With companies of all sizes valuing the need to protect their infrastructure from attack, the market for network security appliances remains something of a honey pot. But what should resellers really be doing to widen their profit margins and grow their business? Channel Middle East unlocks a market very much in the grip of transition
These are halcyon days for resellers in the networking and security arena. As organisations make the leap into wireless environments by their dozens, and the nature of the threats becomes increasingly sophisticated, the need for a well-structured security policy has emerged as the number one technology priority for end-user firms.
There is little doubt that demand for multiple, best of breed network security appliances - such as intrusion prevention, firewalling and antivirus - remains at its most enduring in the Middle East corporate sector, which typically includes any network accessed by more than 500 users. As well as deeming an appliance for each security function essential, large enterprises are also more geared up towards working with multi-vendor solutions because they often have internal expertise in more than one product family or brand.
"Based on the criticality of the application, it is essential to have a dedicated intrusion protection service, a whole lot of e-mail security and other appliances when it comes to the enterprise market," said Hishamul Hasheel, technical sales manager MENA at networking vendor US Robotics. "As the network size grows and receives more exposure to the outside internet, you need to devise a hierarchy of these appliances in different places in your network."
Yet while this is very much the pattern at the top end of the market, there is no escaping the fact that the overall dynamics of the network security appliance channel have been dramatically reshaped in recent times by the emergence of unified threat management (UTM).
With everybody from Sonicwall to Juniper proclaiming to offer the ultimate "integrated approach" to security, the market for UTM devices continues to explode at an astounding rate. "The trend is shifting from a point solution to an end-to-end system," said Ahmed Etman, business development manager for security at Cisco Middle East. "This is the major wave taking place in the region. CIOs and IT administrators do not want to be managing multiple boxes and technologies."
The notion that it is better to have numerous security devices bundled into one package - rather than several different appliances from an array of manufacturers - is one that has already been subscribed to by most vendors in the networking and security field. ROI and reduced cost of ownership are cited as major benefits of the UTM concept, while it can also dilute the complexity associated with operating several layers of devices.
"In a situation where something is not working, you know that the problem is going to be somewhere in that unit," said Kalle Bjorn, technical manager at security appliance manufacturer Fortinet Middle East. "If you had five different appliances deployed on the network, you'd have to troubleshoot all five."
One criticism of the UTM space, however, is that there is often a lack of transparency around exactly what comprises an integrated appliance. With definitions differing between vendors, it is a market that newcomers are advised to broach carefully before deciding where to invest their resources. "You have a lot of vendors that have just gathered up third party products on their devices and are using this as UTM," lamented a source at one security firm.
The Middle East appliance market is still a sector where most vendors deploy a conventional, two-tier channel model that places firm emphasis on the role of distribution. As well as product fulfilment, the job description of the wholesaler is to transfer a degree of education and technical expertise to the reseller. Nidal Taha, regional general manager at WAN optimisation specialist Blue Coat Systems, which uses the services of Almasa and US Telecommunication, explained: "Our distributors have to have an internal product specialist and a system engineer that is certified to specialise in Blue Coat. The distributors offer the product, but they must also have skilled knowledge in terms of licensing and configuration."
For many vendors operating in the Middle East, the focus in 2007 is on polishing their reseller channels and driving more business through the partners that truly understand the intricacies of the network security appliance market. Fortinet, which works alongside allies such as Paramount in the UAE, Algosaibi Information System in Saudi and Universe Computers in Kuwait, insists that it will attempt to get closer to the resellers that display genuine focus on its products by making it more attractive for those partners to work with the company.
Blue Coat, meanwhile, is on a mission to ensure that at least 25 of its partners qualify for its top level ‘Premier' status by the end of the year, which would almost equal the volume of standard partners presently assigned to its books. It currently works with 12 Premier resellers in the Gulf region - including GBM and Al Falak - and collectively this dozen brings in more than 60% of its regional sales.
