Let's get this out of the way up front. Since September 11 we all know the definition of a worst-case scenario. Almost every company in Australia is in the data business, like it or not. Some of that data is mundane and incidental to the way the business works. Some of it is kept as a legal obligation, such as for taxation purposes. But most of it represents the lifeblood of the company and is absolutely critical.
During the periods of rapid growth in the nineties it was often sufficient to keep up the flow of hardware, and perhaps some software, to organise things. Data was all about storage, so that's what you sold. Data doesn't fade away or pack itself tighter at the bottom of the warehouse, and it doesn't stop collecting just because business gets tighter. Thus, the hardware market is still there if you look for it.
But storage hardware is a commodity item today and can be easily replaced by offsite data centres if necessary. So where to from here? Once upon a time, consultants and SIs, as caring and thoughtful suppliers of IT, might have considered it their job to brief customers on the security of their data. Nowadays customers are more likely to be asking them. Of course, if they're not, resellers should realise they're probably asking someone else.
Think bad things
Security means different things to different people. All too often it's about not wanting a disaster to happen again. Like the day the office burned down and the realisation dawned that it didn't matter how many backup tapes there were if they were all stored in a cupboard next to the server, adding to the intensity of the fire.
Or the day it's realised that the sneaky salesman, fired six months ago, has been regularly logging into the company intranet using the IT manager's backdoor username and password and distributing tender proposals to competitors.
Providing an integrated security component to a storage solution doesn't have to mean reinventing the business. Smaller dealers may find it more practical to partner with security consultants and service providers that can provide complementary solutions. Finding these partners can be as simple as asking peers or customers - don't be deterred by pride.
The sense in security partnering becomes obvious when looking at the wide variety of needs. As a reseller you may already supply some of the following, but how many?
- Secure offsite storage
- Offsite disaster-recovery facilities
- Employee security checking
- Physical access barriers
- VPNs and remote-access security7 Real-time redundancy and availability- Uninterruptible power supply7 Identity checking (including biometrics)- Security auditing- Firewalls- Intrusion detection- Internal security breaches- Ethical hacking (a user checking its own security)Be openThere will be times when your customer wants something that you've never thought of before. For instance, it's now being revealed that some data centres in the World Trade Centre were automatically switched over to backup centres in other cities in the first minute of the crisis. This wasn't done by someone hitting a switch, but by automated systems that detected sudden changes in air pressure, temperature or mains voltage. That sort of forward thinking needs expertise to implement.
The channel should be advising customers on their obligations under the new privacy act, due to take effect on December 21. Providers that think it's not their responsibility might want to invest some thought into how they're going to reply when customers ask why they weren't told to beef up security, especially if they've just been hit with a "please explain" note from the authoring body.
Channel X: How big is the market for security related to data?
Verykios: Any business that collects information on customers and suppliers is required to comply with the new regulations in the privacy act, so all those businesses are targets. Overlay that with every business that needs a business-continuity plan and you have the size of the market - pretty well every business in Australia.
The law requires compliance and good business practice is essential to staying in business. These two things, from a business principles perspective, will force every business to look at its security policy; specifically, how its data security policy integrates with its physical security policy.
How do you approach that target?
Understand that data security is the last mile of a complete security policy. Businesses already have their policies in place, from the most basic shredder policy and intrusion detection. That must spread down to the desktop via the server room. And don't forget intrusion via a remote connection.
It stands to reason that the way to generate this business is to partner with the prime contractor of the security policy, such as AD, Sensormatic, Chubb or Wormald. A data-security specialist, such as NetStar, Logical, Citadel, 90east or Kambay, would add value to the prime contractor by providing essential technical expertise to fill the gap.
How do you fill that gap?
That's the third level, involving the management and use of content that exists within the security policy. That triangle of partnership translates from technology to product. It's the product that end users will buy.
Data security is never an off-the-shelf solution, so it offers resellers a competitive edge. The quality of the partnerships created will in turn dictate how much of a competitive edge you can give your end user. That edge must translate into business productivity so that you can get a purchase order, which can come in the form of how you charge for productivity gains. It's quite conceivable that the billing model is related to a percentage of the savings or productivity gains made by your customer.
How do users fund their equipment?
Leasing! No CEO in their right mind wants IT equipment on the balance sheet. What we're talking about is the funding of security and storage infrastructure - the securing of stored data. Users don't mind paying for a demonstrable result like that.
What's your advice to the fence-sitting reseller?
There won't be a next year for you. Wrap up your assets, pay your creditors and think of a business you can be proactive in. Those who sit on the fence are the ones who watch others succeed. If you're going to stay in the business and you aren't continually re-evaluating your partners, you're already behind. Ask your customers what they need.
Remember, vendors create the best technology they possibly can and sell a load of it. This is where the channel must be allowed to do its thing - there's no other value from the channel but translating a commodity sell to business productivity. There are three things that are essential to your customer and to you: cost reduction, revenue growth and the ability to hold a long-term stake in the market. To achieve these, you must first be a student of business. Only then do you become a student of your industry. If no other technology has gotten that message across then the security storage and content management/delivery initiative will. Not because of the technology itself but because of its relevance to business continuity and legislative compliance within a now-mature market.
Channel X: Do storage and security go hand in hand?
Blozan: I visit approximately 10 end users per week with partners and there isn't one customer out there who isn't grappling with data growth, protection and security issues. Even in a tough economy these issues are something that every company must address. Data is the lifeblood of every business. Interestingly, many of these customers don't even realise they're exposed until they have to answer the tough questions.
What's stopping the average reseller from offering data and security solutions and expertise?
By their very nature, data and security solutions can be complicated. Most people know how to install a backup solution or antivirus software, but when you start talking about a storage area network, clustering or disaster-recovery capability it's far more involved.
There are really two options for resellers looking to focus on this market. The first is to develop in-house expertise via vendor training and committing technical and sales resources to gain that knowledge. This approach can definitely lead to a higher revenue stream for the committed partner.
The second way is to use vendor resources to deliver the expertise. In this way, resellers can still sell the service and make a margin but the actual services will be provided by the vendor's consulting and engineering teams.
How can a reseller differentiate itself?
One approach is to provide a nominally priced service such as a storage assessment where you can determine the nature of the storage and security solutions currently in place. During this process, you can determine all the holes' in the current environment and help to develop a plan for improvement. Obviously, a reseller needs to have some training in order to be able to provide this type of service, but that level of value is what customers are looking for.
What has September 11 taught us?
Companies require not only data protection but solutions that allow them to cluster their key Web-based applications and replicate their important data to a disaster-recovery site. The need for that site to be physically separated from the primary site is more apparent now than ever.
What does physical security mean to the reseller that has only ever sold boxes?
Physical security is often one of the most overlooked and yet most important aspects of any environment. It doesn't do much good to have a high-availability clustering solution in place if someone dressed up as the window washer can get into your IT lab and steal your servers. Resellers can help with everything from disaster-recovery planning to simple tape-rotation strategies.
What's your advice to the fence-sitting reseller?
IDC estimates that in many cases storage represents 50 per cent and sometimes 70 per cent of the value of the system sale. And it gets upgraded more frequently too. If you aren't selling storage in all the areas, including annuity and after-market storage, someone else is. Storage drives server sales and opportunities definitely exist in your accounts today. Storage sales allow for increased value-add, account control and higher margins. In short, get off the fence and get into a market that is rapidly expanding and full of opportunity.