Opinion: Microsoft's security plans for Vista are causing anxiety in the channel, but rather than worry, solution providers should make plans.At no time in recent memory has there been so much angst and agita among solution providers that specialize in security than today. What's driving all that antsy behavior isn't so much the advent of a more secure Vista operating system from Microsoft, but rather a whole host of issues that begins with the question of what will they sell on top of Vista if customers determine the basic security tools provided by Microsoft are good enough to get the job done.
In fact, when you peel it all back, there are 10 good reasons why just about every security partner today is rethinking its product lineup for 2007:
1. The first thing that becomes apparent to every solution provider serving this market is every vendor in it is expanding its portfolio to provide a full range of products either by buying technology, building it or partnering with somebody else to get it. This means increasingly there will be fewer niche security vendors, so solution provider partners are going to have to rethink their lineups as the overlap among vendor product sets becomes a lot more pronounced than it is today. Just take a look around at all the vendors offering anti-virus components to see how this issue is going to play out across multiple security product categories.
2. With customers becoming more concerned about ongoing security costs, a lot of them are looking for remote management services that lower their costs. That should be a boon for solution providers except for the fact that companies such as IBM and Symantec have managed security services of their own that leave many potential partners wondering why they should resell the products of their services competitor. RSA, for example, has gained a lot of points for creating programs that aid and compensate managed service providers without RSA having to develop its own service. Of course, with the acquisition of RSA by EMC pending, it's hard to say RSA will remain a model channel citizen completely, but for now the vendor seems to be picking up a lot of fans in the channel.
3. Margins on license renewal are becoming a sore point as companies such as Webroot and SurfControl move to provide their partners 100 percent of their normal new product sale margins on license renewals, which is a lot higher than the single digit margins they get on renewals from Symantec and McAfee.
4. A lot of customers and solution providers are looking for security platforms packaged with all the functions they need as add-on services. For example, Fortinet offers a full range of security products that share a common platform that helps reduce deployment and management costs. For solution providers, the better integrated platform usually translates into lower support costs and healthier bottom lines.
5. There's a lot of talk about in-depth security strategies in which most of the time people are talking about layers of security from the edge of the perimeter all the way back to the data in the data center. But another interpretation of that strategy says that customers need security products from at least two vendors because you don't want to bet your entire security strategy on a single point of vendor failure. This in turn is pushing security solution providers to line up behind at least two primary security vendors that they can then lean toward depending on which way the wind blows.
6. There's a desire in the channel to go with only one vendor per category because ultimately the costs associated with being fully qualified in two vendor programs can be high. But as margins in the security space continue to erode, which can only be accelerated by the expanded presence of Microsoft and Cisco, a lot of partners are starting to question whether larger security companies such as Symantec and McAfee, in addition to Cisco and Microsoft, are over-distributed.
7. Although it's unlikely that McAfee will change its route to market any time soon, the fact that the entire senior management team of the company that drove the switch from direct to indirect sales has been wiped out is giving people cause for pause no matter how you spin it.
8. A lot of the focus on security in the coming months is going to move away from dealing with relatively routine threats to focusing more on attacks driven by criminal entities that are blending malware with tools capable of finding specific types of files containing highly sensitive data. This rising crime epidemic has caught the attention of companies such as Panda Software and Websense, more so than a lot of the major vendors in that space.
9. As we go forward, the ability to establish reputation and confirmed levels of compliance with regulations in order to stop leakage of intellectual property is going to be a lot more important to end customers. These are two areas in which companies such as IronPort and PortAuthority have emerged as thought leaders ahead of the major players in this space, which means the opportunity to earn high margins on products that customers need today is pretty high.
10. While there is a lot of opportunity in the security space, a lot of people are just as intrigued by whether Symantec, EMC and IBM will ultimately be right about the convergence of security and storage. If they are, then the time to get on that bandwagon may be now rather than when everybody else ultimately figures it out.
By far and away security today is the single most vibrant part of the channel in terms of both customer interest and politics. How this all plays out will differ of course from solution provider to solution provider, but if you're not thinking about these issues today in your strategic planning sessions, chances are pretty good you will be kicking yourself this time next year.
Michael Vizard is editorial director of Ziff Davis Media's Enterprise Technology group. He can be reached at michael_vizard@ziffdavis.com.
(Sponsor)
(Sponsor)
(Sponsor)
Commentary 