Cisco, too, is looking for resellers to specialise in security after adding a ‘master certification' for security to its channel programme towards the end of last year. That addition is designed to ensure that companies with a very strong security expertise are not overshadowed by larger resellers that can outmuscle them in the volume stakes. "It will help level the playing field between the smaller security focused boutiques and the larger firms which have won deals," stressed Etman. "We are looking for a decent number [of resellers] to obtain this and it would give them the same level of treatment as a Gold partner."
The maturing of the network security market in the Middle East has created a landscape where both traditional networking and security resellers have strayed into one another's territory by virtue of the proximity of the technology.
"As the technology evolves, there will be a blurring between those that are security specialised and those that are network specialised," agreed David Small, VP EMEA channels at networking giant Juniper, which powered into the VPN security and firewall sector two years ago when it snapped up NetScreen for a massive US$4 billion.
Juniper now boasts 140 certified resellers in the Middle East and Central Africa region, and has opened new offices in Saudi and Egypt within the past year.
Yet while this collision of technology channels is clearly visible in the market, several vendors insists it is still more common to see the reseller channel dominated by companies with a heritage rooted firmly in networking. Their in-depth understanding of network infrastructure means that adding security to their repertoire is often a logical next step. "Having said that, when it comes to wireless - where we specialise - we bring a whole breed of new professional resellers whose bread and butter is based on wireless security," asserted Hasheel at US Robotics.
Neeti Rodrigues, sales director India and GCC (excluding Saudi Arabia) at 3Com division TippingPoint, said: "Security partners only sold security in the past, and networking partners would just outsource the security component to a specialist organisation. That wasn't a problem when there was no integration needed but when you are talking about proactive appliances today then they have to get close to the switch and that means you can't sell security without some networking being involved."
The margin opportunity for resellers capable of building a compelling network security business is highly attractive. Even the standalone sale of the device remains more enticing than other areas of the hardware sector, where price points have dropped dramatically. "The prices aren't necessarily declining because what we are seeing is more functionality being built into the boxes," said Small at Juniper. "We are targeting from the SMB upwards so they are not really mass market products and don't face the same price pressure. They are not commoditised."
Delivering a security solution commands a much different set of tactics to selling a PC, for example, and at the heart of this is the necessity to build an intimate relationship with the customer. Shahnawaz Sheikh, regional sales manager at Sonicwall Middle East, reckons 20% to 25% of a reseller's business will come back to it each year as a result of customers proactively renewing annual services.
But he says the channel needs to be aggressive in addressing the rest of its customer base and look beyond the straightforward transactional sale. "It is a two-way effort," he said. "The reseller must also contact the customer to remind him to renew the services because it is about working with them in the long run. When a reseller gets into a customer account he may start off with the UTM services, but then he might look at other solutions, such as business continuity, e-mail security, SSL VPN and wireless security."
That point is reiterated by Samer Malak, channels manager Middle East at software vendor McAfee. He insists the vendor ensures all partners who are certified on selling its network gateway and network intrusion and prevention appliances are equipped to handle a sale at all levels. "After sales service is very important for customers who have invested in network security," he added. "The main factor is that software, functions, and updates are constantly changing and customers need vendor and reseller support to stay updated and get the maximum possible performance out of their appliance."
The complexity of the security market also makes it an ideal sector for resellers to earn money from service-led sales around areas such as maintenance, design, compliance and support. Blue Coat Middle East boss Nidal Taha advises resellers of its products to consider selling training solutions too. The vendor operates authorised training certification centres in Egypt, Saudi Arabia and the UAE, and now permits its highest tier of partners to resell its training solutions.
"A Premier partner can make 10% to 30% margin [selling network appliances] depending on the competitive situation and 10% to 35% for the training courses," he said. "We have recently been moving towards security and system integrators with security skills. We used to work with enterprise system integrators and ISPs, and we still maintain those but we try to encourage them to invest in the security field. A security-skilled system integrator usually has the right tactics to sell application security and is trusted by the user."
Sheikh at Sonicwall acknowledges that resellers can earn a "comfortable two-digit margin" from simply selling security devices, but advises partners to position themselves as consultants to the end-user and educate as many staff as possible in security technology.
