For security software major Sophos, partners and managed service providers (MSPs) remain a big part of the company’s growth strategy globally. “Our MSPs are contributing anywhere between 15 to 20% of the channel ecosystem and the rest 80% are still working with us related to software security solutions, network security solutions and cloud,” says Chad Cleevely, Sophos’ Director – Channel Sales, Asia Pacific and Japan (APJ).
Like many software companies globally, Sophos is a channel-driven company that drives its business, sales and growth leveraging its huge partner network. The network is a mix of traditional channel partners, distributors and resellers, managed service providers (MSPs), system integrators (SIs), managed security service providers (MSSPs) as well as software as a service (SaaS) providers across regions.
In this interview, Chad Cleevely, Sophos’ Director – Channel Sales, APJ talks to TechHerald about the company’s channel strategy and ecosystem in India and the APJ region. He also discusses how Sophos is enabling the partners to enhance their capabilities in protecting their customers from cyberattacks as well as dealing with security gaps scenarios.
Edited excerpts…
Q1. In this post-COVID year, what sort of channel go-to-market strategy is Sophos looking to adopt in the Asia Pacific region and specific to India in 2022-23?
Chad Cleevely: The first thing I’ll say is it’s been great to get back in front of our partners and customers. I met our customers, partners and distributors in Singapore and Delhi. Based on the data from the research on threat and ransomware reports published in 2022, we continue to see the risk and increase in ransomware attacks. We have seen these attacks become more and more sophisticated. For our business partners, our channel strategy is that we see an opportunity for them. We remain committed to our channel partners and business partners. We strongly encourage partners to continue providing security in-depth and remain trusted advisors for their customers. So we remain very committed to our partners here in India and across the APJ region.
Q2. How is Sophos attracting more channel partners to join its channel partner program? Is the company looking at the traditional channel partners or new age partners – the managed service providers (MSPs)? How do you see Sophos’ overall channel ecosystem in India?
Chad Cleevely: We’ve seen amazing, phenomenal growth in India over the last 12 to 20 months. Our business grew over 20% year-on-year in India alone. We service well over 20,000 plus customers here and have active thousands of business partners and several distributors in all the major cities. For us, we continue to see an opportunity for partners that are moving with that shift, that’s starting to happen away from traditional security management of devices and networks and infrastructure. And there’s this movement towards a services-orientated cybersecurity outcome. That includes AI-based managed or hosted services for security operations.
We have seen across the region substantial growth from our MSPs in the last year. Well over 200% adoption increase of MSPs here in India across APJ. We work with well over 1200 MSPs, which are dedicated managed service providers leveraging Sophos solutions, while they deliver cybersecurity to their customers by offering advanced network and endpoint solutions as a managed service.
In addition, we have our managed threat response, which is the threat intelligence and the early warning, notification security service that we plug in for our customers to do the threat hunting, detection, etc., and response to neutralize the attacks for our partners. Besides, the MSPs, we are working with the traditional partners and also starting to see some engagement with the large system integrators (SIs). But MSPs are a big part of our growth strategy.
Q3. Sophos is relying on a mix of partners including MSPs, traditional channel partners, security partners and SIs in India. But do you see the evolution of these traditional partners in terms of tech capabilities like cloud and contributing growth for Sophos in India?
Chad Cleevely: With the traditional partners and how the MSPs are seeing an opportunity, I would say, there’s organic growth within our channel. We see new partners signing up and continuing to see growth in our ecosystem. As I mentioned, we’ve seen roughly 200% growth on our MSPs and that’s coming from a conservative base over the last few years.
Our MSPs are contributing anywhere between 15 to 20% of the channel ecosystem and the rest 80% are still working with us related to software security solutions, network security solutions and cloud. We continue to see a growth adoption as well related to cloud partners. They may not be delivering service or entirely be an MSP using the Sophos solution to deliver service. But they are a Sophos partner using our Sophos Central, which is our synchronised security cloud-based, cloud-hosted security services and solutions for the security of end users, endpoint and devices. So while they may not be delivering it as a service, they certainly are leveraging our cloud-based Sophos central solution.
As we start to see that shift towards services and a growth in our MSPs, we also are addressing digital transformation and cloud adoption – the industry megatrends. Today we’ve introduced advanced detection and response capabilities for the public cloud, which benefits those partners that are helping their customers move to the cloud, and adopt cloud services through digital transformation projects. We now can give them that advanced detection and response so they can then service their Microsoft Azure. Amazon Web Services and Google Cloud customers and offer that detection and investigation using our services. Because we are seeing huge growth in that public cloud and data on the cloud. And so we’ve started to offer more detection and response for them and there’s that opportunity as well for our partners.
While the partners and the IT channel that we work with here at Sophos are stain shops, they’re learning and educating and we help them with a lot of enablement. The challenge remains that the customers in their IT departments and infrastructures still see a lack of skill and resources related to cybersecurity. It is still a challenge today. And that was one of the keynotes out of our recent security threat report for APJ now in 2022.
Q4. How do you see the cybersecurity scenario today, where some organisations are open to MSPs, while others are still gradually moving to the cloud but are comfortable with traditional security vendors? Does this situation create gaps in the overall security and how can partners address it?
Chad Cleevely: This is becoming evident from the market data in the published threat and ransomware reports. Today, cybersecurity risks and threats are becoming unmanageable. They are coming from everywhere. Customers in particular are struggling to cope with the rate of attacks as well as their varying disconnected security systems – not IT systems. But security systems from multiple vendors –from the software point products to the network infrastructure layer and so forth, there’s a big cloud adoption, although not all of them have moved to the public cloud. Some of them are hosting an internal cloud and some have it as a managed service from an MSP. So that continues to be a challenge, amongst a lack of skill and a lack of in-depth security knowledge.
There’s also this challenge of disconnected and high increase in threats and attacks. So for the partners what we see today is that 80% of our partners and customers across APJ use what we call next-gen security. They’re not using the traditional endpoint security, anti-virus or anti-phishing, they’re using next-gen security, which has got predictive learning. It is mostly AI-based and can be centralised and synchronised within our product stack and our portfolio.
We have the Sophos Central dashboard, so our business partners can connect a number of their Next-Gen Security solutions, plug it into their dashboard and then be able to monitor and manage. This is not just in theory or own, but this is the way we’ve been running our synchronised security message for several years. It helps the business partners to then in turn help their customers, while they don’t struggle to cope with all the different security technologies, irrespective of the infrastructure and the network inside. They don’t always have the skill to manage and monitor that, so we plug in our threat intelligence and rapid response.
And last but not least, we plug in our managed threat response to do 24×7 monitoring for them. At least 15 to 20 years ago, companies, particularly, enterprises were starting to adopt security operations centres (SOCs) if they could afford and understood it. Particularly the banks and some governments were building their own SOCs. Today, think about the hundreds of thousands of small businesses just in India. The partners and resellers that work with them but don’t have those security operation infrastructures. They don’t have the people, skills and vast experience.
And that’s when those partners come to Sophos, they connect their customers to our MDR (managed detection and response) service and then they can help them. It takes away all of that upskill in the resource problems, etc., that they have today. So MDR is a big growth for us. It helps bridge the gap for some of those that aren’t ready for managed full-blown MSP service as they can just outsource that. Sophos today is becoming the industry leader in cybersecurity-as-a-service. That’s where our business is going and cybersecurity-as-a-services is a big game changer for us.