Despite the decision by some security software vendors to offer their products on a Software as a Service (SaaS) basis, there will be sales and services opportunities for value-added resellers (VARs) selling both security on its own, and security SaaS, according to vendors and analysts.
botnet identification services. Symantec launched its Online Backup Service in April, and McAfee boasts that it began offering its security SaaS in 2001. Buying security software as a service, rather than an in-house installation, is most popular among small and midsized businesses, according to Jack Marsal, McAfee director of product marketing for Web and email security.
With all the movement towards security SaaS, a traditional reseller might worry that the market in the channel is shifting to favor managed service providers (MSPs). But VARs will still have plenty of work to do, said Paul Myerson, channel analyst for Enterprise Strategy Group.
"I don't think it's going to have a tremendous negative impact," he said.
Most vendors' security SaaS offerings focus on specific tasks -- online backup is a popular one -- and do not provide complete security solutions. VARs can fill in the gaps for their customers who use those platforms, and they can continue to perform security assessments and other profitable work that they have traditionally done, Myerson said.
Chenxi Wang, principal analyst for Forrester Research, agreed. Even though more products are coming out on security SaaS platforms, "there are certain things that will be difficult to move entirely to the software-as-a-service space," she said.
In fact, the trend towards security SaaS could actually create new opportunities for VARs, she said, because subscribers' extra Internet connectivity makes them more vulnerable to malware.
"There're more opportunities for hackers to compromise your endpoint and perhaps compromise your entire software-as-a-service system," she added. "Security of the endpoint is still very important."
Furthermore, Wang said, many customers are still hesitant about trusting their security to a SaaS platform, so "for the next two to three years, [VARs are] still going to have a market to play in." But, she warned, "if they're not thinking about what to do in two years, they should be."
In the meantime, VARs are not losing out on money by sticking to their traditional roles, said Andrew Sullivan, McAfee's project manager -- although they are missing out on the predictable revenue streams that security SaaS subscriptions provide.
"As far as I know, margins are relatively equal (between VARs and MSPs)," he said.