Cisco’s 2016 Annual Security Report combines responses from 2,400 enterprise security pros across 12 countries with perspectives from experts in the company’s security research group. Given the visibility Cisco enjoys into what’s flowing across customer and carrier networks, the report is a good read. The news is also good for channel partners, says John Growdon, Cisco’s senior director, channels business development for security.
For example, only 45 percent of respondents worldwide are confident in their security postures, yet 92 percent say that regulators and investors (and top-level execs) will expect them to manage cybersecurity risk exposure. Even if you accept that the 45 percent are justified in their confidence – a real leap given the sophistication of cybercriminals – that leaves plenty of customers that know they need help.
Over the past few years, Cisco has invested heavily in security, both internally and through acquisitions.
“As the nature of attacks become more sophisticated, customers are having to deploy more sophisticated means to protect their assets," says Growdon. “These creative threats must be addressed with an end-to-end approach."
The message is that partners should let Cisco handle integration. A best-of-breed approach is too much work, and the resulting infrastructure is complex and difficult to manage. Growden adds that more profits are a side benefit of a unified security solution.
“We are witnessing a growth of startups to address specific threats, but this makes it very challenging for partners to represent and manage multiple vendors," he says. “Partners’ product proficiency can’t scale to offer multiple point security products, and economically, this model won’t drive profitability."
That depends on the partner. Managed security and professional integration services can be lucrative, and there are plenty of really innovative security startups with strong channel programs. Still, taking advantage depends on being able to find, and afford to hire, the technical expertise to vet and integrate a portfolio of security point products versus having employees gain certifications in Cisco’s unified suite. And, those portfolios are getting fatter every year as the industry and regulators pile on new must-haves, like DDoS protection and DNS security.
That’s a particular problem for SMBs, and they’re looking for help — the number of smaller shops employing security outsourcing is up to 23 percent in 2015 from 14 percent the previous year.
Growden says Cisco’s product line still offers consultative opportunities and that partners shouldn’t wait too long to decide on an approach.
“Customers are demanding protection of their network and data center infrastructure end to end," he says. “Security provides a significant opportunity for channel partners to expand their existing data center and network infrastructure practices … partners investing in security personnel expertise, and building their security competencies, can differentiate themselves ...