The New Era of Integrated Distribution, VC and Investment, and Consultancy

Blurring Boundaries and Unexpected Convergences, Uses Cases.. As a Service Baby!

Hello Cyber Builders 👉🏼

In light of Ross Haleliuk's thought-provoking article, I found myself pondering over the intertwining relationship between distribution models, consulting practices, and investment strategies in the cybersecurity realm. This complex interplay is not just a trend but a significant evolution in how we approach security in the digital age.

In this post, we will unravel the layers of this evolution. We'll explore the growing convergence of previously distinct business sectors, delve into the rise of "as a service" models driven by consumer demands, and examine the changing roles of distributors and investors. We will also look at real-world examples that illustrate these shifts, providing a comprehensive understanding of the current cybersecurity landscape.

In this Post

1. Convergence in Cybersecurity: Exploring how the industry's distribution, investment, and consultancy roles merge.

2. Adoption of "As a Service" Models: Discussing the shift towards MSS and SaaS models driven by user demands.

3. Evolving Roles of Distributors and Investors: Analyzing the changing dynamics in distribution and investment.

4. Case Studies of Industry Change: Highlighting real-world examples like ISTARI and Exclusive Networks to illustrate these shifts.

5. Future Outlook and Implications: Predicting future trends and their impact on business models in cybersecurity.

Previously disconnected businesses are more and more intertwined.

Traditionally, the roles of distributors, consultants, and investors diverged significantly along the value chain. Investors primarily sought early-stage companies with promising founders passionate about navigating their respective problem spaces. The founders’ initial objective is to secure early adopters and complete the first yield. VCs might help with the introduction to CISO they have in their network or at an early stage. Some early-stage VC funds onboard CISOs within their advisory board to expand the initial reach of the companies they invest in. This practice is very well structured in mature ecosystems such as Israel.

On the other hand, later-stage investors, often bound to financial institutions investing in Series B or Series C, aimed for substantial returns on their investments. Most later-stage investors are relatively passive in the company. They also open their address book, but that’s it.

However, this dynamic is changing, as in recent instances like the Instacart IPO, where later-stage investors received minimal returns barring their contractual liquidation preferences. I'd like you to read this extended analysis for complete details.

Is it why VCs of all sizes are now looking to do more? Do they realize they won’t get high returns if they do not help their portfolio company? There are more and more Micro VC, Entrepreneurs Funds, or PreSeed / Seed VC. It shows that the sooner and more active VCs are, the bigger their chance of success in troubled times.

I am providing various ideas for that conversation here. But first, let’s look at the distribution business.

The good and the bad of being a distributor

In the security market, distribution strategies initially mirrored those in the IT industry, focusing on hardware products such as networking appliances, switches, and routers. This required efficient logistics to manage extensive inventories and maintain proximity to customers. Given these products' substantial volume and value, assistance in the sales process was also crucial. These distributors will then manage local resellers, who then resell to end-users. Lastly, in the language or vertical context of the customer, front-line support made the distributor an essential piece in the value chain.

Hence, industry giants like Cisco and Fortinet developed extensive distribution networks across various countries, offering fulfillment services and first-line support to ensure adequate product setup and usage.

Distributors have a constrained business model: they won’t do direct sales to end customers nor too much integration or installation services - they don’t want to compete with the local companies they are fulfilling with products. They won’t either do that new packaging or offering, as the strategy of the cybersecurity software vendor ties them.

Consulting businesses are used to act as trusted advisors without conflict of interest.

Traditionally seen as external advisors, consulting firms have been increasingly playing a pivotal role in shaping business strategies. Originating from sectors like digital transformation, IT, and financial services, these firms have evolved into trusted advisors, aiding executives in strategic planning, project prioritization, and budget allocation. As they grow, their role extends to guiding project management and supplier selection, often compensating for internal resource or skill gaps within client organizations.

They act as a trusted advisor, helping executives to move ahead and build the right strategy, prioritizing their projects and budgets, and deploying that strategy through projects.

To be fully trusted by their clients, consulting firms used to stay aside any business relations with vendors. They might cohost some events on dedicated topics or do some joint whitepapers. Still, consulting firms would not resell any cybersecurity vendor products.

