Summary Bullets:
• Growing emphasis on security as an integral part of any enterprise IT buy is being pushed by high-visibility break-ins.
• Vendors and service providers need to change sales and marketing to integrate security, and they need to change their own corporate structures to be competitive.
The story of enterprises putting security first or emphasizing security in their IT solutions is happening, and it’s happening now. My colleague, Amy Larson DeCarlo, Principal Analyst for Security Services here at GlobalData, illustrates this trend in a recent blog (As Ransomware Attacks Accelerate in Frequency and Severity, How to Respond is Just One of the Questions, September 25, 2023).
Enterprises buying new solutions, whether they be infrastructure, software, or services, are often beginning the conversation with the vendor or service provider with the security question. This is the new normal, and overall, it’s a good thing. But adjusting to the new normal is far more than simply pitching security first.
Vendors in closely related spaces, such as data center networking, campus networking, and WAN networking, have to change how they sell to clients to change themselves organizationally. Vendors and service providers cannot afford to pass the security question to another representative, or even worse, to an entirely separate internal division. At some organizations, security is so offset from other products and services, it ends up looking like getting pitched an extended warranty at the end of the sale.
Some vendors and service providers have a house divided. While acknowledging the practicalities of the security team and other product teams engineering solutions separately, the marketing and sales motion needs security to be seamless for the customer. No waiting to hear back from the security group or a single overloaded security sales engineer who services all sales teams. Vendors and service providers should either train sales engineers on security or make sure there is a security sales engineer on any given team.
Further, more fundamental changes may also need to occur for vendors and service providers. Adding security to the sales team isn’t enough. Security lines of business may currently have goals or sales compensation schemes that are in conflict with other lines of business. This creates back-of-house friction that will make integrating security much harder. Internally, the two teams/business units need to be harmonized, with marketing and sales for both unified. Vendors and service providers who do not make these necessary changes will find themselves challenged in competitive selling situations and turn fewer requests for proposals into purchase orders.
Enterprises can have structural problems as well. A security-first posture means there will need to be not only mandates, but even structural changes and good teamwork to reach the goal. OT and IT at customer organizations need to be aligned from a security standpoint. There cannot and should not be two security standards in the organization. Vendors and service providers can bring extra value here by having a discussion with the customer and offering advice, not just in the form of talk, but also with white papers and perhaps even a case study on how they have made changes for the growing security needs. This little internal case study, for lack of a better term, should not be all roses and sugar, but outline the difficulties they have had and may even continue to have. This kind of sharing shows the vendor or service provider practicing what they preach.
This comes down to people. When people work for a common goal and approach change with an open mind, projects and initiatives go well. When they view change as encroaching on their ‘territory’ is when things become decidedly sub-optimal. Vendors and service providers who haven’t been keeping up and using old internal structures that hamper change need to start changing now if they want to keep up in an increasingly competitive enterprise marketplace.