Firewall-floggers in FLAMING MESS: Where'd our mystery margin go?

Opinion If you work in the fields of technology distribution, services and resale, you'll surely hear about cloud, mobile, social and virtual more than anything else. However, it is the changing patterns in security spending that are perhaps most dramatically re-shaping our businesses.

Gone are the good old days of pushing traditional endpoint security licences for homogenous Wintel environments – resellers and distributors now need to adapt to a vastly more complex demand from customers if they’re to survive and thrive.

For distributors especially, the stats aren’t looking particularly good at the moment. Taken as a whole, the enterprise distribution market across Europe declined by 3.5 per cent in the third quarter from Q3 2012.

Security in particular was badly hit, showing a decline of 18.1 per cent. If we look more closely at this segment, we can see why. Firstly, PC spend is down while mobile device shipments are up. On these new smartphones, tablets and convertibles, users often don’t consider endpoint security – their main assumption being that data is mainly stored in the cloud anyway with little saved to the actual device. Even those who buy security do so through mobile apps or mobile device management solutions.

Security vendors realised this shift some time ago and have been refocusing their portfolios accordingly: Symantec has seen its endpoint category winding down for a while now and therefore concentrating on data management, back-up and protection, and cloud security; Trend Micro was one of the first to spot this trend with its Deep Security suite; while Kaspersky Lab appears to be focusing its efforts on virtual-ready products and adding enterprise scale functions to its B2B security suites offering.

Numbers are down – except in mobiles

It’s no surprise then that according to CONTEXT data, total revenue in the UK endpoint security market fell 34 per cent in Q3 year-on-year, while the number of licences dropped 41 per cent. Yet when we look at just endpoint mobile security, revenue went up 237 per cent over the same period. Kaspersky has been one of the most successful vendors in the UK in anticipating these changing buyer patterns. The company’s revenue for next generation data protection and security for virtualisation grew a whopping 522 per cent over the same period.

Distributors are seeing their traditional endpoint security channel shrinking due to these factors but also because more retail customers are buying directly from vendors online.

They are also increasingly being bypassed by forward-thinking resellers who are purchasing directly from vendors to respond to a growing need in securing cloud solutions. This triple-whammy is barely offset by a growth in business from Managed Service Providers – across Europe the endpoint security market for disties was down 28 per cent year-on-year.

The industry is reacting though, with the big boys acquiring smaller Value Added Distributors (VADs) to give them the capabilities they need to offer managed solutions. Arrow recently snapped up Computerlinks for this reason, responding to Westcon's purchase of Afina, Entrada and Triple AcceSSS in the past 18 months (and before that, its purchase of NOX). Transforming themselves from box-pushers to providers of value-added security services is the only way for distributors to secure long-term growth in a segment shifting towards cloud and data centres rather than typical endpoints.

As for the resellers, they too have to arm themselves with skills in this new era in security. They need to offer their customers hosted services and cloud apps with the security piece built in to the deal. This isn’t easy, with the multiplicity of operating systems, device types and form factors, and data access requirements of modern computing environments – not to mention the growing volume and sophistication of threats.

Every customer could have vastly different requirements – a far cry from the days when they could just ship out a few endpoint security licences out to customers.

It’s going to take a keen understanding not only of their end customers but also of the shifting vendor market in next generation security products. How complex are these products to install and manage? Do they integrate well? How many SKUs are needed in a single solution? Do I go for a Symantec which has acquired much of its portfolio with a resulting complexity of licensing or a Kaspersky which has grown organically? These are all important questions to ask, but if they want success, resellers must be able to take the complexity out of securing these modern computing environments.

It’s no easy task and finding the right talent in the industry to support this changing business model could be tricky. Vendors can help here – building up a relationship with them could lead to training opportunities for staff so that they can step up to meet these new requirements.

It’s also important to remember, however, that although big change is necessary for survival, step too far outside your core area of expertise and things could go downhill pretty quickly. ®