Within hours of the biggest ransomware outbreak in history ravaging every corner of the earth, security vendors raced to research labs in a frantic bid to stem the tide.
Yet in parallel, marketing and PR departments were in overdrive, pushing out countless - and often pointless - communications around the value of protection, the importance of security and unashamedly, why product X was the answer to the world’s problems.
Press release here, whitepaper there, monotonous ‘expert’ musings everywhere.
And partners were at it also, bombarding customers with cheap rhetoric on social media around how they could be next, why nobody is safe and why Australia and New Zealand (A/NZ) is now a target.
Yawn. Perhaps someone should have mentioned that the industry has heard it all before.
Because three months since WannaCry struck at the heart of the UK National Health Service (NHS), the Russian government and the Spanish telecommunications sector - as well as over 100 countries - the channel is once again picking up the pieces.
But instead of aligning with the misguided belief that customers are unaware of the rising security threats in the market, and that they desperately crave education and enlightenment, isn’t it time for the channel to change the game?
“We’ve had our worldwide wake-up calls this year,” acknowledged Kris Hagerman, CEO of Sophos, when speaking to ARN on the ground at Sophos Partner Conference in Bangkok. “They serve as a reminder to ensure customers are on modern operating systems, are updated and patched and are working with the right trusted advisor and security vendor.
“It highlighted the value of adopting a multi-layered systemic approach to security and for the organisations that did, WannaCry was not a problem.”
Despite the acknowledgement however, Hagerman refused to revert to standard vendor preachings around protection, recognising that security consistently features as a leading priority for IT executives across the world.
Such a sentiment was backed up by EDGE Research findings, which places security as the no.2 spending priority for customers across A/NZ in 2017, behind only cloud in terms of investment.
“Every year for the past five or six years, IT leaders of any sized organisation have consistently ranked security as a top priority, and it’s gaining ground on others such as cloud,” Hagerman explained.
“WannaCry broke through the industry and became a front page story in every major publication across the world - that doesn’t happen very often, perhaps a few times a decade.
“So there isn’t a lack of awareness around the importance of security, but every few months or quarters the industry receives a jolt which prompts everyone to think differently.”
And thinking differently is key for the channel, with the awareness and education game only taking partners so far.
Because while some businesses - usually smaller - still require greater awareness training, on the whole, end-users are up-to-speed with the consequences of inaction around security.
The key opportunity for the channel lies in building effective security strategies for customers, strategies capable of delivering increased protection across an organisation, irrespective of size or stature.
“Security is a broad and complex topic, sitting within a huge industry with a threat landscape that is growing faster and faster,” Hagerman said.
“If customers want an effective way to address challenges, they must be thoughtful about aligning with partners who really understand the strategic element of security.”
With the industry plagued by a skills shortage, security-focused partners are assuming expert roles across the market, helping structure viable business strategies around protection.
“Partners must help customers recognise security with the right level of priority,” Hagerman added. “They must have the budget walk follow the talk.
“The way we deal with security at Sophos in our own IT group is no mystery. We talk to our security team and ask - What do you need to keep us secure? How many people do you need? What tools do you need? How much budget do you need?”
Built on internal trust, Hagerman said once a strategic approach is developed at an operational level, the left over investment funds are then moved over to the IT department.
“I can’t think of another element of IT where if you get it wrong, the whole company is exposed and the business may or may not survive,” he said.
“If you delay the roll-out of an application or the upgrade of an operating system, of course you’re not operating at the level you would like but it’s not jeopardising the health and survival of the company.
“If you get security wrong it can literally do that. Internally, we have put our money where our mouthes are and we maintain that priority at board-level and when allocating budget.”
In organisations that have aligned the walking and the talking, clear strategies are being built, with major banks and healthcare organisations in particular rethinking processes around security.
Amid a broad and fast-rising tide, Hagerman is at the helm of a security vendor taking a focused approach to the market, an approach that sees the business in line to crack a billion dollars in billings by FY20.
“We’re very clear on what we are the best in the world at and that’s delivering a simple, innovative and highly effective approach to security,” Hagerman said. “And the channel is at the centre of our mission statement as we target the mid-market enterprise space together.
“But we sell to much larger organisations also because we have a commitment to delivering enterprise-grade industrial strength protection, which happens to be delivered in a way that is easy to use.”
As a result, Sophos is essentially going against the grain, targeting businesses outside of the Global 2000 to take advantage of untapped potential across the mid-market.
“We explicitly and unapologetically focus on the other 60 million businesses across the world,” Hagerman said. “That’s a perfect marriage for the channel and it’s the only way we go-to-market.”
Alongside a channel-only strategy, the network and endpoint specialist provider is also adding new levels of market value through Sophos Central, a cloud-based management platform built with the partner in mind.
Designed to simplify the administration of multiple Sophos products, the platform was created to enable more efficient business management for partners, built on the foundations of three core components - Admin, Partner and Self-Service.
“When we develop new technologies, we do it from the ground up with the channel in mind,” Hagerman explained. “Sophos Central has been a rocket ship for us in terms of adoption, with over 45,000 customers now using the platform.”
On the outside looking in, Sophos Central is cloud platform which allows easy access to the vendor’s entire portfolio, providing value for both customers and partners.
Yet for Hagerman, many don’t grasp the fundamental differentiator.
“We built this for the channel,” he said. “Almost every other cloud platform to the extent that a security vendor has one, has been built for end-users.
“In most cases those vendors view it as a way to bypass the channel and get direct to the end-user. We built it to empower the channel to make it easier for partners to sell to new customers, enhancing both top line and bottom line growth.”
Such a channel-centric approach, according to Hagerman, is the difference between success and failure in the increasingly crowded security market.
Following a period of sizeable industry change - triggered by increased mergers and acquisitions (M&A) activity - Sophos sits in a market that looks and acts differently to a market of 12-24 months ago, such is the evolutionary nature of security.
“We’ve been consistent throughout,” Hagerman said. “Other vendors have been buying and selling companies, changing CEOs and going through a number of strategic changes.
“Symantec has had a lot of CEOs during the past few years and McAfee has been going through changes also, the latest being ground private so you don’t quite know what they will want to be when they grow up. We know what we want to be and we’ve been consistently doing that for five years.
“Our partners appreciate the consistency and our commitment to the channel. It’s not one of our routes to market, it’s our only route to market and that clarifies the mind.”