also seeing clients themselves looking to have deeper specialty around security. Richards said customers progress through three phases of security: interest, understanding and action. He said customers often have the interest and willingness to act but are now looking to go deeper and have an understanding of security and the impact it can have across the business.
"I think the leadership and the boards of directors and the C-suite are becoming much more savvy. They don't have to understand how to configure a firewall or cryptography software, but they are getting a good understanding that this isn't just a bolt-on. This is integral to the success of their enterprise," Richards said.
For Accenture, which has invested heavily in building out its security practice and consulting business, Richards said that means tying together the security practice more tightly with the company's other IT and digital transformation projects. He said he only expects that trend to grow as more customers look to double down on security.
"It's moving in the absolute right direction. We will see how quickly it continues to go on," Richards said.