The legacy information security Value Added Resellers (VARs) are really struggling with showing their true value. And that’s a really good thing. Let’s explore where they are failing…and why. And, of course, why their market correction will ultimately bring about a better information security landscape for everyone.
VARs are Pushing Tin
The vast majority of all VARs out there were built on the business model of selling hardware and software. Sell! That’s wat they do. To them, every problem is nail and every solution is a hammer. And boy-oh-boy do they ever have a lot of hammers to sell you. Big ones. Small ones. “Next Generation” ones. Well, you get the idea.
But as the security world migrates to the much more capable cloud platforms, the demand for legacy IT hardware and software widgets is drying up. So their sales teams are having less success with each passing day at coming back in after 18 months or so from the last hardware upgrade to start preparing you to upgrade to the newest hardware model out there. They can’t refresh hardware and software when it isn’t there, right?
Maximizing Activity – The Hours Added Reseller
When it comes to professional services, the legacy VARs want to maximize their billable hours. They want to do in 20 hours what could be done in 4. Or take 10 steps for what could be done even better in 2.
Don’t believe me? Go to events where business leaders mingle and there you will absolutely run into recruiters and staffing agencies. Then ask them what’s the minimum amount of time they will place someone on a contract and they will say they always prefer long-term contracts, but sometimes go as low as 60 days or so. Hey, they’re not stupid. They know that those in need of information security butts in the seat are just about desperate enough to sign someone up for a longer term than is actually needed. And why not? When the work is done, the odds are pretty good there will be more work waiting that could fill that block of hours. So, just like the security VARs themselves, it’s all about hours. Nothing but hours.
With their backs up against a wall they may sell ‘fixed fee’, but that’s all back of the napkin math and best guess as to what they can get away with. Unless they did a full value assessment and can make a proposal that would stand up to the scrutiny of the CEO or board, it’s not adding any value. And no sales person at the legacy VAR ranks is going to put in that up-front investment, even if they knew how. They operate at the path of least resistance and, with opportunities dwindling, are in a race to sell widgets and hours as fast as possible.
The smaller guys are now in the driver’s seat. Companies such as ZecurityAscent were founded to find your value first and foremost. So in this way, both the new VARs and their customers benefit quite nicely. This is the very essence of true partners and the trusted advisor relationship.
While it can certainly be argued by the big legacy VARs that the smaller goes don’t have the breadth of services, which is very much true, it’s a silly argument to make. The reality is that the new breed of agile, value-driven, born-in-the-cloud, top security consultants are networked to succeed. Rather than having a wide team of often mediocre security staffers sitting around waiting on the sales guy to find them a ton of hourly billable work, they are each top experts in their own rights and have no problem with referring work to a colleague in a partner consulting firm, knowing that they, too, will bring the value!
And why is this doubly true? Because Entrepreneurs build value in the world. So if you want to know how to find and build value for your own enterprise cloud security needs, maybe partner with someone who lives it each and every day.
The hard truth is that the security pros you really want and need are seldom the ones being sold to you by the legacy security VAR. Not at all. The ones you are after are the ones you will find through your own referrals. Or the ones that the new value leaders, such as ZecurityAscent, can bring in on their own referral. They are not always as easy to find as the old box pushing VARs. But that’s because they are like finding gold or diamonds.
How to Filter the Noisy VARs
Taking everything I said here into consideration, here’s what I recommend to quickly weed out the VARs that aren’t (VARs):
Focus on Results, not Activity
The right consulting firm will only, ever, focus on improving your condition. Drastically improving your condition. No executive gets paid for how much activity he/she does (number of meeting or phone calls). Clearly the amount of hours suggested to complete a task is a silly metric. What’s the total value to your business? What’s the cost of doing nothing? And when can the results be realized? These are just some of the questions that drive quantifiable success.
- Get a Better Deal ElsewhereWhile my consulting firm, ZecurityAscent, does resell a few cloud services, I’m always happy to let that piece go to another reseller. After all, it’s my mission to bring the most value and get my customer in a far better place than when I started. So if that means giving up that 3rd party offering, so be it. The reason I resell them in the first place is (a) because I believe so passionately about their impact, (b) because the majority of customers do actually prefer to bundle true value services and the tools together, and (c) because it brings conversations about the specialized services I offer into clear focus. So if the legacy VAR wants to keep going back and forth over negotiating the price, then they clearly aren’t adding value. Again, this is how true partners treat each other.
See what they can do for the “cloud first” organization
Legacy VARs want to sell hardware and software in every deal. That’s their DNA. It’s what they know more than anything else. Often times, it’s all they know. So when you say you are becoming a “cloud first” organization, it gets interesting. Here is where the conversations about “hybrid cloud” and such creep in, hoping to keep you in that CapEx spend just one — more — time. And will that security appliance still be of the same or greater value by the time it’s depreciated. Most likely not. But they don’t care. Their goal is to sell you what their executives put on their very large menu, expecting that with so much to offer you will surely buy something. And you surely would have in the past. But as we all now know, the cloud is changing everything.