This is how DALL-E sees an investor/VC “actively engaged in cybersecurity distribution and consultancy aspects.”… I am unsure he can stay seated like this!

Convergence is coming

The once-clear boundaries between investors, distributors, and consultants are blurring. Each sector, with its unique background—financial, sales, or technical—is now venturing into adjacent territories to address emerging market needs.

We used to see investors with financial backgrounds, distribution with sales and consulting domain expertise, and technical as project management backgrounds. We must prepare to see companies that “cross the river” and enter other territories.

Let’s look at what is happening on the market and would generalize in the coming years:

• Investors Diversifying into Consulting

• Consulting Firms Embracing Distribution Roles

• Distributors Stepping into Consulting

Investors Diversifying into Consulting

Investors diversifying into consulting is a logical play, especially for late-stage investors looking to help their portfolio companies. They need to make their investment more fruitful. They also have, in general, a tight connection with C-level executives within the Fortune 500 companies to work with them as LPs (or advisors) of their funds. Creating a consulting practice requires them to staff a senior consulting team and then leverage their network of executives.

Once it is done, they will help enterprises - their clients - set up their strategy around many security topics. They will act as an advisor. They will also learn specific organizational issues and business priorities. Ultimately, they could recommend portfolio companies linking that recommendation to the enterprise's strategy. They would gain insights and would probably better pick their following investments.

Consulting Firms Embracing Distribution Roles

Consulting firms embracing distribution roles also makes sense, even if it is less intuitive. As Trusted Advisors, these companies should not do too much implementation work to make sure that they won't be polluted by deployment issues, technical problems, and operations issues. But acting as a trusted advisor speaking to C-level executives, helping them to strategize, plan and select projects, run RFPs, and do governance, has a limited market (still a big one!).

Expanding your reach within your customer base is more critical when you need to grow your overall business. That's why we've seen some consulting firms acting at the MSSP deploying secure operations centers for their customers and running them. That's why we also see some consulting acting as a distributor, selling products, reselling products, and being a distribution channel for product vendors.

Distributors Stepping into Consulting

If you are a prominent distributor, you are selling products to hundreds of local system integrators who sell them to end users and SMEs in the market. These local retailers are often SMEs themselves. They may have 30 to 50 employees, mostly IT technicians, engineers, and salespeople, doing the front-line support to their customers, doing some product deployments over a day or two, and, most of the time, jumping from one urgency to another.

Their business margins are low because even if they get a 30% average reselling the product, they have to do many things for free, including helping customers understand their real issues, helping them structure their projects, and establishing a strategy.

At some point, these retailers do some consulting without even thinking about it! That's why some distributors, one step away from the local retailer and often larger companies, started to think about that and establish consulting practices—having people who can deploy package consulting services to help more significant SMEs plan and structure their security projects.

It's a way for them to get some additional business, but it's also a way to smooth the sales of many of their products.

Some examples to highlight these new moves

ISTARI, the consulting arm of Temasek

A notable example is Temasek, the Singaporean sovereign fund, which has expanded into consulting through its subsidiary, I-STARI. By leveraging its investment portfolio and industry expertise, I-STARI provides strategic insights to top-level executives, facilitating a deeper understanding of investment projects and market dynamics.

ISTARI offers cybersecurity services, including problem definition, solution architecture, and implementation. They prioritize nurturing digital risk leadership and offer continued education through the ISTARI Academy in partnership with CJBS. Innovation is crucial in the ever-evolving threat landscape, and ISTARI curates client-centric investment portfolios based on high-priority needs.

PWC or Deloitte acts as resellers and MSSP

Firms like PWC, Capgemini, and Accenture are crossing traditional boundaries by engaging in more technical roles and even acting as product distributors. While this may challenge their 'trusted advisor' status, it has proven effective in market expansion and client engagement.

For example, Accenture delivers the following Cyber Defense services, including the following major services:

1. Advanced Attack Simulation: Prepare your organization against experienced cyber attackers and reduce your exposure to cyber threats targeting applications, (OT/IOT) devices, and critical resources.

