Intel Security’s Steranka: ‘You Need to Walk a Mile in Partners’ Shoes

Intel Securiity McAfee logo

Lorna GareyRichard Steranka, VP of Intel Security’s global channel operations, briefed Channel Partners at the company’s recent partner summit on changes to the company’s portfolio and partner program strategy. Steranka, who also serves as head of global channel operations for Intel Corp., has been on the job for less than a year; readers may recognize him from his stint as VP of Avaya’s worldwide partner organization or the 19 years he spent on Cisco’s sales, channels, marketing and ops teams.

One current focus: Ensure Intel Security recognizes smaller partners that demonstrate commitment to the company’s new platform approach.

Intel Security's Richard Steranka“The overall partner program has been through an evolution,” said Steranka. “It was a very centric around what I like to refer to as the ‘volume model.’ It recognized partners based on their annual bookings. So the big are always big.” As a result, he says, up-and-coming, innovative partners have a tough time getting to the top level: “They never get the resources,” he said.

To fix that, Steranka announced a shift to a competency-based – what he refers to as “value” – model in November at the company’s FOCUS conference.

“We have been on a methodical evolution from that point forward,” he said, while also working to streamline the channel program and add enablement tools.

As for product, Intel Security is among the top two market share leaders for endpoint protection, and Steranka says the company has the top spot in its sights, and it’s looking to replicate that dominance across all the security products on offer. To get there, he’s betting on a platform approach, where the Intel Security Innovation Alliance, or SIA, program signs up supplier partners and integrates the solutions using an open data exchange layer.{ad}

The company serves 62 percent of the Global 2000 and announced a record quarter in Q1 2016 across all regions and units. Web, server and data-protection sales were up around 30 percent each, while sales of advanced threat-detection technology jumped more than 200 percent.

Channel Partners: Give us an overview of your partner program and product philosophy.

Richard Steranka: In terms of the overall channel mix, we’re 90-plus percent. And I use that because, quarter by quarter, it will vary a little bit. In my three quarters here, it’s been as high as 93 [percent] and never lower than 90 [percent]. We are, by all accounts, a channel-centric company.

We’re also on a transition path to a platform. It’s not here today, per se, in all elements, all aspects. The end vision hasn’t been realized. We’re probably 18 to 24 months away. The partners have to continue to make money while we’re …


… changing out our products, but they also have to prepare and equip themselves to capture opportunities that the new platform will create.

That’s the challenge right now. We’re making changes to the program. We’re trying to take a balanced approach where it won’t impact their current profitability and financials, but moves them in the right direction in being able to leverage the assets that we’re creating in the future.

CP:Intel Security says its sweet spot is the Global 2000. But do you have multitenancy and service offerings geared to smaller customers?

RS: I will clarify one thing: We talk a lot about the Global 2000 because it’s easy, it’s an identifiable customer segment. But we do a lot of business in other segments, especially in the commercial marketplace. In fact, in that space – what’s called “Global 2001 on down” – we are growing in double-digits.

Our technology is oriented for larger, more complex organizations. So you’re not going to see us down in the SMB space competing with vendors who do very-small-business solutions. But those customers are not in a great position to take technology and deploy and manage it themselves, and they’re going to be prime targets for managed services. We’re finding more and more partners interested in adding security onto other services that they’re providing to their customers, whether it be websites, hosted Exchange and email, obviously what’s going on with Microsoft Office 365. All of those need to be secured. So we’re finding it’s not a lead-in with security into the SMB space but attaching security to other offers that they’re already procuring as cloud.

CP: Security has to be part of every sale.

RS: I would say that managed services are going to be heavily proliferated into the midmarket. Again, it’s the old concept of core versus context. What does the company want to do? Do they want to put their resources into building a highly secure IT infrastructure, or designing and marketing and selling and supporting their core product, which maybe has nothing to do with IT?

CP: You work with Ingram and Tech Data. Other distributors?

