How To Sell Security

First, you need to memorize these three basic facts about the security space:

It's constantly changing. Security is an ongoing activity, not an absolute solution, which leaves wide open the fact that opportunities are always there for recurring services and product sales.

Solutions are specific. They are point solutions that are only part of an overall hardware or software implementation, and opportunities exist for providing additional guidance on deployment of integrating the security solution into the overall IT infrastructure.

It's emerging. Customers need knowledge-intensive, timely information--not just about solutions, but about what's threatening them in the first place.

Sponsored post

Security Strategies
Now, take those three fundamentals and run with them. Here are some good examples of different strategies you can use to leverage your customers' security needs:

  • Position security as part of a holistic solution, including full networking, hardware and software components. That allows for bundling additional hardware and software as part of the initial or subsequent security sale. Approach your customers with a "security bundle" or "security package" that includes security services, software and hardware.
  • Position training services to lead up to security training. Without proper basic knowledge of operating systems, hardware configurations and application use, it is not possible to properly understand and implement security solutions. Bundle basic training packages with the intention of leading up to security-specific training. Also consider adding training as a regular part of your deployment or consulting engagements.
  • Ensure security hardware/ software upgrades are part of your regular services. After all, each upgrade requires not only security-software updates, but potential operating-system or hardware upgrades to combat a new security threat. For example, OS upgrades usually come with security fixes and, therefore, are recommended as part of the process of maintaining security on a network.
  • Seek out security solutions that are complex and require additional software and hardware. Generally, most security companies do not provide hardware or basic software for the security solution. By entering the account with a security solution, you can also pick up additional hardware and applications sales revenue. A good example is PKI, which involves many different pieces to the rollout.
  • Choose a vendor, preferably a single vendor, for each security category. In this manner, you can build up expertise, specific bundles and solutions packages, and get increased leverage from the security vendor.
  • Mix it up with the market. Seek out relationships with security vendors' channels and/or partner programs. Leverage the resources that the program provides to help position and promote security offerings to your customers. Talk with experts in the field and read industry business magazines to learn more.

Selection Guidelines
Now that you have a strategic starting point, make sure it incorporates the right mix of security products and services. Here are some guidelines to follow:

  • Look for emerging technologies. The newer the space, the greater will be the need for additional services, including consulting, architecture and implementation assistance. Generally, more money is spent in the beginning of the technology's life cycle than at the end of it. Examples include intrusion-detection and security-compliance software, such as products from ISS and NetIQ.
  • To determine an emerging technology, take a look at the number of small companies in that space. Generally, the newer the technology, the greater the number of small companies. Many applications-based solution vendors will typically recommend a specification for hardware to support the application.
  • Be careful not to select very high- level, complicated application solutions. Hardware-based solutions are typically appliance models, which leave very little opportunity for VARs and systems integrators. So avoid dependence on appliance-based sales because they generally produce minimal recurring revenue. Focus on products with midsales cycles, usually two to four months. For example, many intrusion-detection products fit these criteria. Product costs range from $10,000 to $40,000 for software and/or hardware costs.
  • Don't be reluctant to ask the security vendor questions, including: Who is the decision-maker for this product? Ideally, it should be a manager or director. And does the product-sales cycle typically require a trial period? Ideally not, but if it does, software solutions are easier to send to customers to check out.
  • Remember: There is a trade-off between a quick sale and a low margin (e.g. VPNs). The shorter the sales cycle, the more likely it is that the security product/service is a commodity, so the need for additional services and products is fairly low.
  • For better margins, try to work with small to midsize security vendors. Margins (sometimes as high as 40 percent for some companies) are usually higher with small to midsize companies (usually 50 to 2,000 employees) than establishing them or trying to compete with bigger brands. Although working with small to midsize companies is more risky, working only with leading brands will invariably introduce more competition and lower your margins.
  • Check Point Software Technologies, for example, is a leading firewall vendor. Yet after passing all of the certifications and criteria it requires, the time and expense for solution providers can lead to margins in the single digits. Smaller vendors in this space include NetScreen, which provides a focus on the small to midsize business at a lower cost than Check Point.
  • In any case, security is--and should be--only part of your portfolio.
  • Finally, the vendor should have a very strong channel-support program. After all, your success will depend on getting the right sales, marketing and technical tools to make your customers happy. Leverage co-op dollars, MDFs and other methods of co-marketing and branding to promote your company.

Examples of co-marketing include trade shows, customer road shows and even direct-mail campaigns. Ideal marketing activities are localized for the geographic areas in which your company operates. Let the vendor promote the solution while you promote your services.

Kapil Raina (kraina@securitypundit.com) is an author and runs a consultancy that specializes in information security.

For the Services-Challenged
If you're really dead set on avoiding consulting services and/or implementation services, take a good look at biometrics. This category mainly involves hardware components but can be coupled with security software, such as access-control or identity-management software.

Remember, it's possible to position a security product to help build an account, then outsource implementation of the security product. Outsourcing may involve direct deployment, integration/customization and possibly even training and add-on consulting services. Many systems integrators will provide such services either as separate organizations, in which case they deal directly with your customer, or under your corporate logo, in which case they are subcontractors and the customer only sees a single organization.

Close