2. Application Security: Accompany, protect, and monitor your company's applications by integrating Security by Design principles into a DevSecOps environment.

3. Forensics Investigations and Crisis Management: React to threats and security incidents that impact business operations with the support of a reactive and expert cyber task force.

4. Cyber Threat Intelligence: Make informed decisions through cyber intelligence to anticipate, prepare for, and effectively respond to operational threats facing your organization.

These services offered by Accenture aim to enhance the security posture of enterprises and address various aspects of cybersecurity.

Exclusive Networks: a large distributor goes to service.

Large distributors have recognized the need to offer more than just products. They now provide consulting services to SMEs for strategic planning and project management. This approach generates additional business and streamlines the sales process for their products.

Exclusive Networks, a global leader in cybersecurity product distribution, provides a comprehensive portfolio of services designed to add value at every stage of the customer lifecycle. Emphasizing a 'services-first' ideology, they go beyond mere distribution to actively create value for their clients. This approach includes:

1. Pre-Sales Consultancy and Implementation: Offering expert guidance from the initial stages to full implementation, they ensure value addition throughout the customer journey.

2. On-Demand Platform: Their platform is designed to streamline technology consumption, propelling businesses towards a subscription-based economy.

3. 24/7 Support and Maintenance: An engineer-led technical response team is available around the clock, providing expert support across various multi-vendor environments.

4. Technical Education: Exclusive Networks offers top-tier technical education, available virtually, remotely, or on-site, keeping clients updated with the latest technology trends.

5. Flexible Financing and Leasing: They provide options for flexible financing and leasing, allowing businesses to release on-hold projects, increase future pipelines, and maintain revenue continuity.

6. Global Services Operations (GSO): Their GSO manages complex, multi-site deployments and projects, offering fully managed logistics in over 195 countries.

7. Managed Security Services Distributor (MSSD): This service offers a zero-investment opportunity for businesses to become Managed Security Service Providers (MSSPs) and generate recurring revenue.

Exclusive Networks empowers reseller partners to grow their businesses, increase profitability, and remain relevant in the rapidly evolving IT market through these services.

The Impact of the "As a Service" Trend on Distribution, Investment, and Consultancy

The "as a service" trend and the consumption-based model are closely connected to the evolving landscape of distribution, investment, and consultancy in the cybersecurity industry. The demand from end users plays a crucial role in shaping the available offerings. Using a security solution should be easy. It must be deployed quickly without a significant upfront investment. End users are not willing to spend months adopting a new technology. They are looking to shorten the installation and integration within existing IT systems. They also lack resources and value turn-key services that can solve urgent pains.

This demand encourages service providers and integrators to adopt a Managed Security Services (MSS) model that combines services, products, and open-source solutions. It is worth mentioning that software vendors adopted the Software as a Service (SaaS) model a few years ago to match that customer demand.

Distributors also play a significant role in meeting the demand for "as a service" solutions. They provide resellers with shared service offerings such as support, hosting, and data management, enabling Value Added Resellers (VARs) to offer "as a service" solutions to their customers without significant investments.

There's a notable shift in expectations on the investment front, especially at the Seed/Series A funding stages. Investors are now expected to add more value to their investments beyond mere financial support. This involves offering strategic guidance and consultancy services, aiding their portfolio companies in achieving success.

DALL-E needs clarification on this post!!

Concluding Remarks and Looking Ahead: The Future of Business Models in Security

The security sector, particularly post-COVID, has witnessed a surge in startups and significant investments, leading to a complex and diverse market. This environment necessitates innovative business models that blend traditional roles with new services. The increasing interplay among distribution, investment, and consulting signifies a shift towards more integrated and adaptable business strategies.

This exploration into the changing dynamics of the tech industry underlines businesses' need to adapt and innovate continuously. Integrating distribution, investment, and consultancy roles offers a comprehensive approach to addressing the multifaceted needs of SMEs and large enterprises.

Your insights and experiences are invaluable. Please share your thoughts and join the discussion below (please comment below). Let's collaboratively explore these evolving dynamics and shape our understanding of the future of cybersecurity.

I appreciate your support, and I look forward to our continued dialogue.

Laurent 💚