Become A (Well-Paid) Compliance Teacher
Educating customers about
the importance of complying with industry regulations is helping this
VAR reap $2.1 million in new business this year.
Sacramento Technology realized it needed to offer something more, and it took drastic measures to change its business model. Today, product sales account for only 30% of its total sales revenue. The rest comes from educating customers about complying with regulations.
Help Customers See Their Need For Network
Sacramento Technology educates customers about the importance of security and disaster recovery. More specifically, it educates them (via Webinars and lunch-and-learns) about complying with industry regulations related to security and disaster recovery.
At its lunch-and-learns, the VAR invites its vendor partners, existing customers, and new prospects. One principle Sacramento Technology follows is accepting minimal co-op money from vendors. “We like to have control over our educational events and not feel we have to plug a particular vendor’s product because it made a financial contribution,” says Usi. “Typically we have between 20 and 40 people from 15 to 25 companies in attendance.”
Another principle the VAR follows entails including more existing customers than prospects in the audience. In fact, most events include only three to four prospects for every six to seven existing customers. The reason is new prospects that attend a seminar will turn to their peers for questions or advice rather than approaching the VAR. “It’s one thing to ask prospective customers to read case studies about successful installations,” says Usi. “It’s a whole different thing to have them talk to the guy sitting next to them who’s already completed a similar project with our help.”
Sacramento Technology’s seminars have a strong emphasis on compliance, which often isn’t the most interesting topic for IT people who just want to get their hands on the latest network appliances. As a result, the VAR emphasizes to new customers the presentation is geared toward managers and/or business executives. Some of the compliance mandates and networking strategies Sacramento Technology covers during its presentations include:
- HIPAA (Health Insurance Portability and
Accountability Act) — legislation passed in 1996 that includes a
privacy rule creating national standards to protect personal health
- Sarbanes-Oxley — a law administered by the
Securities and Exchange Commission to regulate corporate financial
records and provide penalties for falsification of data
- COBIT (Control Objectives for Information and
related Technology) — a framework for information security created by
the Information Systems Audit and Control Association (ISACA)
- SB1386 — a California Senate Bill (SB) that
requires businesses to inform all their clients in the event of a
network security breach
- IPv6 (Internet Protocol version 6) — a new
Internet architecture that is built on a 128-bit architecture and
includes end-to-end security
- FCAPS (fault, configuration, accounting,
performance, and security) — the ISO model for network management, the
primary standard network security VARs and consultants follow to
troubleshoot and secure networks
- Gramm-Leach-Bliley Financial Services Modernization Act — an act that requires banks, insurance companies, brokerages, and other financial institutions to establish administrative, technological, and physical safeguards to ensure the confidentiality and integrity of customer records and information
The VAR earns about 50% of its business through Webinars and seminars (the other half comes from vendor leads). One of the ways Sacramento Technology earns the respect of new customers is via its engineers’ credentials. For example, each lead engineer at Sacramento Technology is either CISSP (Certification for Information Systems Security Professional)- or CISM (Certified Information Security Manager)-certified, which are ANSI (American National Standards Institute)-approved certifications developed by the ISACA for experienced information security managers and those who have information security management responsibilities. Additionally, the VAR is involved with professional and technological organizations such as the IPv6 Task Force, which makes recommendations to the federal government about how it should upgrade its networks from the existing IPv4 (Internet Protocol version 4) format to the next-generation architecture.
Hold Customers To A High Network Security
After the VAR finds a few strong prospects from its initial meeting, the next step is to set up a one-on-one appointment with the customer to get to know the customer’s work environment, physical network, and compliance concerns. During this phase, Sacramento Technology never mentions a particular kind of hardware or software solution. Taking a consultative approach can extend the sales cycle up to 6 months — compared with just 60 days for a product sale. But, the VAR has learned the wait is worth it. “Only after we’ve done a thorough evaluation can we make the right recommendation,” says Usi. Also, by being thorough, Sacramento Technology can uncover security vulnerabilities the customer didn’t know it had. For example, one part of the evaluation entails having technicians walk the customer’s work area and observe the customer’s employees at work. This can reveal a host of security violations. “We may discover employees are running bandwidth-hogging and virus-prone applications such as Kazaa, or we might discover there are a lot of peripheral storage devices being used, which can pose a network security threat,” says Usi.
Occasionally, a customer will disagree with Sacramento Technology’s recommendation and will insist on solving a network problem a different way. After several attempts to get the customer to see things its way, the VAR tells them, “Do what you want, but don’t buy your security products from us.” Usi recalls one customer that went against Sacramento Technology’s advice and bought a low-end load-balancing appliance from another VAR. “After a spike in network traffic, the low-end load balancer failed, the network crashed, and the customer’s VAR wasn’t available to help,” says Usi. “The customer came back to us for help, and it’s been very loyal ever since.” Usi says one of the reasons Sacramento Technology Group is strict with customers about network security is that if a customer’s data is compromised, the VAR that installed the network security could share some of the legal ramifications. Simply put, if you’re a VAR that bases your business on being a network security expert, a security breach for one of your customers could spell bad news for you, too.