This content is part of the Essential Guide: MSP security essentials for every IT service provider

Cybersecurity market: Channel firms target larger customers

IT security services seems a promising growth market for channel partner firms, but they may need to look to larger enterprises as their key demographic.

CHICAGO -- Entering the cybersecurity market has never been easy for channel companies.

To tap the market's potential, resellers and managed service providers (MSPs) need to recruit and retain security engineers who may rank among a company's most expensive employees. Channel partners also need to acquire the appropriate tools and infrastructure to offer IT security services, which contributes to the cost of entry. Then there's the non-trivial matter of learning to market security services to clients.

It's a tough target, and the experience of channel executives speaking at the CompTIA Annual Member Meeting suggests channel companies may have more success if they aim a little higher when it comes to customer size. The package of security offerings a partner creates could end up being too sophisticated or expensive for smaller businesses to consume.

Cybersecurity market: Moving upstream

Ken May, CEO of Swift Chip Inc., an MSP in the Los Angeles metro area, said the company is pursuing larger companies -- midmarket enterprises versus small businesses -- now that it has added a line of new security services. May said the security move was inspired by last year's CompTIA Annual Members Meeting, where he noticed the channel conversation shift to security.

Since last year's conference, May earned security certifications, including the SANS Institute's GIAC Security Essentials and CompTIA Security+, and assembled IT security tools to support penetration testing, vulnerability assessment and security incident and event management. He has also hit the public speaking circuit to position himself as a thought leader.

The cybersecurity market investment has opened a new revenue stream for Swift Chip. The new services have also resulted in a customer demographic shift, according to May, who suggested that small companies may not be in the market for penetration testing.

If you want to get some of the really big opportunities, you need to show you know their business better than the next guy.
Ken MayCEO, Swift Chip Inc.

May also advised channel partners eyeing security to think about specializing in a couple of vertical markets. Swift Chip, for example, works in the legal and financial services sectors. Focusing on verticals and acquiring expertise within a targeted demographic builds credibility, which can lead to up-market deals.

"If you want to get some of the really big opportunities, you need to show you know their business better than the next guy," he said.

The story is similar at WheelHouse IT, an IT services firm that offers data security services.

"We have moved upstream," said Chris Johnson, director of compliance and security strategy at WheelHouse IT.

Johnson sold his healthcare vertical MSP, Untangled Solutions, to WheelHouse IT in 2016. He said he previously sold security services to small medical practices but now is focusing on midmarket enterprises. Those customers are public companies with security compliance obligations or organizations with regulatory demands such as the Health Insurance Portability and Accountability Act.

Stelios Valavanis, who has evolved a series of technology services companies since the 1990s, launched onShore Security in the cybersecurity market in 2016. His previous ventures in software development, internet services and managed services contributed to the company's current emphasis on IT security and a specialization in monitoring. Valavanis, president of onShore Security, said the foundation for the new company takes advantage of the company's background in building custom network monitoring tools and experience in managing firewalls.

The company's 24/7 monitoring, analysis and alerting services, which use both custom-developed and open source tools, serves larger organizations. Valavanis noted the low-end of the customer spectrum for onShore Security's services spends about $5,000 per month. He said the service also involves generating reports for customers on the applications and networks being monitored.

"The smaller guys don't need it," he said of round-the-cloud monitoring and analysis.

Still hope for small business services

Channel partners, however, need not give up on providing security to their smaller customers. The trick is finding services such companies can use and buy. For example, Valavanis said he believes channel companies can offer security policy consulting services to small businesses. He said partners can provide such services on a flat-fee or as-a-service basis.

In addition, the larger-customer focus may create economies of scale transferable to a service provider's smaller customers. May said pursing larger clients has provided his company with greater "purchasing power" for security software licenses. Swift Chip, he noted, will be able to pass that economic benefit onto smaller clients.

Next Steps

Read Intel Security's take on channel's cloud security role

See what CompTIA has to say about channel partners expanding in security

Find out how cloud-based security trims client costs

Dig Deeper on Managed security service providers