Much has been made of the rise of platform cybersecurity giants such as Palo Alto Networks, CrowdStrike and Cisco….
…And Sophos!
…Quite. How exactly does Sophos fit into this?
A debate’s been going on for years about whether best of breed or platform is the better strategy. The answer is you need to have both capabilities. You need to have very good technologies that can compete on their own and provide good outcomes to the customers, but then you also need to provide operational efficiencies and consolidation opportunities to markets.
If you go talk to large banks in the US, for example, and ask them how many cybersecurity vendors they have, you’re commonly going to get an answer of somewhere between 75 and 300. That becomes unmanageable, no matter how large your IT and security organisation might be. As a partner, it’s easier to learn and become an expert on one or two or three platforms than it would be 10 or 20 or 40 partners, just because there are costs associated with that.
There are very real practical, operational and cost-efficiency benefits that the market gets from platformisation, but it can’t be at the cost of degrading the actual utility and efficiency of the accompanying technologies.
You launched a new partner programme in August. Compared with the previous programme, what behaviours does it reward?
If we can help our partners to grow and our partners can help us to grow, that’s exactly the kind of mutually beneficial arrangement we’re trying to optimise our programmes towards today. Hopefully that’s coming across in some of the recent updates we’ve made there.
We’ve seen very rapid adoption of MSP Elevate, which is a new loyalty programme where our most-productive MSP partners get access to exclusive products and services and entitlements within the Sophos ecosystem. That’s precisely the kind of co-evolution we want to drive with our partners. We grow together and we mutually make investments in each other to enable that to occur.
At the time you acquired SecureWorks, one of the partners we spoke to said the acquisition would put you in an “interesting complement/compete situation” with VARs and MSSPs. Have you encountered any conflict there in terms of direct sales, and what are you doing to ensure you’re complementing not competing with partners?
Historically, SecureWorks had done a lot of business direct, but they were beginning their partner journey and had already begun to shift many of their transactions over to partner-led.
Sophos has always been partner-led in our business, and we’re continuing to introduce partners into more and more of the SecureWorks engagements right now. There are still some renewals that are direct.
But loyalty to the channel is in the best interests of the business, and we’re going to continue to move in that direction.
In terms of the potential for conflict on the services side of things, when we got into the MDR business at Sophos about six years ago, I spent about a year analysing the potential for possible conflict and understanding whether it was something we can deconflict at a very large scale.
Out of 100 conversations with partners, you might find three who said ‘it will be in direct conflict with our business model’, but there were 97 who said either, ‘we don’t do services and this is the perfect opportunity for us to start doing them’, or ‘we do services and we see this as a perfect augmentation of our reach and our scalability’.
That has been our experience through the six years we’ve been in the services business now, and that continues to be the feedback we’re getting from the Sophos and SecureWorks partner base.
Interview continues on following page….
