Stepping up to sell security services in A/NZ
Article by WatchGuard Technologies A/NZ regional director Mark Sinclair
As 2019 gets into gear, what does the future look like for in-house security for SMBs and mid-size enterprises?
There’s a mounting case and a profitable opportunity for resellers to diversify into managed cloud services, as customers look to delegate their increasingly complex security requirements to trusted ‘one-stop shops’.
A growing opportunity
Australia and New Zealand’s cyber-security sectors are in growth mode, courtesy of rising threats from hackers and cyber-criminals. Gartner predicted businesses and organisations would invest $3.8 billion on high tech protection in 2018 - up 6.5% on the previous year’s spend.
High profile attacks and breaches, such as 2017’s Wannacry incident and the 2018 PageUp breach in Australia, which saw the personal details of thousands of Australian job candidates accessed unlawfully, have prompted organisations to up their spending on solutions and services.
Meanwhile, tough new privacy regulations have hammered home the need for enterprises to take data protection seriously and be ready to respond.
Under recent changes to the Privacy Act, Australian businesses with annual turnover greater than $3 million must notify customers and the Office of the Information Commissioner within 30 days, should they experience or suspect a breach. More than 300 organisations have done so since the regulations came into effect in February 2018.
Fines for failing to react and remediate appropriately can rise as high as $1.8 million, for serious or repeat offenders.
The European Union’s GDPR regime, which covers all EU citizens regardless of domicile, allows organisations much less leeway. They have just three days to respond in the event of a breach and the maximum fine imposable is an eye-watering 20 million Euros, or 4% of global turnover, whichever is greater.
Desperately seeking security staff - and solutions
Recognising the benefits of implementing more stringent protection measures is one thing; mustering the expertise and resources to convert resolution into action quite another.
A severe shortage of security professionals, both in Australia and New Zealand, can make finding and retaining qualified and experienced employees a challenge, particularly for small and medium-sized enterprises which lack the deep pockets necessary to pay premium rates.
The Australian Cyber Security Growth Network (Aust Cyber) believes Australia’s talent shortage is among the worst in the developed world. It predicts the country will need around 11,000 additional security professionals to meet demand over the next decade.
Meanwhile, the rise of smart devices and mobile work practices have ushered in a host of security challenges which were unknown to enterprises a decade or two ago.
Cybersecurity strategies to protect the perimeter have been superseded by the realisation that the perimeter in its traditional incarnation no longer exists. Instead, effective enterprise protection now means locking down every laptop, smartphone and device which connects to the network.
These are challenges which trusted security resellers are well positioned to solve for their customers.
The case for outsourcing
Market research suggests companies have a growing appetite for buying managed security services, rather than tools and solutions alone.
The market for managed security services has been growing at a compound annual rate of 14.8% since 2015 and this is expected to continue unabated until 2020. By that time, around 40% of cyber-security customers are expected to be directly influenced by, or have a relationship with, a managed security services provider.
For resellers, the trend represents a potentially profitable opportunity to diversify beyond their traditional product and value-added services offerings.
Selling services smartly
Diversifying into the security-as-a-service space calls for careful planning and resellers should have a thorough understanding of the costs involved before entering the market.
Direct costs, such as platform procurement, human resources and infrastructure, may be easy enough to quantify but there are a number of indirect costs – both upfront and ongoing – which can be easy to overlook. They include customisation time, the costs associated with marketing, sustaining and scaling the service, reporting and logging activities and ensuring the security of the platform itself.
Service Level Agreements are the backbone of every managed services contract. It’s vital the benchmarks specified are consistent with the capacity of the selected platform. Promising security and availability levels which can’t be delivered upon can lead to contractual difficulties and damage to customer relationships.
Choosing a scalable platform will ensure customers of all sizes can be onboarded without delay, regardless of whether they’ve chosen a pure as-a-service security option or want to implement a hybrid model incorporating existing products.
Embracing the opportunity
The rapid rise of cloud computing has seen a range of as-a-service offerings move into the mainstream. Today’s business customers are knowledgeable and enthusiastic about an infrastructure model whereby an array of IT assets and services are subscribed to rather than owned.
A well-planned move into managed service provision can represent an opportunity for security resellers to increase their profitability and market share and provide customers with a one-stop security shop option.