For Managed Service Providers, ESG is Spelled “E$G”
Or at least it should be. There’s big money for them in the “environmental” part of ESG services, and danger in ignoring it.
Let me make clear upfront that I wholeheartedly endorsed environmental sustainability even before this year’s record-breaking tally of extremely expensive climate-related disasters, not to mention the difficult time many Americans had, you know, breathing recently thanks to massive wildfires at least partly fueled by rising temperatures. Combatting climate change is an end in itself. It needs no further justification.
Is it such a terrible thing, though, if channel partners make a little money at it too?
I think not, and have been reporting about it for a little while now. Turns out I may be later to the topic than I realized, though. Consider:
Global spending on environmental, social, and governance (ESG) business services will grow at a 14.9% CAGR from $37.7 billion this year to nearly $65 billion in 2027, according to IDC, making it “one of the fastest-growing spaces in the business world.”
A third of IT providers in North America offer ESG reporting and accreditation services today and another 31% plan to add them in the next 24 months, per data from TD SYNNEX published just last week.
The North American focus of that last stat is significant because we trail the rest of the world on this kind of thing over here. In fact, 55% of North American channel partners track no sustainability KPIs whatsoever, according to recent data from Canalys. Rachel Brindley (pictured), a senior director at Canalys who leads its sustainable channels analysis research program, sees a silver lining in that disappointing data point, however.
“The good side is there’s 45% that are tracking some metrics,” she says.
That’s significant progress, spurred in part by a parade of new state-level environmental regulations (and not just in California). The EU begins enforcing the Corporate Sustainability Reporting Directive in January furthermore, and a la GDPR, a lot of businesses on this side of the Atlantic will be impacted too.
Then there’s this: banks are increasingly raising interest rates on borrowers left vulnerable to regulatory penalties by a lack of sustainability policies. “If over the long term you don’t have an ESG strategy, you will be viewed as a risk,” says Elsa Nightingale, principal ESG analyst at Canalys.
For precisely that reason, MSPs who might sell to private equity someday should think seriously about introducing an ESG policy of their own, because it could be required before long. “At the very top echelons, you’ll have private equity firms mandating that every single one of their portfolio companies set science-based targets or create ESG strategies,” Nightingale says.
Indeed, initial signatories to the Science Based Targets Initiative two years ago included six PE firms with a collective €133 billion under management, for reasons having nothing to do with bleeding hearts. According to Deloitte, businesses that raise their ESG score by 10 points enjoy a roughly 1.8x EBITDA bump.
Last but far from least, conversations with MSPs suggest that ESG isn’t a concern among big businesses alone any longer, according to Amol Dalvi, vice president of product at cloud management vendor Nerdio. “SMB customers are asking them about it as well,” he says. “It’s coming up a lot more.”
Wait, weren’t you going to talk about making money on ESG?
Yes, and thanks for sticking around until I got there. As I’ve written before, hardware at the end of its lifecycle is often still worth 20-30% of its original sticker price, which means SMBs are dumping a lot of money in landfills. Ingram Micro’s IT asset disposition (ITAD) program has been helping resellers capture some of that otherwise lost value during refresh cycles for years, and TD SYNNEX launched an ITAD alliance with Dynamic Lifecycle Innovations last Monday.
Hardware makers such as Dell and HP have programs of their own, moreover, and 740 partners have earned Cisco’s environmental sustainability specialization since its debut last April, making it the fastest growing specialization in company history. “The ability to do refresh, resell, refurbish is becoming much more commercialized,” Brindley observes.
The more intriguing, if still nascent, market is in services. Per Canalys, 35% of channel partners worldwide already perform energy assessments for clients eager to know how much power their hardware uses and how much power they could save by deploying more efficient models, for example.
“But it’s also then the monitoring and management, being able to turn lights off in the data center if it’s not being used, turning lights off in buildings, turning air conditioning off in buildings,” Brindley adds. “If you’re able to say, ‘I can save you X% of your energy usage and energy bill,’ it’s a really compelling opportunity for an MSP.”
Pursuing that opportunity requires some investment in skills and possibly tools, according to Brindley, but not a lot. “It’s a relatively low bar,” she says.
For his part, Dalvi (pictured) doesn’t discuss global warming with Nerdio partners solely because he’s haunted by how much electricity and water AI is poised to consume, though he is. “Our MSPs are coming to us with a problem,” he says. “We need to show energy savings, or we need to show our commitment to ESG.”
As a result, Nerdio plans to supplement reporting tools in its Manager for MSP platform for topics like compute and storage consumption with carbon emission metrics. “Being able to report that is going to be quite interesting,” Dalvi says.
There’s plenty you can do immediately too. Desktop-as-a-service offerings run on heavily utilized, state-of-the-art infrastructure that scales resources up and down dynamically based on changing requirements, which makes the Azure Virtual Desktop and Windows 365 deployments Nerdio supports more energy-efficient and environmentally responsible than physical machines, Dalvi notes. IT providers can use that fact to their advantage.
“MSPs are working in a very competitive environment,” he says. “Being able to talk this up differentiates them and goes to something that is very important to certain customers.”
Those customers will only multiply over time, moreover, as today’s twenty-somethings become tomorrow’s business leaders. “The next generation has certain desires around ESG, and as they enter the workforce and as they move into decision-making positions, I believe they will bring those ESG requirements to the products they are building and to the vendors they are buying from,” Dalvi says.
