CompTIA’s research projects are often aligned with our member communities. From cloud to managed services to Millennials, we explore a range of topics and bring our findings into the communities to help drive their discussions forward. This year, the IT Security Community came in with a very specific request: understanding the technologies and services offered by channel firms who specialize in security.
Since most of our previous security research has been end-user focused, it sounded like a good opportunity to dig deeper in a specific area. In the study that launched earlier this year, we restricted responses to Managed Security Service Providers (MSSPs) and Managed Service Providers (MSPs) with a strong focus on security. The results were…interesting, to say the least.
The purpose behind gathering portfolio information was to understand which technologies—especially newer technologies—were gaining traction. At first glance, the answer to that question is: all of them. Each technology or service in the survey was featured in over half of the portfolios of the responding companies.
To really understand the landscape, though, it’s probably worthwhile to ask what exactly is meant by “offer.” Fifty-five percent of the companies in the survey had fewer than 50 employees, and 88% had fewer than 100 employees. After removing overhead (especially at the larger firms), it seems unlikely that a broad range of technology products could be fully supported by a limited technical team. Similarly, it would be difficult for a small team to be experts in the regulatory environment while also providing robust education or performing thorough audits.
This isn’t meant to cast aspersions on channel firms who are trying to be the source for whatever their customers need. One definition of “offer” could mean that Firm A specializes in firewalls and then partners with Firm B for a DLP solution. Or a partner firm feels that they can tap into a vendor’s broad portfolio when the need arises.
However, the connection to customer needs brings to mind another definition debate from the recent past. The early discussion in CompTIA’s Cloud Community revolved heavily around the definition of cloud. CompTIA research, along with the standard NIST definition, helped craft a set of characteristics that would distinguish a cloud offering from a hosted offering. Ultimately, an exact definition seemed to be less critical as many firms are providing value to customers who do not currently need the cutting edge.
The key word there is “currently.” If a customer suddenly starts asking for greater elasticity in their computing, a provider’s hosted setup may not fit the bill. And if a customer experiences data loss and finds themselves in the market for a DLP solution, they may be looking for a certain level of expertise right away.
The data on revenue and volume of security solutions suggests that most channel firms have a subset of offerings that drive the most activity. Firewalls and antivirus tools are at the top, followed by the newer technologies, with more complex services bringing up the rear. That situation meets with expectations—as our end user research shows, customers are still discovering exactly how to build a modern security posture, and channel firms will spend their energy on the solutions that clients need today.
The challenge is figuring out how to be prepared for what customers need tomorrow. The community meeting at AMM started this conversation—how do channel firms build the expertise they need (either internally or through partnering), and how do they educate customers on the types of defenses and practices they should be adopting? Without a doubt, security is becoming one of the most critical topics in IT as companies transform into digital organizations. Channel firms today may not have everything they need to build comprehensive solutions, but they are well positioned to build on their existing foundation and play a key role in the technology-driven business of the future.
Seth Robinson is CompTIA’s senior director of technology analysis.