Making the transition from a reseller to a managed services provider
Garry Sidaway, SVP security strategy and alliances at NTT Security looks at how to make the jump between the two
Cyber security is now hitting the consciousness of the majority of businesses. And, as more and more organisations embrace technologies to increase productivity and collaboration, a range of information security and risk management challenges are coming to the forefront.
The focus now is for IT security providers to break down these barriers and deliver the necessary industry independence and separation to ensure that transparent information security enables organisations to embrace the changing business and social climate.
VARs transferring from being a reseller to a services focused provider offering managed security solutions is absolutely key here. This requires a focus on the business issues and a holistic approach to technology along with a clear understanding of a resilient cyber defence architecture and the services to implement each aspect.
VARs typically have a narrow focus on a limited number of technologies where their expertise is deep but not broad. A services-focused company on the other hand has to make the transition to encompassing a broad and deep understanding of the business challenges just as much as the technologies.
Here are a few essential steps for resellers shifting to service centricity:
Security device management to services risk management
The key to transformation is to deliver solutions that deliver an actionable and holistic view of business risk. VARs need to grow and expand their offerings, and move away from limited technology decisions as well as the health and availability of a device. Most customers, for example, do not want alerts on the health of a router but they do care about the risk to the service. Essentially, customers want an end-to-end view of risk to their services and to their business.
Channel Pro Newsletter
Stay up to date with the latest Channel industry news and analysis with our twice-weekly newsletter
Well-defined managed and professional services
Resellers need to clearly define the services and practices that do not currently form part of their portfolio. These services should be global and cover all aspects of a resilient cyber defence architecture. Each should also provide repeatable business with either direct managed security services or blended services, mixing capabilities across the two service areas.
Resellers must also drive a customer centric approach by combining client facing functions. The service desk must combine separate functions to ensure an end-to-end service from procurement of the service or technology through to management and decommissioning. Finally, they should also implement business reports showing the value of the services and align to industry and compliance standards, ensuring the information provided enables the business to make informed decisions.
Transformational agile business solutions
In order to provide transformational and agile services, VARs have to build a global brand that encompasses leading edge services with trusted advisors that not only their clients recognise but the industry too. Then, to expand and deliver against this model, an agreed methodology of delivery must be defined to deliver business value and a consistent engagement with clients.
In addition, they should also provide customised bespoke services that meet the changing demands of clients and respond quickly to market drivers that may be outside of information security, yet impact the overall business. Cloud and consumerisation are such drivers – these require engagement with the business as well as an agile approach to provide services that may not become mainstream.
Essentially, service providers must give organisations access to:
- Constant threat analysis and risk profiling
- Greater security expertise
- Faster user provisioning
- Outsourcing of administrative tasks such as log management
- A web interface that allows governance of the security environment and ongoing activities
- Separation of duties through a strong governance model
- Security architected into the solution and not bolted on
- Strong authentication, access and authorisation services
- Data and information management to meet existing and new regulations
Finally, we are also witnessing continued acquisition and consolidation in the cyber security market and this speaks to the importance of cyber defences in the modern business world.
Providers focused on a narrow technology base will find themselves isolated and unable to compete. Information security is seen as a niche area and the continued pressure to find the appropriate skills is forcing businesses to look for specialised and focused partners who they trust to make the right business decisions for them in terms of risk management and cyber defence.
For the VARs, this means they must become a part of the future of security and risk management – being forward thinking and positioned for the major growth role they can play in tomorrow’s digital economy.