The problem with selling security

It's worrying to think that of the three interested parties in the security technology market—the technology makers, the technology sellers and the technology users—not everyone shares a common view on the importance of the technology.

As attacks seem to proliferate almost unabated, it’s worrying to think that of the three interested parties in the security technology market—the technology makers, the technology sellers and the technology users—not everyone  shares a common view on the importance of the technology per se.

In fact it can be argued strongly that there is a marked discontinuity between those who sell security technology and those who buy who feel in a lot of cases that they are poorly served by the channel.

Over the last few years the security technology market has not changed much: there have been, and still are, worms, viruses, breaches, holes in products and their vendors’ failure to fix them. Something else hasn’t changed either: the way in which security technology is sold and bought.

Stephen Bacon, veteran VAR and founder of one of the UK’s leading Internet security resellers NetConnect believes that the industry has actually “lost the plot”. He argues that the typical sales pitch these days is characterised by “green behind the ears salespeople who really don’t understand what they are selling and are probably selling to customers who don’t understand what they are buying. Customers get the suppliers they deserve and this has been proven true over and over again.”

Even though many in the channel could complain of frustration in dealing with end users who don’t typically appreciate just how complex security technology is and how difficult is actually is to put together a robust and reliable security infrastructure, user’s and others believes that the customers’ needs aren’t being met by a channel whose standing is not great.

Bacon offers his view: “People buy largely from a VAR community that doesn’t have the reputation of quality of service nor [in] training its staff particularly well and doesn’t justify real value for money.”

Both end users and the channel seem to be pointing the finger clearly at the technology vendors whose products are seen as too complex and too fragmented. As the vendors increase selling security products through the channel, margins are slipping and resellers’ time is mostly spent mostly hitting sales targets and not in the necessary education and understanding of the technology. Furthermore, users find increasing problems from the integration of the various complex elements that typically make up a reliable security infrastructure.

There is clear evidence that users are looking to work with less fragmented and complex solutions from fewer vendors, a point accepted by Computer Associates’ divisional VP of security strategy Simon Perry. He comments: “A typical company these days wants to reduce the number of vendors; people may want to take 20 supplier vendors down to five or six or from five or six to two.”

What won’t happen is that one vendor’s products would be able to everything, even a company of the calibre of CA. Says Perry: “that’s never going to happen. We live in a world of competition and people think there some products [do different things better].”

Perry insists that integration of a few products offers up god opportunities for the VAR who gets the message about training and education.  “There’s been a lot of progress in [dealer] education over the last 12 months and the maturity of the channel to that idea two years ago wasn’t there,” he says.

The need for robust security grows daily but preventing the channel realising this demand is poor end user buying experience. It’s a vicious circle; VARs will only sell to users more effectively if they get time from the vendors to do so, but this won’t happen if the incessant demand to hit targets isn’t changed. 

The bottom line, literally and metaphorically, is that a great opportunity could easily be lost.

Read more on IT risk management