InfoSec distribution panel: The value of expertise

What would you say are the values of a distributor?

Hayley Roberts: Value is an odd, overused word. The value is very subjective, isn’t it? We’ve used VAD [value-added distributor] for some so many years now, when we’re not just holding stock or just checking credit. Value is changing constantly. It’s about what makes a difference to driving a product through to market and through the reseller channel.

But as distributors, it can be information, it can be customer service, it can be care and attention to detail. In terms of knowing the partner base, there’s a myriad of things that add value where we sit and operate. 

Neil Langridge: There’s an element of business acceleration. We’re there to make a difference. There’s a relatively linear flow down the channel. We’re there to accelerate and amplify – so two plus two equals five.

In terms of the channel, [we’re there] to be able to make it bigger than the sum of its parts. Whether that’s the value-added services or access to the kind of business intelligence we have … [it’s] to make the channel more effective and greater than the sum of its parts. 

Rob Tomlin: I’ve been in this game for 25 years, with most of that time in distribution. Distribution is at the core of what the whole ecosystem brings. We’re here to help all the partners be successful in many different facets – be it helping them to understand what technology they should take to market or helping them to build relationships with the most important vendors – and the startup vendors – in the market. Then it’s just down to doing the basics right for them as well, making sure they can leverage our services, making sure that they’ve got the right credit to do the business they need to. 

In terms of security distribution, what are the additional things that make you different?

Tomlin: What we do in the world of cyber distribution is not traditional distribution like the volume guys at the top. It really is a services technical lead. In the world of cyber, we find the vendors and we bring them to market. We help sales and acceleration services; we all do simple things. But the reality is, with your other types of distributors, they don’t do 24/7, they’re not supporting the critical infrastructure.

Langridge: Getting into cyber security, when customers ask that question, part of our job is to empower our partners to have a more confident cyber security conversation, because it gets scary. It’s easy to say, ‘When’s your Microsoft due for renewal?’ or ‘What’s your approach to zero trust?’ If you’re an account manager for a big partner, you’re used to selling licenses, and you don’t want to ask that question because you don’t know what you’re talking about. But if you have that reassurance behind you, then that really helps.

Cyber security is something that partners might feel they don’t have expertise [in], but if they have that layer of distribution ... it is going to have pre-sales, post-sales, consultancy and training … and it gives them confidence and reassurance to go into the market, ask those questions and find those opportunities, whereas they wouldn’t [without distributors], necessarily, because of the high bar in terms of complexity and risk.

The other element around security is that it must be more nuanced from like a marketing and customer engagement perspective. It’s easy to have a positive conversation around lots of tech clout that is around enablement – you can talk about kind of distributed workflows. [While with] UC and the productivity securities, it’s easy to go straight into negativity, into FUD [fear, uncertainty and doubt]. So, again, distributors can work with partners to help them go to market in a more positive, constructive way.

Roberts: Cyber security is massive. There are so many different areas in it – imagine if you’re a customer that needs something securing, and you kind of know the problem and the solution. So, to all the points that are raised, this is about knowledge. It’s about education, it’s about offering an alternative to what they think they should buy, and it’s about consultative, real-life work that we do with our partners.

But most partners will say they have a security proposition. They might be doing well, but are they really establishing a USP and real expertise and domain expertise in those areas of what their customers know? So, that leads us, in that layer, to do more due diligence. There are hundreds of new cyber products coming to market every year. We have to make sure we are assessing and really getting the knowledge of the tranches of information that will then help our customer base.

You have all talked about the services you deliver, what does that look on the data front? You’re seeing across vendor and partners as well as the threat landscape, so are you actively using that and sharing that data with partners?

Langridge: One of the advantages that distribution has is that we can see up as well as down. We can see what vendors are doing and we can see it across partners as well – lots of different sorts of partners: VARs, MSPs, GSIs, and so on. Being able to get that that scale of intelligence and data and visibility is important. But the key thing that we can do is rather than just purely data – because ‘data for data sake’ doesn’t really do anything – [focus] around business intelligence.

So, what does that mean? We can see trends, but what does that mean for your business? It’s not just about pure data itself, it’s about business intelligence, where we can see gaps in the market for that partner, in terms of vendor stack, in terms of complementary sectors that they might want to go into, and in terms of verticals or organisation sizes. We can quickly provide those insights across that scale in terms of where they can accelerate their business.

Tomlin: One good example is that we do 24/7 support for some of our biggest vendors. Any vendor that I sign, I insist on 24/7 support. If they don’t want us to do that a lot of the time, we don’t want to work with the vendor for anyone.

So, we take in excess of 20,000 support calls a year. Every support call that we take is a sales opportunity. We log all the support calls and go back to [the reseller] monthly, and say, ‘These support calls are for these customers, talk to this customer about their strategy because they’re having a lot of outages on their solution. This is an opportunity for you, and you should see the amount of deal purchases that come through that.’

The deal registrations then become capability for the resellers to show added value. And renewals are ridiculous – with the market we’re in, if you’re not a cyber security specialist, this is the place to be. This market is growing 20% to 30% a year, and renewals continue to be more than 100 [in a] single year. Renewal data is a great sales opportunity, and we give that data monthly to partners. 

