As RSA Focuses On Solutions, Will Partners Follow?
One year after being acquired by data storage system giant EMC, RSA Security is taking some big steps in its evolution from selling security authentication point products to developing data security solutions. The question is, how many of the company's channel partners are ready to make the same leap?
At a three-day partner conference in Hilton Head, S.C., this month, RSA executives briefed solution providers on the company's technology and marketing strategies, and the message was that RSA—now officially "RSA, the security division of EMC"—is raising the bar for its channel partners. "We're upping the ante on the partner side," acknowledged Michael Ross, RSA area vice president, North American channels. "The partners who really get it will tell you it's their services that are driving their sales."
The message seemed to resonate among the 120 or so RSA partners attending the conference who, admittedly, represent the cream of RSA's reseller crop. "The game is changing. It's not a product sale anymore," said Thomas Gobeille, president and CEO of Network Computing Architects, a Bellevue, Wash., solution provider. Leading channel partners are selling systems built around such concepts as compliance and risk management, he said. Noting that his company now has four engineers certified in RSA's enVision security information and event management technology, Gobeille said, "We're investing because we see the vision."
EMC's vision wasn't so clear in September 2006 when it closed the $2.1 billion acquisition of RSA. Industry observers didn't see the fit between EMC's data storage business and RSA's SecureID Tokens for Authentication products. Almost overlooked at the time was EMC's acquisition of Network Intelligence, now part of the RSA division, and its enVision security information and event management (SIEM) tools.
EMC now bills itself as a supplier of data life-cycle management systems, marketing hardware and software for managing corporate data from its creation to when it's discarded. RSA fits into the picture by providing technology for securing data; giving a company's employees, business partners and customers access to the data; and—through the enVision software—capturing information from system logs about who is accessing the data.
Between 65 and 70 percent of RSA's revenue still comes from its authentication security products, said Brien Naylon, VP of Americas enterprise sales, and he exhorted resellers not to ignore that core business. But bookings through the channel increased 37 percent in the first three quarters of 2007 versus the same period last year and Naylon said newer technologies like enVision are driving much of that growth.
Next: Package Deals
Package Deals
Earlier this month RSA debuted an information risk management package of RSA and EMC data security technologies, services and best practices for financial services organizations. EMC is even building RSA's encryption technologies into some of its data storage systems and products like PowerPath—software that manages data flows between databases, file servers and other systems. Earlier this month, RSA acquired Tablus, a developer of data loss prevention technologies RSA plans to offer the channel to help develop data protection policies for customers.
These developments provide channel partners with opportunities that go beyond implementing data security systems to provide services for assessing security risks and developing security policies, RSA executives said at the conference. During keynotes they urged resellers to think big and consider opportunities such as developing solutions and services around PCI (payment card industry) data security requirements—already a fast-growing business for some solution partners at the conference—and compliance regulations such as the Sarbanes-Oxley Act of 2002 that include data security.
During a keynote, John Worrall, vice president and general manager of the information and event management group, cited numbers from IDC that show the market for security tools for policy and compliance, forensics, and security information and event management growing to more than $2 billion in 2011 from $1 billion this year.
"This fits well into our strategy," said Cole Libby, consulting practices manager with D&D Consulting, an Albany, N.Y.-based solutions provider and RSA partner. D&D provides security assessment services and Libby said the enVision security information and event management tools are very attractive to a lot of customers right now.
RSA's information security focus fits well with the data security assessment and regulatory compliance services that make up much of the business at Accuvant, a Denver-based solution provider, according to Dan Wilson, Accuvant's VP of partner alliances. "That really raises the level of conversation we can have with our clients," he said, adding that the more sophisticated solutions offered by RSA since the EMC acquisition already account for 15 to 20 percent of Accuvant's sales.
About 70 percent of RSA's sales are through the channel and there are about 500 solution providers in the vendor's SecurWorld partner program. Nearly half are simply registered with the SecurWorld portal while 207 have completed "sales authorization" training—a requirement since Aug. 1 to resell any RSA product other than SecureID—to obtain Access Partner status, a designation that brings deal registration and other perks. Another 70 have completed deeper technical certification training and hold Solution Partner status.
(Network Intelligence channel partners were moved to the SecurWorld program earlier this year. But SecurWorld remains independent of EMC's Velocity partner program.)
Right now RSA is working to boost the number of channel partners with enVision sales and technical service capabilities and next year will increase the number of partners with data security expertise. Ross said the company is both "upgrading" current channel partners as well as recruiting additional partners, although he says the company is being very selective. "Nothing is accomplished by oversaturating the market," he said.
RSA has no intention of cutting loose any channel partners. But Ross doesn't expect that all resellers will be capable of moving up the solutions-selling ladder—a view echoed by companies at the conference. NCA's Gobeille said some channel partners lack adequate resources or a mature enough practice to advance. D&D's Libby said more sophisticated solutions mean more complex selling processes, and some VARs are going to be challenged by that.
In 2008, RSA will offer enhanced training and education for enVision and other products, technical workshops and best-practice Webinars on deploying RSA products, and increased revenue opportunities involving EMC products and RSA's services organization, Ross said in his keynote.
But RSA's expectations of its channel partners are also increasing. Ross said partners in 2008 would face additional requirements in technical certification, pre- and post-sales service, the ability to identify new opportunities, and the ability to conduct customer proof-of-concepts and evaluations. The company also will be looking for ways to reduce its cost-of-sales expenses during the next 12 to 24 months, Naylon added.
Gobeille said his company is getting all the resources it needs. Libby was taking more of a wait-and-see view, saying the promises of more assistance "sound good, they had all the right words," but the company now has to deliver on those promises. And on cutting sales costs, "If they start taking down margins, that's an issue," he said.