There are still 600+ companies in the security dating pool, so we're certainly not running out of options for partnerships, but it's clear that consolidation in certain markets is going to impact the way a VAR chooses those partnerships.
Consolidation is natural, necessary and predictable, so planning for the potential transition of a stand-alone product to a feature within a larger suite of features is really important. Sometimes this happens as a function of technology evolution, and sometimes it happens by vendor acquisition. Figuring out which is most likely takes a combination of skill, luck and timing.
I think it's safe to say that VARs maintain tiers of partnerships. These are usually driven by the amount of business done with a partner, which in turn is driven by demand from customers. Solid markets driven by a few stable companies usually secures the bedrock partner strategies that anchor the portfolio. These first-tier security vendor partners usually don't change. They define, in many cases, how a company leads and operates.
However, many times when technologies emerge, partnerships become opportunistic. These are second-tier security vendor partners. An investment made in an emerging space is by far the most tenuous because one must make a bet on unvetted companies with unproven solutions. This is a gamble that sometimes pays off, but sometimes it does not. At this tier, the consolidation and elimination factor is high.
NAC and DLP are perfect examples of emerging technologies taken to market by second-tier vendors. The last few years have seen the emergence of dozens of companies that have either changed their business models to enter these markets or were created from scratch to do so. For many reasons these markets have not matched the hype, and many of these companies are selling, being acquired, changing strategy or going away.
Partnering is an investment in time, money and trust, and there aren't often second chances if expectations are not met on either side. Choosing on which side of the stability/agility partnership fence one wishes to stand is really critical.
Deciding whether or not to add more vendor partners as "insurance" really smells of desperation and poor planning. If the business case merits partnering, then one should certainly consider it. On the other hand, hope is not a strategy, so doing the appropriate homework and understanding the long-term strategy of the security industry is critical if a VAR intends to be successful in the long term.
This was first published in January 2008