VAR

I'm very happy for my blogging buddy Michael Farnum, who is leaving security management-land to join the wild, woolly world of the reseller community. In this post (here), Michael goes through his personal selection criteria on what was important to him and why ultimately he decided to go with Accuvant.

All of these are good thoughts, and he seems to be going into the situation with his eyes open. I hope. So not to be Mr. Wet Blanket because I know a lot of people who are very happy being a pre-sales engineer for a VAR, but let me point out the reality of a couple of things Michael will have to deal with.

And of course, I think these tips are applicable to more than just Michael, or else I would have just sent him a note.

1. You've got a number - Whether you are in pre-sales or carry the bag yourself, ultimately you have a number. That number is based upon the margin you bring into the organization. And you are expected to get to that number because it pays your salary. That may create issues with "high pressure sales" and selling what pays high margin, as opposed to what the client needs.
   
   
2. SPIFs and promotions - Vendors (especially one's that are breaking into the channel) tend to make it attractive to sell their box. There are lots of kick-backs (I mean incentives) and promotions to move the boxes. At time, they can be hard to pass up. In the past I've used fancy trips, Rolex's, and cold hard cash. I wasn't playing with the ethics of the reseller, I was trying to create urgency in the community to move boxes.
   
   
3. Pressure from corporate - Pressure to push one product or another will happen. It happens in every organization. Of course, some more than others. But be wary of it and learn how to deal with it.

So what's the best way to prosper and thrive in this kind of environment?

Rule #1: Do the right thing for the customer. ALWAYS. Yes there will be pressures and you may be able to make more money in the short term by pushing something with a good SPIF, but you will have to support it and if you want to sell anything to that customer again, you better do right by them.

Rule #2: Tell them the truth. If the customer is on the verge of doing something stupid, tell them. You may lose the sale because there will always be someone that will take the money, but that person will remember what you said and work with you the next time. That is if their head is still attached to their body. The users I've worked with don't want yes men. They get enough of that out of the vendors trying to move their wares. The resellers job is to help them make the best decisions.

Rule #3: Pick a few products and learn them back and forth. You'll never be as deep as the vendor's sales rep, and you can't possibly know everything about every product on the line card. But you want to be known as a specialist in a few products. The go to guy for a few hot categories. Then other folks within the organization will lean on you for expertise and you have a chance to move up the ranks.

Rule #4: Cut your losses. Referring to my third point - if you pick the wrong product to get deep on (and it will happen), don't go down with the ship. If the post-sales support is crap, or they get bought by a big company that is going to screw things up (like most of them do), then find an alternative and find it quick.

Rule #5: See Rule #1. Remember that your loyalty is to the customer. Not the vendor and not even to your own organization. There are a billion resellers out there and as you develop a loyal and profitable customer base they will follow you wherever you go.

And finally, have fun. Some days suck. You will lose deals. You will miss your number. But if you aren't having fun, then find something else to do. Life is too short.

Good luck amigo, I hope this helps, even a little.

 

I'm now writing a monthly column on security for TechTarget's SearchSMB site. In this initial foray, I examine how and when small-to-mid-sized business should use value-added resellers (VARs). I also discuss some of the things to watch for.

Of course, my editor at SearchSMB felt the need to change the title. The piece was originally titled, "Can you trust your VAR?" which I thought was more representative of the tone of the discussion. I'm not a big fan of the new title. But I guess they think it will generate more page views, of which I am a big fan. I hope they are right. 

So, my new column is great news given my focus on the security problems of mid-sized businesses. I've very excited to have a new outlet to spread my gospel.

http://searchsmb.techtarget.com/tip/1,289483,sid44_gci1193952,00.html 

 

The wonderful thing about the blogosphere is that you can pretty much have anything show up in your feed reader. So it seems that there is a fellow out there that publishes earnings call transcripts among other things on the Software Stock Blog (http://softwarestockblog.com). Lo and behold, Check Point's earnings call transcript showed up in my reader (http://softwarestockblog.com/article/9410) and it was very interesting.

Now I'll admit, I haven't been kind to Check Point of late. I think their strategy is non-existent and having to back out of the Sourcefire deal was a big blow to momentum. They had pre-announced a weak quarter (relative to expectations anyway) and in their earnings call they had an opportunity to talk more about the strategy and why they are going to recover. Needless to say I was underwhelmed.

