Tips for selling security

Understanding a customer's needs is key to making an expedient security pitch. Amro Gebreel looks at the opportunities for resellers in this fast-moving market

Selling security tools has always been seen as a stable business, with demand remaining fairly constant as customers...

try to protect themselves from the ever-evolving cyber threats that lie in wait for them on the internet or hidden in attachments and downloads.

But in a world where the threats have become more complex, everyone has become a target - not just enterprises - and staff want to be more flexible than ever before, working out what to pitch is a challenge.

There are many options for resellers to choose from when developing a comprehensive and advanced security pitch, and some of the solutions chime in with megatrends such as bring your own device (BYOD), making it a very good time to be striking up a conversation about security.

Securing consumer IT

BYOD is considered a good starting point, because there is currently real momentum in the market as more customers embrace IT consumerisation and allow staff to use their own mobile devices for business.

Keith Ricketts, marketing director at Becrypt, says the new megatrends such as virtualisation, cloud and mobility, including BYOD, are providing the perfect opportunity for resellers to open up new conversations with their clients about security.

"In each case, it is often the end point that is the most vulnerable point, and therefore represents the greatest risk of loss or compromise of data, and so needs protection. There are many good security solutions available that address the needs of different industries or markets," he says.

"The good news for resellers is that customers want choice, not just one flavour. If I could compare the security market to wine, I don't ever see a day where the market will only demand California reds. The products to be pitching, therefore, are those that meet the client's needs," adds Ricketts.

"While selecting the right product to meet your customer's requirements is important, key to any robust security solution is the way in which products are deployed. Therefore, as well as supplying the security products, resellers should also look to provide specialist consultancy advice and guidance to their customers in implementing security procedures for staff to ensure that they meet requirements and remain fit for purpose," he advises.

Raise awareness of risks

In any BYOD, cloud or virtualisation security pitch, resellers need to start by spelling out just how exposed the customer is to threats. The days when it was just the large banks that had to worry about hackers are long gone.

Selling security: six places to start

Ian Kilpatrick, chairman of Wick Hill Group, details six areas that resellers could start with in selling security.

"Business size doesn't matter - all companies have something which could attract hackers or competitors and which could be lost through a security breach, be it company data or research and development," says Florian Malecki, head of product marketing EMEA at Dell SonicWALL.

"Resellers should remind potential customers of the financial repercussions of data breaches, or loss of services and customer details. They should pitch security as a business enabler," adds Malecki.

"With the rise in BYOD, mobility is shifting from an expense to empowering the business. Effective security enables staff to work remotely and more effectively, thereby increasing productivity. Furthermore, with the rise in social media use in the corporate environment, an effective firewall is necessary. To keep up with competition, businesses need to embrace this consumerisation of IT," says Malecki.

Securing the infrastructure

But before resellers even get to talking about BYOD, it is important to make sure that the existing infrastructure is sound. "As threats evolve to become more agile and complex, it is critical to have the correct security infrastructure in place to detect abnormalities in standard services such as web and email," says Andy Aplin, CTO at Accumuli.

"It is also becoming increasingly important that organisations extend cover for custom services, particularly those providing bespoke business applications. A core security consideration for infrastructure protection should be to choose an application-aware infrastructure that is able to identify and differentiate between known applications with good behaviour and unknown applications displaying rogue behaviour," he says.

Avoid playing the FUD card

The way you sell is also of great importance. It is sensible to spell out the potential risks a business faces and outline some of the potential solutions, but resellers must be wary of just dishing up fear, uncertainty and doubt (FUD).

The security industry is one prone to selling a heavy dose of fear because it is tackling those very concerns. But overplaying the FUD card will not do a reseller any favours in front of a customer.

Quinton Watts, security expert at ESET UK, says the proper approach would be less a case of pitching and more a case of consultative selling. "With something as important as security it is imperative to understand what the user is trying to achieve within the budget they have, understand the real risks, then match their needs to the best solution. An example of this would be to avoid pitching an all-in-one software solution when they only need an endpoint antivirus solution. This would ensure they are not paying for features they do not need and the software is kept light and unobtrusive."

Get that right and the pitch should improve and some of the other concerns, aside from BYOD, cloud and preventing network hacking, can come to the fore.

Compliance a security driver

One of the big concerns in the security market is based around the need for customers in certain sectors to be compliant. As a result, those resellers that have the knowledge to guide customers through the maze of regulations can reap the rewards.

Ross Goodburn, head of channel sales at security and compliance vendor RandomStorm, views the need for customers to stay on the right side of the regulations as a key driver for much security spending.

"The primary driver behind the majority of IT security purchases is compliance, whether that is PCI-DSS for businesses that process card payments, PSN CoCo for the public sector organisations that want to access the cost benefits offered via the Public Service Network and G-Cloud, or the new European Directive on data protection," he says.

"Under the compliance umbrella, businesses not only need to ensure that they have the latest point security solutions - firewalls, IPS/IDS [intrusion prevention and detection systems], anti-virus software and VPNs [virtual private networks] - they also need to regularly monitor their networks against the rising tide of new security threats," says Goodburn.

"This is driving the requirement for proactive vulnerability monitoring and compliance management solutions, penetration testing and regular security health checks. This requirement for ongoing security, rather than just ticking compliance boxes, provides resellers with an opportunity to upsell a range of monitoring and assessment tools, as well as professional security services, to existing and new customers," he adds.

Selling tailored security

Whether the task is securing a BYOD environment, a cloud infrastructure or keeping the latest viruses at bay, there are plenty of options for resellers to talk about.

But the key to any pitch is that security is an issue for every customer, from the one-man-band to the blue chip. No one can afford not to protect their data, and that should mean most doors are open to a security pitch. The clever bit is to make sure that what is pitched meets the user's needs and is done so in a way that enables them to be more flexible, find greater efficiency and to work smarter

Read more on Sales and Customer Management