Roberts: There are vast amounts of data, and you have to ask what you want it to show you. For vendors, for example, what partners are going to be right for you? What is relevant for partners to take in terms of product? Is the data about just the growth of that vendor, or is it the area in which they operate? Are markets suggesting it’s going to represent certain CAGR percentages?

The value here is understanding what the objectives are from a vendor and a partner point of view. What do you want to get out of the market? How do you want to grow? What areas do you want to grow? And don’t try to boil the ocean. We’re doing as-a-service options now for a lot of our vendors and partners, such as SDR as a service [SDRaaS], which is lead generation.

Each vendor we take on has very different ideas of what they want. Of course, they want growth, but outside of hat metric of growth, what is going to have impact for them? It could be that they want to grow because of being purchased, they want to integrate with other technologies, or they want to be known as a particular expert within a certain area. So, we have to be very careful to listen to them and not just throw loads of stuff at them and then sell to our resellers.

What is the future for distribution?

Tomlin: There are too many vendors, so the reality is you’re going to see vendor consolidation. There’s lots of money now on offer for all these companies to start off. But you think back to the mainstream world of IT, it tends to boil down eventually to less players.  You’ll see more vendor consolidation over time because customers don’t want to have 90 different vendors in their security. 

From a distribution perspective, if you go back five to 10 years ago, security distribution was not mainstream. It was still very much quite new, and everyone was keen to understand it more. But today, security distribution and security channel are now a mainstream task of most VARs [value-added resellers]. It’s probably becoming one of the largest … highest margin earning business of most resellers, and it’s the number one priority of IT directors. I only see high growth for the security and distribution security channel. If I had a pound to invest in the IT, go-to-market channel, then I would invest it all day long in cyber.

Langridge: There’s no doubt that cyber security is of strategic importance for organisations. That’s why InfoSec is busy, and that’s why when you go on the BBC, it has a cyber security section, whereas it probably didn’t five years ago. It is fundamental. And it’s same for partners – in any partner of a decent size, they must have cyber security as part of their portfolio.

Where the value is for us is that, as distributors, we have always evolved, and the partner community and market is becoming more complicated. The buyers are changing as well – you’ve got Gen Z coming through, and we talk about people not picking up the phone or coming to events, but they want to buy digitally. All of that is going to continually evolve and everything [around] partner networks is more complicated. Regarding cyber security, not every partner is going to be able to monitor services, so it needs to be more of a spider’s web ecosystem.

Again, that’s where distribution could come in, because we are in the middle – we are the conduit to help join the dots. We’re building out managed security practices, and we can help offer that where vendors can’t do it themselves, or to compliment what vendors and partners are doing. The value for distribution is being able to put all that together in an effective way.

A partner never has to say no, and a customer can still build that relationship constructively. They can take advantage of the opportunity, but also – from a security perspective – they reduce their risk, because it is complicated. It’s not so great if you get cloud wrong. If you get security wrong, you’re on the front page of the BBC website. So, having that trusted partner where distribution is, and being able to help them join the dots and find the right way of going to market and offering those services, is where we’re a high-growth place, but also a high-value place because of the importance of security.

Roberts: We still can’t remember passwords, guys, and there’s AI [artificial intelligence] coming into the picture, and everything else. Choice is going to be super important because the landscape of threats is continuously changing. We can see a nice swell of products coming in. But it’s then about where you want to focus within cyber, as there are so many different divisions within it.

We specialise in four key areas, and we double down on the products within those. Then we focus on the customer service and the expertise around it. Outside of that, there’s so much more we can do, and it will continuously change. So, to Rob’s point, this is going to be a huge growth market area. We will need to increasingly present the opportunity and education of what products are out there, how best [partners] sell it, and the support in terms of technical expertise.

Do you feel distribution is valued?

Roberts: Everyone’s got a perceived notion of what distribution can do, but it’s changed and evolved so much. Yes, [distribution is valued] for vendors that have experienced it well and for partners that have experienced it. But again, it’s always that education piece. And that’s quite exciting, because if it was the same old conversations, it would just be a benign process. But you’ve got to keep on the front foot. Where we sit is a great opportunity, a great layer. We have so much more to give and to gain from being there.

Langridge: The complexity is helping to emphasise that [value] in terms of the services we offer, in the complexity of the market and in the rapidly changing partner landscape. That increased complexity as we go along will demonstrate the value of distribution. We’re seeing that kind of ecosystem – a complex spider’s web – rather than just linear line. It will increasingly show the value of distribution, because we can touch every single part.

Tomlin: I’ve seen loads of people in the press recently talk about how they don’t want to be known as a distributor. I always think that seems so stupid. They get tainted with old school distribution, which was moving product, selling laptops, selling service, selling mouses and keyboards. What we do is very different because we’re becoming a platform for cyber security. What we do today versus what we’ll do in a couple of years’ time will be very different, so it’s down to ourselves to make people realise that.