Why GDPR spells a channel opportunity

To hear everyone talk, it seems like the channel has yet another way to spell opportunity. And the new way is “GDPR”.

David Ellis, director of security solutions at Tech Data Europe, describes it as an opportunity for partners “to build a trusted relationship with customers by establishing themselves as industry leaders and helping customers on their journey to compliance”.

Ian Kilpatrick, EVP for Cyber Security at Nuvias, describes it as “a huge opportunity, over the next 12 to 24 months”, while James Pittick, director of B2B indirect sales at Canon UK, calls on the channel to “act quickly and decisively to make the most of the opportunities that GDPR presents. The clock is ticking but, looking at the readiness of some businesses today, it’s not too late for the channel to swoop in and be the hero”.

John Andrews, EMEA channel director at Centrify, makes an interesting point that GDPR differs from other legislative roll-outs because it is much less specific. “There is very little mention of specific technology, rather it suggests and proposes the concept of “best practice” and “state of the art”, which opens the door to any good consultative approach-based partner to show their true value.”

Partners can propose “mature, platform-based, multi technology/vendor solutions in order to address the full spectrum of security and infrastructure requirements for the customer. The concept of bundling multiple technologies and vendors together in a single solution is not new, but the possibility that legal doctrine would mandate that as a validated approach certainly is”.

He also views it as an opportunity for the channel “to at last show value”, erase the perception of point product sales and be elevated “to a higher, more advanced level by proposing integrated and complex solutions, together with consultancy and delivery services to throw real credibility behind their organisation”.

Chris Hodson, EMEA CISO at Zscaler, agrees that GDPR is “big business for the channel” but warns against “silver bullet selling” by those claiming a solution “will provide a failsafe way to address GDPR”.

If partners want to make the most of the GDPR opportunity they need to make sure that their own business “has its house in order and is ready for the new regulations”, says Phil Heap, product and services director at Crayon Group. “Customers will be extremely insistent that they are dealing with partners who are compliant, as this will reinforce their own commitment to data protection, privacy and security.”

George Parapadakis, director of business solutions strategy at Alfresco, suggests channel partnerships will “become critical” with GDPR. “Layered responsibility throughout the infrastructure stack means that channel partners must complement, rather than work against, each other. Here, it pays to have clear and delineated responsibilities so all partners are on the same page and the user is protected from potentially being in breach of GDPR regulation”.

Petter Nordwall, director of product management for data protection at Sophos, makes the point that larger businesses “are well on their way” to compliance but many smaller businesses are “either feeling overwhelmed, or they haven’t quite managed to get themselves started on their GDPR journey just yet”. This means there are still opportunities for the channel up to - and beyond - next month’s deadline.

Dr Guy Bunker, SVP of products at Clearswift, says partners can help many SMEs by putting a compliance initiative in place. The intriguing aspect is that of the three pieces – people, process and technology – “technology comes last, not first” because it enforces the policies and processes and protects the people. “The channel, with its experience from other customers, can help prioritise where the work needs to begin by mapping out where technology is useful, and where process or policies need to be updated or introduced,” he states.

Hodson at Zscaler agrees that “the challenge is not exclusively a technical one” because GDPR is focused on businesses understanding their information, where it came from, how it was obtained and ensuring it stays accurate and up-to-date. This means it is “largely becoming the channel’s responsibility to help organisations differentiate between why and where information has been obtained, as well as guiding them on the right technology to invest in”.

Compliance is the major focus for the customers and prospects for Okta, according to director of field alliances, Nick Miles, but he agrees with Hodson that “there isn’t a silver bullet. Adopting one technology solution won’t do the trick, but an amalgamation of technologies, including identity-driven security solutions, may increase businesses security posture in general”.

GDPR will give channel partners “a real opportunity to sell multiple services into clients, be that consultancy services or software packages and solutions”, according to Richard Marsh, CEO at CIS. He reveals that Gap Analysis services have generated “huge opportunities” for CIS, adding that “for businesses like ours, who develop long term client relationships through understanding the client and identifying what they really need, this is an opportunity-rich time”.

By contrast, box shifters or product sellers “will continue to provide the answer to everyone’s problems with one install and in reality deliver little. Our message to clients is always to talk to a consultant and not a product specialist, as there is no product that will deliver compliance”.

He predicts that consultants will do well and “the product shifters will do what they always do. But regardless of who you are, the opportunity is still very much alive, and will continue to be for a good 18 months or more”.

Marc Sollars, CTO at Teneo,  accuses business consultants of having used GDPR compliance as “a crude sales tactic”, leaving many UK businesses “apathetic about the regulation’s real implications”. He argues this creates an opportunity for channel providers to “provide practical support to their customers by helping them understand the main steps towards compliance like potential risks surrounding personal data they hold, the full extent of their current data processes and how these elements need amending to help engineer compliance over time”.

And if channel partners prove their value to customers over GDPR compliance, it enhances their credibility into the future. As Andrews at Centrify puts it: “If done correctly, based around a planned and methodical maturity model addressing compliance with intent to best secure against breach, and then, in the worst case, to have a best practice for reporting and remediation, I sincerely doubt any customer would argue with giving the partner their due cut on sales in future.”