RS: In North America, Ingram; Tech Data; Synnex, who’s just recently come on board with us; and Arrow, which acquired a federal-specific partner, Immix, maybe about a year ago.

CP: What percentage of sales are as-a-service versus product? Are sales moving to digital services?

RS: There are different ways to slice that, and we try not to put things into firm buckets because it’s a lot more gray. There are a couple of elements here. One is, does the customer want to procure in an OpEx-oriented business model? It could be SaaS, but we can also sell them software or hardware and let them pay for it on a monthly basis.

Then the next question is, …


… “OK, whether I own it or I don’t, do you want to manage it for me?”

We have a lot of customers who buy certain products but want it managed by a third party, often in the cloud. For others it’s, “No, I don’t want to own it.” And there are a lot of various combinations and mixes. It isn’t one uniform decision. Once a customer decides on a business model, do they say, “OK, every element of my security infrastructure is now going to be the same way”? Not at all.

Endpoint, the preference is still to actually own the endpoint software, buy it perpetual, but have it managed outside. We get some that don’t want to buy it, want to pay for it as complete service, and then they find how to meter it, whether it’s based on users or other SLAs.

I think the key moving forward is to be flexible with our commercial models. If we offer all possibilities, all permutations, chances are we have the building blocks to put a customized solution together for the customer, and we want to enable partners to do that. Our managed security service provider partners have access to our MSSP SKUs. They can sell as-a-service today, but surprisingly, most of them still sell a lot perpetual software and then manage it.

CP:Customers like to have that box on the shelf.

RS: I mean, there are pros and cons. It’s a long discussion. But anyone who’s rented anything for a while realizes, eventually you pay more. It would have been better to buy it in the first place. But it’s a function of other things. If a product changes a lot, and you have to buy another version of it later … so you’ve got to do the Cost 101.

We’re creating tools to enable our partners to show customers where the best economic benefit is in terms of how they procure.

CP: Antivirus products are, let’s face it, not all that useful — they just check compliance boxes. Do you see any pushback from customers saying, “Why are we paying for this?”

RS: I think that is happening. With AV, it’s actually taking a turn: AV is falling into the category of “don’t need it anymore.” That is, “Hey look, you’re chasing stuff that’s the past. You’re looking in the rearview mirror.” But that technology is changing rapidly. The challenge has always been, if I detect a threat that’s occurring, either through the network, through the Web, or even a single endpoint, how quickly can I propagate that threat intelligence to the other elements of my security architecture?

That changes the endpoint game. When your endpoints can be dynamically updated in real time within seconds of detecting a threat, you’ve changed the value of antivirus.

You’ve heard a common message: You are going to get breached. To try to predict what the next new, novel way of infiltrating a company is going to be, it’s useless. You’re never …


… going to be able to do it. But if you can respond quickly, and if you can identify and detect right away, then you can move to correct right away. I think that’s where the game is moving to. It’s remediation as fast as possible and minimizing loss. There have been multiple occurrences of breaches that occurred days, if not months, in advance of any true damage or data exfiltration.

CP: So you say you have the No. 1 security vendor position in sight. How close are you and how are your partners going to get you there?

RS: When it comes to endpoint, we’re one and two with the other guys. At one point, I think we crossed into No. 1. We’re internally looking at what would it take, how many customers would we need? I’d love to go to our partners and say, “If you could just do 10 more wins, we’d probably get there.”

I don’t have the exact numbers with me, but our overall goal with the architecture is to be No. 1 or No. 2 in every product category we’re in. And that’s a reflection of how much traction and customer buy-in the architecture and the platform [are] getting.

CP: Another goal is to remove complexity from the channel program. How are you doing with that?

RS: We just completed our partner survey, and I was very surprised to see the ease-of-doing-business parameter actually increase in terms of our partner score, our partner satisfaction. So that’s good news. We have more work to do. And I would say anyone who’s in channels that ever thinks they’re all set on ease of doing business isn’t in touch with what their partners actually go through.

