Lead With Security ... Follow With VoIP
By combining network compliance assessments with VoIP (voice over Internet Protocol), this VAR expects 300%-plus sales growth this year.
When I first met Calvin Cooke in 2004 at a Tech Data TechSelect event in Chicago, I was impressed by his drive to adopt VoIP technology. At the time, Cooke, the CEO of VAR Brainstorm Networks, was in the process of growing his networking business from $1.2 million in sales to $2.4 million in sales. I got the sense from my first encounter with Cooke that he would be successful selling this cutting edge (and, at the time, bleeding edge) technology. The truth is, however, I had no idea just how successful Cooke would become. One year later I met up with Cooke at Cisco's Annual Partner Summit in Vancouver, British Columbia. He had recently sold the ISP (Internet service provider) portion of his business in order to focus solely on the networking part. Additionally, he moved from the rural area of Durango, CO to Denver and set up an office in the Denver Tech Center in the same building that houses Cisco Systems' Colorado headquarters. While at the conference, Cooke shared with me that he expected (conservatively) to do $10 million in sales by the end of 2005. Naturally, I wanted to hear more. During my meeting with Cooke, and subsequent follow-up phone interviews, he shared one of the primary secrets to his success: leading with security and following up with VoIP.
Don't Neglect Your Customers' Compliance Concerns
Brainstorm Networks has discovered among customers in just about every vertical market that CIOs are concerned about information security. In fact, the VAR has made it its motto to remove the deer-in-the-headlights look some of its customers have when they first meet. "A healthcare executive once shared with me, 'I have these HIPAA [Health Insurance Portability and Accountability Act] regulations hanging over my head, and my job is at risk,'" recalls Cooke. "My experience working with other CIOs made me realize that fears about compliance issues -- whether HIPAA, Sarbanes-Oxley, or SEC [Securities and Exchange Commission]-related -- were prominent themes."
Once again, Cooke's instincts were right. A recent study conducted by analyst group AMR Research revealed firms will spend nearly $15.5 billion on compliance-related activities in 2005. To put Brainstorm Networks in a position to help customers alleviate compliance concerns, Cooke determined that he would need to address his customers' network security issues from a legal and a technological standpoint.
Through a friend of a friend of a friend, Cooke was introduced to Bryan Cunningham, a former legal advisor to Condoleezza Rice, who specializes in information security compliance and policy issues. Over a four-month period, the two businessmen formed a partnering agreement and hashed out a plan for approaching customers about network security issues.
"The goal of information security is to protect clients from allowing sensitive data to get in the wrong hands, and it's about reducing the chances of law suits that result from such losses," says Cooke. "Our attorney partner is able to dig into customers' policies and procedures for protecting data and advise them on how to rewrite their policies and modify their business practices to reduce the chance of compromising their sensitive data." One example of what Cunningham may discover during his evaluation of a hospital client is that too many office employees have access to patient records. Cunningham's remediation may require the hospital to update its policies on who is permitted to view documents. He may also advise the hospital on ways to restrict physical records or digital records to authorized employees. "Many companies are aware that having someone like Cunningham review their policies and help them improve their documentation habits will at least give them partial credit in the event they wind up getting sued," says Cooke.
Another move Brainstorm Networks made in 2004 was to hire Clay Parker, a military-trained information security specialist, as its chief security officer (CSO). After Brainstorm Networks' customers get educated on the legal repercussions of protecting their data, Parker is able to help them understand how to protect the data on their networks. "Helping customers understand the security holes in their networks plays a key role in compliance, and it also is a prerequisite to deploying VoIP," says Cooke. Parker and Cunningham are both certified in the National Security Agency's (NSA) information systems security (INFOSEC) assessment and evaluation methodology training. The NSA is a government agency that uses methodologies similar to those required by HIPAA, Sarbanes-Oxley, and other industry regulations. "When customers see we have legal and security expertise, plus NSA training and implementation certifications, we become way more valuable to them than just a box mover," says Cooke.
Network Assessments Help VARs Sell VoIP
Brainstorm Networks puts its legal and security skills to good use during the initial phase of engaging with a new client. After meeting with customers to help them understand legal issues surrounding data security and how they can better protect their data networks, Brainstorm Networks leads customers into the next phase, which is a network assessment. "Depending on the size of the company, we conduct a two- to five-day network assessment which costs the customer anywhere from $4,000 to $10,000," he says. During the assessment, Cooke and one of his engineers install network traffic monitoring software to the customer's network. Over the course of two to five days, the software checks for application and bandwidth usage patterns on the network. Rather than dropping a 100-page report on the customer's desk, Cooke spends time helping the customer understand the results of the assessment. "The tests might reveal the customer has employees using unauthorized peer-to-peer applications like Kazaa," says Cooke. "It might also reveal the customer's bandwidth availability is lowest at 3 p.m. every day due to a certain application's use during that time." Often, the network assessment will reveal ways Cooke can help a customer save money and cost justify making the move to VoIP.
For example, in a recent network assessment conducted at a large higher education client's campus, Brainstorm Networks' technicians discovered the customer's hubs hadn't been updated in six years. The same assessment uncovered that the customer was paying $40,000 a month for a Centrex system (i.e. telephone system leased from a local telephone company). "We ended up with a $3 million deal because we were able to help the customer replace its Centrex with a VoIP solution that saves the customer $600,000 a year and helps its employees communicate more efficiently," says Cooke.
Some may argue that Brainstorm Networks has found success because it got into selling VoIP at the right time. While this may be part of the VAR's formula for success, there is one more component that is equally important: leading with security.