Vendors of cyber-security solutions need to change their approach to benefit from the operator channel

Listen to or download the associated podcast

Operators provide an attractive route to market for vendors of cyber-security solutions: they have a large customer base, and bundling security products with connectivity is a logical move. Operators also have ambitious plans to expand their security propositions. However, vendors need to do more to benefit from this channel – operators require different types of support from other partners, a point that few vendors seem to recognise.

Operators are expanding their portfolios

We surveyed 34 telecoms operators in 3Q 2020 about their plans and activities in the small and medium-sized business (SMB) security market.¹ Figure 1 shows the products and services that operators offer and plan to offer. The plans should be treated with caution because they may mix aspirations with more solid plans. However, the direction of the results is evident; telecoms operators are expanding their portfolios. Existing propositions are dominated by network security products, such as firewalls and DDoS protection. Fewer operators offer endpoint or mobile security solutions, but many are planning to add these in the future.

Figure 1: Overview of operators’ current and planned security portfolios for SMBs

Question: Which of the following security solutions (or services) do you currently offer to SMBs (and plan to start offering to SMBs in the next 12 months)?; n = 34.

These findings have implications for vendors. Operators are already well set for firewall solutions. Each operator on our panel works with 2.4 network security vendors on average. Vendors that focus on this space will struggle to add themselves to the list.

Operators will be looking for partners to provide other solutions, such as endpoint detection and response, which 32% of our panel want to add, and mobile endpoint security (26%). The prospects of partnering with operators are brighter for security vendors with these products in their catalogue.

More operators are entering the security market

Security vendors should not just concentrate on operators that are already involved in the security market. More operators are launching security services. Figure 2 provides details of operators that announced significant expansions of their security propositions in 2020. Other operators also have plans, as yet unannounced, to enter or significantly expand their presence in the security market.

Figure 2: Telecoms operators that announced significant plans for security in 2020

It is obvious why these operators have these plans. The market for security services is growing strongly – we expect SMBs’ spending on security services to grow at around 10% annually for the period 2020–2025. Operators already have a customer base to sell services to and a close relationship exists between connectivity and security products.

SMBs are also open to purchasing security solutions from telecoms service providers, especially if they are satisfied with the core connectivity products. Well over half of SMBs would consider their telecoms operator as a supplier of security services if they were satisfied with the core connectivity offering, according to another of our surveys.

Operators are an attractive route to market for security vendors

Telecoms operators provide an attractive route to market for security vendors, but vendors need to change to better serve it. In our survey of operators, we asked how security vendors could improve their offerings. Ease of use of solutions was the most important issue for operators. Nearly two-thirds of respondents identified this as a top-3 priority. A vendor that can make its solutions easier to use, and can demonstrate this to operators, would have a clear advantage. Profitability inevitably was identified as another important area for improvement – a top-3 priority for 62% of operators.

In contrast, ease of doing business and marketing support were ranked the least important by respondents. Operators already have sufficient marketing resources of their own and are well-equipped to work with external vendors (for example, they have large procurement teams). It is likely that telecoms operators differ from security vendors’ other channel partners (such as resellers and managed service providers (MSPs)) in these respects.

We also asked the operators for a single suggestion for what security vendors could do to help them. The most common suggestions related to support. Operators feel that vendors do not consider them to be a distinct type of channel with unique requirements. Vendors need to do more to understand how operators sell to SMBs, and how operators’ requirements are different to those of their other channel partners.

Operators are also not impressed by the pricing models offered by many of the security vendors. They would like to see vendors offer more flexible pricing models, such as a pay-as-you-grow, rather than insisting on high minimum value or volume commitments.

Fortinet is an example of a vendor that does well in these respects. It was extremely well regarded by operators. It is also notably a key partner for both Vodafone Idea and Etisalat, two of the operators in Figure 2.

Operators are well placed to help security vendors to reach new customers but they have different requirements from other channel partners. Vendors need to respect and understand this, if they are to win share through the operator channel.

For more results from our survey, see our reports Cyber security in the SMB market: survey of telecoms operators and Analysis of vendors of cyber-security solutions for SMBs: telecoms operator survey.

¹ We define SMBs as companies with up to 1000 employees.