Why VARs Should Add Network Security
Integration Partners Corp. is relying on network security products and services to help grow its sales revenue by 40% this year.
He sits slumped over a computer keyboard in a dark, dingy basement. The only illumination comes from the flicker of his monitor and a small, novelty desk lamp shaped like a hula dancer. Empty soda cans, old pizza boxes, and food wrappers litter the room. Yet, disheveled as he is, he remains driven at his task: hacking into your unsuspecting customer's network.
We've been taught to loathe hackers. We're fearful of the havoc their meddling and their viruses will wreak on our networks. Now, with more mobile workers accessing extranets and wireless networks, companies of all shapes and sizes are even more concerned about the privacy of network data. These fears have helped create a security services market that research firm IDC predicts will reach $21 billion in sales by 2005, up from about $6.7 billion in 2000. One networking integrator/VAR that plans to capitalize on this security trend is Integration Partners Corp. (IPC) (Cambridge, MA).
$2 Million In One Year From Security
IPC partners David Nahabedian and Bart Graf expect much of the company's future growth to come from selling technologies that are complementary to network infrastructure products. (IPC's expertise is designing and installing LAN and WAN [wide area network] projects using Nortel Networks [Brampton, Ontario] hardware [e.g. routers, hubs, switches].) They list wireless, VoIP (voice over Internet protocol), and network security products (e.g. virtual private networks [VPNs], intrusion detection software, firewalls) as examples. However, Nahabedian said network security will be IPC's biggest growth area. He expects security products and services to account for nearly $2 million of their sales revenue during the next 12 months. "I recently called a customer who had used us for only networking infrastructure products and services," Nahabedian recalled. "After I told him about some of our security-related offerings, he hired us for products such as firewalls and secure authentication software."
Strong Margins Await
IPC's high expectations for security revenue come from conversations the company's representatives have had with current customers. It seems no longer are terms like firewall, VPN, and intrusion detection reserved for the lexicon of hackers, network engineers, and stereotypical computer geeks. Instead, even IT neophytes are uttering these and other security-related words now.
"Security has been one of the technologies on most of our customers' agendas," Nahabedian said. "So, the demand is there. Luckily, so are the margins, because there are more services to wrap around security products. For example, we can install and configure firewalls, conduct security audits, and provide off-site management of security enforcement points."
Despite The High Demand, Security Doesn't Sell Itself
Graf said IPC often leads with security-related products when pitching a new account. "A lot of the new accounts we pitch already have their networking infrastructure in place," he explained. "So, the security products offer us a different way of developing a relationship with these clients. And, even though many IT budgets have been slashed over the last year, we're finding customers still willing to spend money on security." However, he cautions that the logical addition of security to a network infrastructure project doesn't always mean the security portion will be an easy sell. In other words, security products don't sell themselves.
To make a security sale, he said it's important to understand a customer's Internet use policies including departmental communication and any other existing security policies. Once that information is obtained, IPC can develop a solution and either use its in-house lab or the client's lab to provide a proof of concept. With the proof of concept, IPC shows the client how the proposed network components will work with the customer's existing network. This step also assures the client the new equipment won't negatively affect the existing network's performance. Graf said 50% of the projects requiring a proof of concept are demonstrated in IPC's lab.
Most of IPC's customers want to see a payback in 15 months or less from the reduction of security-related costs. "Anytime we propose a solution that has a direct impact on an established cost, we can easily explain the ROI or payback," stated Graf. "But, when there is no hard cost, as with security projects, we need to clearly show the pain of not accepting our solution. Or, we show them the benefits, such as employee productivity, that can be obtained by deploying our solution."
Do You Need A Security Specialist On Staff?
Since 2000, IPC's engineers have been certified on network security products from companies like Nortel Networks, Check Point (Redwood City, CA), RSA (Bedford, MA), and ISS (Atlanta). "It is imperative for us to be able to design, test, install, and maintain all of the equipment and software we resell," Nahabedian explained. "We do this because there has to be a compelling reason for doing business with us, or else we are no different than a catalog house or box shipper."
IPC hasn't found a lack of experienced applicants when trying to create a staff of qualified engineers and support staff. Due to the massive layoffs at technology companies such as Nortel and Cisco in recent years, there has been an abundance of unemployed, highly qualified professionals seeking jobs. This job market has created a paradox for Graf and Nahabedian: Should they hire more employees in a down economy?
Thus far, their answer has been yes. In the last 12 months they hired five new employees, three of whom were former Nortel employees. And, as they prepare for an expected 40% growth in sales revenue this year, they are contemplating hiring another person with extensive network security software expertise.
"We don't just sell any products a customer wants," Nahabedian said. "Instead, we add technologies, like security, that complement our existing networking products and that industry trends indicate will be profitable in the long run."
Hackers aren't the only threat to your customers' networks. At large companies or college campuses, the authorized users of the network could be inadvertently damaging a network (e.g. by downloading large quantities of files from Napster). Often, these companies know they have a problem, but they don't know the best way to solve it. That's why VARs should add network security expertise.