There was weakness, but they positioned it as a hangover from a big Q4. They are also moving from a perpetual licensing model to annual subscriptions, but that is a very minor part of the business. They believe that customers do want integrated security solutions (which I agree with), but that adoption has been slower than they anticipated. It seems the real issue is customers are not embracing Check Point's integrated security story and not upgrading their point products. Not to Check Point stuff anyway.

Just check out this quote from Jerry Ungermann on the call:

We continue to get very positive feedback regarding our new direction and new products and while interests in activity are high, it appears that it’s taking customers longer than we had originally thought to replace their various point products with our newer integrated technologies. They like the direction and the implications associated with the Unified Security Architecture and what they perceive to be better security at a lower total cost of ownership, but it will take them more time to transition from today’s installed product to a more complete Check Point solution.

While we have talked about a general softness we’re experiencing in the market today, I believe security is still a very important area of investment, and our challenge is on the execution side to ensure we can enable our customers to get to tomorrow sooner. In this regard, we have a number of new initiatives we are working on and we will be making announcements about it in the near future to help make it easier and cost effective for our customers to buy our expanded solutions set sooner rather than later. This will include things like packaging, positioning, pricing, and promotions.

So, let me get this straight. Check Point is going to address the issue of their customers not upgrading their stuff through the use of the 4 P's?!?! I guess Jerry bought one of the Trout/Ries marketing books over the weekend and is all raring to go. Come on now. This is real business, not an MBA program. Even if that's what you are doing, don't tell anyone. It makes them seem amateurish.

I personally believe that two things are a work here, first is Check Point's lack of strategy is hurting them in the channel. There are lots of options out there for resellers to push, so they are going to go with the most exciting option. Sure, lots of the resellers are lazy and will only drop by to pick up their Check Point renewal, but customers will push for integrated solutions and Check Point has not made it clear why it should be theirs, as opposed to a Crossbeam or Fortinet. Websense also announced a weak quarter, and I think a lot of the same issues are at work. If the channel doesn't see a compelling strategy, they move on to the next thing.

So, Check Point's mission is clear. They have to figure out how to get their existing customers to upgrade to the new stuff and buy into Check Point's more integrated suite of products. Candidly, it's going to be an uphill battle. They don't have a compelling NAC story like Cisco to push upgrades of their installed base. They are under siege from both big and little UTM boxes that provide much better price/performance. And the US Government has made it clear Check Point is not going to be able to acquire new stuff to accelerate the strategy (like RSA did).

To be clear, Check Point is still a cash machine. Their margins remain tremendous and they've got a ton of customers. But as I've said before, they need a strategy to remain relevant moving forward. Smaller companies can bring niche products to market and do well. They don't need a big story because they solve a specific problem. That is not Check Point anymore, but that is how they continue to act. Their window of relevance is closing, so they better move fast.

Check Point customers have some decisions to make. A lot of Firewall-1 and VPN-1 will renew this year, or not. Do you buy into the next wave of Check Point's product or do you swap it out? I believe that without a compelling strategy from Check Point many customers are going to be looking at alternatives.

Another deal was announced yesterday with security reseller FishNet starting the consolidation of the security channel by buying Siegeworks. The release is here. I worked closely with both organizations at my last job and can say they are two of the strongest enterprise security resellers out there.

With Fishnet's stronghold in the midwest (they are HQ'd in Kansas City) and Siegeworks' strong position on the west coast, getting on the good side of the new larger FishNet Security will be a critical success factor for any vendor wanting to crack the enterprise security market.

Of course the trade press ignored the story because they are far more focused on widgets. Not even CRN covered it. They totally missed the boat. Why? This is a precursor of things to come.

Another data point is Calence (an AZ based reseller strong in networking and security) acquiring the networking and security resale business of Avnet. This trend will result in a rather significant bifurcation in the security channel. There will be the haves and the have-nots. The haves will be $150-200 million dollar companies and the have-nots will remain two guys and a phone.

The haves will be able to dictate favorable margins and preferential access to new and exciting products. The have-nots, well... not so much. The haves will begin to assemble "solutions" integrating multiple products to solve significant problems. The channel has always been called "solution providers," but in reality they've been nothing more than box pushers. As they get bigger, they cannot possibly push enough boxes to make the model work, so integration, services and solutions are the future for these folks. And the have-nots will sell a bunch of AV and $300 firewalls to the SMB market.

Whether the vendors get it right or the channel assembles it, enterprises have no interest in continuing to integrate disparate solutions with bailing wire and duct tape. Vendors, this is a wake-up call; act big or your reseller will do it for you.