An RSAC 2024 takeaway: partnering in services is tricky business

A theme has emerged within cybersecurity that can be seen throughout the entire technology industry – professional services are critical to delivering technology-based outcomes. Specifically in cybersecurity, this has emerged through the growing demand for MDR (Managed Detection and Response) – a market that is expected to grow 12% annually over the next five years (according to our colleagues at Omdia).

The path to MDR emerging as a category has been gradual, yet inevitable. On the demand side of the equation is the threat landscape which has grown both in scale and in complexity. More attackers are targeting smaller midsized organizations that have less sophisticated cybersecurity teams. It has become a market geared toward mass-fishing (pun intended), with less big whale-hunting.

On the cybersecurity supply side of the equation, a skills gap has formed. According to numerous recruiting sites, cybersecurity has regularly featured as one of the fastest-growing hiring categories. Moreover, businesses need help securing their environments and technology alone cannot fill the gap. MDR has emerged as the solution, combining best-in-class technology with best-in-class processes.

As Omdia eloquently describes it: “Modern MDR services are characterized by the integration of preventive measures across people, processes and tools, leveraging capabilities like user and entity behavior analytics (UEBA) and security orchestration and automated response (SOAR)”.

To meet this growing demand, many vendors have launched MDR solutions. This includes leading cybersecurity companies such as Check Point, CrowdStrike, eSentire, Microsoft, Palo Alto Networks, SentinelOne, Sophos and Trend Micro. Other SMB-focused vendors have also launched offerings including Bitdefender, ESET, SonicWall and WatchGuard. But here lies the challenge – offerings such as MDR pull vendors into territories that many of their partners will believe to be their own. The vendor-partner competition debate flares up again.

As is typically the case in these scenarios, the challenge is complex and nuanced. As has been highlighted, there is a clear demand for these services and to be viewed as a leading cybersecurity provider, vendors must do their utmost to protect their customers. Considering this, vendors are wise to go after this market opportunity. But once a business line is established, normal KPIs (growth, users, pipeline, profitability and others) will kick in. Moreover, while some partners will see MDR as their core domain, other partners not equipped to offer it yet will face customers who are demanding more of them. In those cases, partners invariably turn to vendors for help.

For any vendor across any sector, navigating the myriad of partner professional services capabilities that exist is complex, and therefore, many different models have emerged for partnering in this field.

A resell or agency model is required when the partner cannot fulfill that service demand. The constructs of this model follow that of a typical resell practice with associated incentives, targets and enough sales enablement to train partners on how to sell the offering. Naturally, complexities of “reselling” a service exist where there can be so much variance in pricing and scope.

A white-label model can be beneficial when the partner wants to be more directly involved throughout the lifecycle of the service, despite lacking much of the technical capacity to deliver it themselves. These models need to be governed by clear service-level agreements, an operating model that highlights the responsibilities of each party and processes for managing escalations. In this model, the partner assumes more of the customer burden both financially and contractually, even though they are ultimately relying on the vendor for the underlying technology. The vendor, in turn, is responsible to the partner.

A services specialization model can be leveraged when a vendor can reliably lean on the partner to deliver a set of services at a high-quality level. Specializations typically denote two things: a technical capability (having gone through various training programs and assessments) and a reputational designation (given that specializations carry some kind of vendor badging that is publicly promoted). To run these programs, vendors need to have a rigorous methodology behind their training, along with the associated financial constructs to help partners capture revenue opportunities while offsetting costs required to invest in these practices. Partners, in turn, need to invest heavily in their service practices as they will be taking on more of the burden with the customer. In many cases though, there are still shared responsibilities between vendor and partner and a specialization may be combined with some form of white-labeling.

An augmentation model is required when the partner has a leading expertise in a service area and the vendor’s offering can serve to supplement that expertise. In these scenarios, a vendor will find that the partner has an established practice which will likely include in-house IP, systematic processes and a formidable reputation. These partners are often at a maturity level where they have even established their own channel strategy to drive more scale of their services. To work with these partners, vendors need to focus on their core competency, which is their technology. These partners will undoubtedly see technology as vital to their ability to deliver services and the easier it is to adopt these technologies into their practices, the better for both parties. An augmentation model requires technical support, API libraries, flexible licensing terms and ideally, a vendor that prioritizes partners for services-attach.

A co-sell/deliver model is in play when the partner has a rich service capability and moreover, the ability to scale to meet customer demands. In these cases, the vendor has established the utmost confidence in the partner’s services capabilities that it actively goes to market on their behalf. Co-sell models flip the traditional script. Instead of a one-directional value chain, each layer of the stack is an advocate for the other. While this sounds very altruistic, successful co-sell relationships see a strengthening of their own businesses. Co-sell programs are becoming more common, but they can be challenging to scale. Yet when established, they are among the most tightly integrated forms of partnering out in the market.

No-one-size-fits-all approach

Most vendors will have multiple strategies for taking their services to market – in some cases, all the above. This is often a necessity due to the degree of service capabilities that exist in the market. Getting the right balance, in terms of investment, resource allocation and partner engagement are the details that determine market success.

It is also important to recognize that there are gray zones out in the market where both vendors and partners have service offerings that may prove to be complimentary in theory, but more difficult to execute. Professional services can be nebulous offerings, with many nuanced factors coming into play. Simple service constructs are often based on “time and materials”. Value offerings are often based on expertise, methodology, scarcity and reputation.

Invariably, many vendors will find themselves competing with their partners in services. It is a line that gets crossed many times, across many industries, for many different reasons. But an untethered services strategy may serve to alienate partners, which could have rippling consequences across other parts of the business. Traverse the services engagement steps carefully to avoid disrupting your partner ecosystem.