Sophos has outlined plans to drive further subscription growth across the channel as partners build out managed security services.
The deepened focus comes as technology providers continue to convert reseller contracts into monthly billing models, with increased security demand accelerating market change.
While such a shift is nothing new for the supply chain, the rise of managed security service providers (MSSP) is redefining the core attributes of a partner, as the channel combines as-a-service capabilities with security expertise.
“Partners are becoming MSSPs, it’s that simple,” said Kris Hagerman, CEO of Sophos. “Across every single geography in the world we’re witnessing this huge upswing as partners continue to build out security services.
“Partners understand that they need to keep moving up the value chain because customers are now demanding this. Businesses today want partners to manage security for them and as-a-service is the preferred model.”
Addressing the channel during Sophos Discover - an invite-only partner conference in Sydney, Melbourne and Brisbane - Hagerman said successful providers are going deeper with customers to build out long-lasting strategies, delivered on a recurring revenue basis.
“The leading partners are discussing the importance of security with customers, that’s first and foremost,” Hagerman explained. “They are explaining what would happen if a breach occurred and why the board-level should be aware of this impact.
“Then they are systemically going through the estate of a customer, assessing areas in which they are covered and not covered. They are getting the basics in place and expanding out from the core fundamentals.”
The increased focus comes as worldwide spending on security-related hardware, software and services is forecast to reach US$133.7 billion in 2022, according to IDC findings.
From a channel standpoint, security-related services will be both the largest (US$40.2 billion in 2018) and the fastest growing (11.9 per cent) category of the market globally and locally.
Managed security services will be the largest segment within the services category, delivering nearly 50 per cent of the category total in 2022, with integration services and consulting services responsible for most of the remainder.
“We’re seeing a rise in CISO-as-a-service offerings from partners locally,” observed Jon Fox, channel director of Australia and New Zealand at Sophos. “More partners are investing in this capability and offering a true value-add for the customer.
“We’re seeing success with partners examining the entire technology stack of a customer to understand where potential vulnerability might lie, and then advising the end-user accordingly. This could be across on-premise, in the cloud or as-a-service.”
In addition, Fox said traditional resellers of hardware are now “seeing the value of security”, as the channel continues to launch spin-off practices dedicated to protection.
“They have seen security partners nibble away at their customer base and have had to respond through creating spin-off businesses and practices,” Fox explained. “They are starting to build security pillars within the business and are moving towards services as a way to differentiate.
“Partners are becoming MSSPs and we believe investment will continue to increase in this space.”
Backing up IDC findings, Gartner research also highlights a market on the increase, with services (subscription and managed) expected to represent at least 50 per cent of security software delivery by 2020.
According to the analyst firm, security-as-a-service is on track to surpass on-premises deployments, while hybrid deployments continue to entice buyers.
"On-premises deployments are still the most popular, but cloud-delivered security is becoming the preferred delivery model for a number of technologies,” said Siddharth Deshpande, research director at Gartner.
Deshpande said a “large portion” of customers plan to deploy specific security technologies, such as security information and event management (SIEM), in a hybrid deployment model in the next two years.
Managed services represented roughly 24 per cent of deployments, on average.
“We deliver advanced, highly effective and highly innovative security in a way that is simple and easy to deploy in the cloud, sold through the channel,” Hagerman said.
“That fundamental story hasn’t changed for the past five or six years but what has changed are the new technologies that we’re taking advantage of. We’re making progress across our solutions in the cloud which means our entire strategic portfolio will be managed in Sophos Central.”
Billed as a platform to manage synchronised security offerings, Sophos Central now accounts for around one third of subscription billings with 77,000 customers on the integrated cloud management platform.
Further expansion is also underway within the vendor’s channel and customer bases, with over 43,000 partners and 317,000 customers worldwide.
“Synchronised security is key,” Hagerman added. “We have information from the endpoint and information from the firewall which means we can do things which other vendors can’t do.
“We use granular awareness of applications on the endpoint to inform the firewall, which means we have 100 per cent visibility of the applications.”
According to Hagerman, partners only offering aspects of the Sophos solution, rather than an end-to-end capability, are well-placed to up-sell and cross-sell within current customer contracts.
“This allows partners to land and expand,” Hagerman explained. “If partners start with endpoint for example, they can offer to trial the firewall to demonstrate how much stronger the overall solutions can be.
“This provides the channel an opportunity to start from anywhere and start building out bigger deals with customers. This aligns with the ethos of delivering enterprise-grade industrial strength security while at the same time making it easier to manage.
“Our view is that those aspects are self re-enforcing, we don’t believe they should be compromised or traded-off.”
In assessing customer buying patterns, Hagerman said businesses today remain challenged by managing multiple vendor offerings in “complex” environments, creating a need for streamlined security offerings.
“We have a lot of data that would say security is too complex for enterprise customers today,” Hagerman said. “The market is filled with lots of vendors and in most cases, customers are managing multiple consoles in which the products don’t talk to each other.
“We believe we’re in a good position to address those problems and deliver improved security at the same time.”
At the latest count, Hagerman said more than 1200 independent security vendors currently occupy the market today, with around 90 per cent primarily focusing on the Fortune 2000.
Such a focus paves the way for partner growth outside of the world’s largest organisations, tapping into customer pool surpassing more than 60 million businesses.
“Of those 60 million businesses, some employ a few dozen, a few hundred or a few thousand people.” Hagerman added. “But they all face the same types of threats and challenges that the very large enterprise customers face, they just don’t have the same level of resources to address them.”