You need to walk a mile in the partner’s shoes, as they say. There are so many elements. We track everything from how a partner is trained and developing competencies through how they’re rewarded with our channel programs to how they actually conduct commerce. How do they place orders? How is quoting getting done? We’re looking at it across all three of those spectrums.

We’ve done some things for training also. As an example, we mandated early on that partners had to do so many training credits, and what we heard was, “I’ve got the same people taking the exact same training courses just so they can complete your requirement. No value perceived for me at all, but I’ll do it because I have to.”

We eliminated that requirement and moved to a training-is-optional approach. It’s all online. It’s all free. The testing is online. It’s free. But you have to, through our system, prove that you can pass the test. And that’s a value to partners because they need a vehicle by which to confirm that their staff has the right competencies, because they’re representing their brand now in front of customers, and the last thing they want is someone saying, “I’m trying to sell you a product, but I actually don’t know much about it.”

A major element of our Salesforce deployment [Intel Security has a partner-facing Salesforce rollout in progress] is making it easier for partners to interact with us — things like single sign-on, tying into the systems. Eventually we will roll out a PRM system that gives even better visibility to where partners stand in terms of some of their …


… performance rewards.

Finally, our distributor partners are putting in, basically, B2B interfaces, where we can actually do more of the work before a problem occurs, things like quote validation, where a partner can press a button to validate a quote.

These projects are on our IT horizon. The good news is we’ve already gotten better, but there’s more room to grow.

CP:Distributors really are flexing their muscles.

RS: They’re branching out. I mean, SaaS aggregation is something that most got into quite some time ago. All of our distributor partners are doing it. And now with professional services, the acquisitions that some of the distributors here in the U.S. have made, they’re clearly stepping outside of what would be the traditional time and place, and I think, recognizing what their customers – the resellers, the VARs, the SIs – are looking for and complementing as opposed to competing.

And they see security as a big opportunity for services, which we do as well, so we’re very aligned on that front.

CP:A lot of our readers are at a crossroads and looking at adding a security or cloud practice — offerings that can be delivered as services a lot of the time. They’re going to have to make an investment to get there. Why is security the place to go?

RS: The networking group, which has been another part of my background, they’ve been in security for a while, but very network-centric security: firewalls, intrusion detection and prevention. The communications VARs have actually, for the most part, morphed into providing more application integration, perhaps with contact center being one of the more advanced cases of that.

Contact centers are very elaborate, complicated environments, and there’s huge money there.

CP:It’s a great entry point.

RS: There a lot of agents working from home these days. What’s happening with that agent platform when it is in the house? Nobody’s really going to hack your telephone, although it’s probably been done before. But to begin to hack a contact center and to actually take a contact center down?

You can imagine a new ransomware ploy taking down Bank of America’s contact center, where everybody phoning in can’t get a dial tone. There’s probably somebody dreaming that up right now.

Those companies who’ve made that transition, added [contact center] into their portfolios, picked up apps, started carrying more Microsoft products, they recognize: “Now we’ve created some environments where there are security exposures.”

Partners that I worked with in the past are very interested in the question, “What do we need to do to begin to secure those?” Contact centers tend to operate as standalone, siloed infrastructures because they’re so critical to a business. They’re not that different from IoT. The idea is, “Keep this isolated. I’m not actually trying to stay at current release, as long as it works.” It’s the old classic: If it’s not broke, don’t fix it. So they keep them very isolated, but again, where big data plays, and IoT, it plays in areas like contact centers. So you’re finding they’re getting connected into more and more aspects of the business, and as a result, more exposures are potentially there.

Do you agree with Intel Security’s platform approach? Let me know, either in comments or direct. Follow executive editor @LornaGarey on Twitter.

Leave a comment

Your email address will not be published. Required fields are marked *

The ID is: 50434