Andrea Danti - Fotolia

News Stay informed about the latest enterprise technology news and product updates.

CompTIA: Channel companies should expand security offerings

A CompTIA report says more IT channel firms are offering security services, but suggests many partners aren't positioned to deliver a modern security offering.

IT channel companies have a great opportunity to up their game when it comes to building a robust security practice as businesses continue to struggle with escalating IT security complexity, according to CompTIA's "Security in the IT Channel" report, released today. The journey, however, is not without the need to make adjustments. The report is based on data collected from 400 IT channel professionals.

Taking a deep dive into IT security offerings, practices and experiences from the channel firm perspective, CompTIA report author Seth Robinson, senior director for technology analysis, identified several key takeaways for partner firms:

  • As security concerns rise to the top for companies of all sizes, more are taking action and increasing spending on security offerings while at the same time more channel companies are offering security services. In some cases, managed service providers (MSPs) are adding security offerings to their portfolio while another scenario is that there's a growing number of managed security service providers (MSSPs) who focus their business solely on security.
  • Channel firms reported that the security technologies and services that generate the most revenue are firewalls (38%) and antivirus (20%) -- going forward that's got to change. Firewalls and antivirus need to be a piece of a broader set of security offerings that includes: technology, tools, process improvements, risk analysis, compliance and end-user education.
  • As channel companies begin to get more proactive about security when working with their customers, they're going to have to become more comfortable having business conversations about the cost and return on investment (ROI) of security.
  • Partner firms need to build their own brand and expertise around security instead of relying on the reputation and brand of the security vendors they do business with.

Gartner projects that spending on enterprise security will reach $100.3 billion by 2019. As security continues to be a top IT concern for businesses, most recently driven by mobility and cloud, they face increasingly complex security issues that are driving them to take action.

I think partner firms are responding to the fact that businesses are beginning to take more action around security.
Seth Robinsonsenior director for technology analysis, CompTIA

While part of a security offering is technical or prevention, another part of security is about detection or finding anomalous behavior and taking an offensive approach. According to CompTIA, businesses must combine technology, processes, and education in order to protect their digital assets -- and, so must partners.

According to the CompTIA report, channel interest in security reflected an uptick in security concerns by businesses over the past 12 months.

"I think partner firms are responding to the fact that businesses are beginning to take more action around security, by the number of channel firms showing an interest in specializing in security," Robinson said.

Cognoscape LLC, Addison, Texas, for example, has included foundational layer of security services, such as backup and disaster recovery, antivirus, antimalware, antispam and patch management -- in addition to other IT services -- since the company was founded about seven years ago. Cognoscape focuses on small and medium-sized businesses. What company owner and CEO Charles Tholen has seen change when it comes to security over the years is the perspective of the buyer who is more willing to invest in security rather than not invest.

"Clients used to think, 'I'm not going to be a target; I'm not going to spend a lot of money on security.' Now, they're thinking, 'It's not a matter of if, but when,'" he said.

Over time, Cognoscape has been draw into providing more advanced layers of security and the MSP has reoriented the stack of security tools it provides in its foundational security services. More recently, a big area of focus for the partner is the addition of security awareness training for clients. 

The company also offers more advanced active monitoring services, network policy management, risk mitigation and has its sights on offering security information and event management (SIEM) as a service.

Cognoscape clearly has momentum in its security technology and services practice. That's not the case with many partners, according to CompTIA. While many channel firms reported having a robust security portfolio -- listing more than 20 items -- firewall technology and antivirus brought in the most volume/revenue for these companies. More advanced technologies, such as mobile security, security education and compliance management, to name a few, lingered lower on the list.

Furthermore, the report revealed that while partner firms may have access to a long list of security technologies and services, many partners aren't positioned to deliver a modern security offering that requires a mix of products and services.

"Channel firms should be sure that they can support this mix beyond simply stating that items are available for purchase," Robinson said.

Additionally, partner firms migrating towards a security specialization not only need to have the right mix of products and services, they also need to build their own brand and tout their own value add. Partner firm branding requires a channel company to build out differentiation -- problem solving, infrastructure, software or intellectual property, for example.

According to the CompTIA report, only about one-third of partner firms balance vendor reputation and value-added services in their messaging, with only 1 in 10 partners primarily relying on the strength of their own services or innovation. In fact, the report noted that MSPs and younger firms are more likely to focus on individual brand while other partner types rely on vendor products and reputation when making sales.

The "Security in the IT Channel" report also looked at workforce dynamics such as having security skills in-house, strategies to close the skills gap and having the business acumen to start conversations with customers about security costs, ROI and the cost of poor security, which requires partners to talk to CIOs, CEOs and line-of-business managers.

According to the report, there's an even split between channel companies starting the business conversation about security and clients opening up the discussion, or 51% versus 49%, respectively.

SearchITChannel spoke with ESG analyst Kevin Rhone earlier this year, at which time he said that he views security as one of the biggest transformative trends for partners, comparing it to the importance that adding a cloud practice was two years ago.

Next Steps

Learn how MSPs plan to expand their security offerings.

Gain insight into the channel security issues surrounding HCI, IoT and SDN.

Read about the potential drawbacks of building a security practice.

Quiz yourself on the latest channel company developments.

Dig Deeper on Managed security service providers