He also claims resellers need to be smart about how they market their offering to the customer. "They should be bundling the appliance with the security services so that instead of talking to them about 10 different fields and 10 different part numbers, they can tell them that they offer a comprehensive solution with a single part number and price," he said. "If the reseller breaks that into six or seven components then the customer will just get confused and start picking and choosing which aspects it wants."
Majdi Babaa, technical manager MENA at ethernet vendor Extreme Networks, maintains that one of the secrets to winning new accounts is being able to provide the customer with a tangible demonstration of the various hacking methods and algorithms known to the market. "They have to know their network is open to vulnerabilities and that the security appliance must be part of their network," he said. "Most of the opportunities that we see come from proving to the customer that their network can be brought down by a small CD sitting in one of their PCs trying to issue one or two commands."
The attributes required by resellers to sell comprehensive security appliance solutions vary from the ability to design scalable network architectures to extensive configuration and integration skills.
"When it comes to deploying a corporate level or wireless network, a lot of professional expertise is required in the two core technologies - wireless and security," said Hasheel at US Robotics. "We don't see many partners out there in the market who can really focus on these two functions so the way we grow the professional wireless market is to train them in terms of the different parameters of wireless security and advise them how to achieve the highest possible security levels when deploying wireless. It is definitely not anybody's game on Computer Street; it is a focused approach, and as a vendor we work with selective partners who have the expertise in building security."
The skill-set for resellers looking to sell appliances is similar, but slightly less stringent than those selling standard enterprise products, according to Naveed Moeed, technical manager at RSA Middle East. "Knowledge of machine hardening and device security is not required in these scenarios," he explained. "There is still the emphasis on overall security knowledge; the understanding of time based two way authentication and other factors inherent to the software as applied on the system. However, networking and OS knowledge is not required to the same depth."
Rodrigues at TippingPoint admits she has witnessed many core networking channel partners move towards a dual-pronged model within the past 12 months. "Many of them have migrated slowly by initially training a few of their guys and then bidding on complete solutions. They have seen the value of putting security into a networking project and that has brought them to change."
That view is supported by Dharmendra Parmar, regional marketing manager at networking distributor FVC. "Traditional networking solutions leave very little room for margins for partners as they are over distributed and quite generic in technology," he said. "Emerging technologies in security provide the partners with an opportunity to increase their margins and up-sell to their existing clients."
Demand for network security appliances is being seen right across the Gulf region, particularly as more small businesses move to reinforce their networks. At least two vendors also cited a boom in the Qatari market following a surge in network infrastructure upgrades that accompanied the Asian Games.
"I see the most requests for security coming from the UAE," countered Babaa at Extreme Networks. "In some of the other regions - like Jordan and Egypt - you see the requests, but to be honest it does not seem to be as important to them as it is in the UAE. The UAE is taking it seriously, probably because most of the IT companies are here directly." The Saudi market is enjoying a higher volume of deployments than anywhere else in the Gulf region due to its size, say vendors. Some believe that a greater awareness of internet threats than in the past is contributing to this trend, while the prospect of the market embracing broadband networks will only proliferate this trend.
"We believe there is a huge potential in Saudi because the market is still surviving on stateful packet inspection firewalls, although many organisations are gradually moving towards the UTM concept," said Sheikh at Sonicwall. "In some of the markets, we are going through this whole process of ‘educate and sell'. Countries such as the UAE, Qatar, Bahrain, Kuwait and Oman are all educated in terms of VPN solutions," he added.
The maturing of the Middle East network appliance market and the availability of new technology clearly invites anybody with a network or security background to chance their hand. "The only thing that has changed really is that the customer demand has become more complex because they really are looking for security and networking capability," commented Small at Juniper. "And as the devices have more in them in terms of antirvirus, detection intrusion and so on, it naturally becomes slightly more complex."
Resellers in the Middle East capable of developing a security proposition will clearly enhance their business, while there is room for companies to market themselves as professional security service consultants, particularly at the enterprise end where clients have larger security budgets. Technology changes are reshaping the paradigms of the network security appliance channel, but it is up to resellers to turn that to their advantage.