Or as Brindley more succinctly puts it, channel partners need to start building their ESG strategy today if they wish to be relevant tomorrow. “If you’re not acting, you’re likely to be left behind,” she says.
N-able attacks the attack surface management market
I try to attend the RSA Conference in San Francisco every spring, mostly to interview a bunch of security vendors but also to hunt the show floor for buzzy, up-and-coming market segments. One that caught my eye last year was attack surface management, which showed up enough times in enough places for me to start asking the experts I met with about it.
“I think it’s awesome,” said John Hammond, a senior security researcher at Huntress, about ASM’s sudden vogue. “In my mind that brings us back to the foundations of the NIST cybersecurity framework—identify and know what your assets are.”
Alberto Yepez, co-founder and managing director of venture capital firm Forgepoint, was similarly bullish, which is why the company (in addition to helping get Huntress off the ground, as it happens) has a stake in ASM specialist Bishop Fox. “It’s one of the biggest market opportunities,” Yepez said.
Biggest and fastest growing market opportunities, it seems. A few months after my conversation with Yepez, IDC predicted that attack surface management sales would grow at a 17.5% CAGR through 2026 to just shy of $931 million.
In fact, you could argue that the only thing in security growing faster than ASM spending lately is attack surface, which has expanded in recent years beyond PCs and network gear to SaaS solutions, cloud infrastructure, web applications, mobile devices, IoT gizmos, home Wi-Fi equipment, and beyond. As a result, 76% of organizations surveyed by Enterprise Strategy Group earlier this year on behalf of ASM vendor Randori had experienced an attack due to an “unknown, unmanaged, or poorly managed internet-facing asset.”
Somehow, though, all that need and enthusiasm for tools that find internet-facing assets and watch them for vulnerabilities never quite reached the SMB space. Microsoft has a solution, as does Cyberint. Bitdefender recently rolled out new attack surface monitoring functionality based on technology acquired earlier this year along with Horangi Cyber Security. But you probably haven’t heard a lot about the topic beyond that.
Troels Rasmussen, general manager of security products at N-able, is pretty sure he knows why—most of today’s ASM products are the cybersecurity equivalent of Formula 1 race cars.
“A Formula 1 car goes very fast,” he says. “It’s one of the most impressive pieces of engineering that exists, but most normal drivers wouldn’t be able to take it around the track because it’s so hard to drive.”
The new attack surface management tool N-able rolled out this week, which is based on software from SentinelOne, is designed to be more like the kind of high-end sports car a regular person could safely enjoy.
“The SentinelOne offering does a good job of bringing power, but in an executable way,” Rasmussen says.
Like the SentinelOne-based EDR solution N-able introduced in 2019 and the SentinelOne-based managed EDR service it added earlier this year, the new ASM system is also a multi-tenant tool closely integrated with N-able’s RMM software.
“What we’re trying to do is make management, and also management of security, as efficient and transparent and easy for the MSP as possible,” Rasmussen says. And more affordable than enterprise-oriented products from the likes of CrowdStrike and Mandiant too, he adds.
“Whenever we bring partnered solutions or features in, we always package and price it in a way that makes it easy to consume for the MSPs, but also allows them to price and package it in a way that supports their business model,” Rasmussen says.
A harbinger of things to come in SMB security? We’re eager to see.
Trend Micro’s new machine for turning VARs into MSPs
It occurs to me that one vendor I failed to include in my list of companies doing ASM for SMB is Trend Micro, which has included what it calls attack surface risk management in its Vision One suite for a long while.
Last week, the company became one of many in recent months along with Barracuda and SonicWall to unveil revamped partner programs designed to reflect the newfound importance in the channel of MSPs, MSSPs, and MDR providers relative to traditional resellers.
“Things are changing in cyber security, which reflects changes in the way we need to go to market with our partners,” says Louise McEvoy (pictured), Trend’s vice president of U.S. channel.
The changes most on Trend Micro’s mind, in addition to the wider attack surface we’ve already discussed, include the mounting sophistication of today’s threat landscape, the continuing difficulties of getting and using cyberinsurance, and the rising role of artificial intelligence in protecting end users. The new Trend Partner Program includes a range of services-heavy competencies designed to help VARs tackle those and other challenges.
“We’re not doing away with those partners. We’re looking for them to upskill,” McEvoy explains. That’s what they want too, she adds.
“Resellers recognize that they need to change the way in which they do business because their end customers are not looking for just a resell model,” McEvoy says. “They’re looking for partners to do something more to help them.”
Competencies in the revised program cover cloud security, operational technology (aka OT), network security, managed services, and incident response. The more competencies a partner gets, the higher they go in the new program, which features registered, skilled, expert, and elite tiers.
The program rewards members for earning training certifications as well as competencies, and for driving sales too. “If they’re bringing in new logos, if they’re doing additional services, if they’re going deep into some niche market or competency, they’ll have back-end rebates and front-end rebates,” McEvoy says.
Trend Micro’s big, labor-intensive bet on cloud marketplaces
This is all good stuff for current or potential Trend Micro partners to know about, but I’ll confess that the most interesting part of my conversation with McEvoy is when she shared the vendor’s cloud marketplace strategy.
You remember marketplaces, right? They’re the red-hot cloud buying sites run by AWS, Microsoft, and others that will be doing over $45 billion in business by 2025 following three years of 84% compound annual revenue growth, according to Canalys analyst Jay McBain. There’s no slowing that freight train down, realistically, but climbing aboard without breaking a channel-first or only sales model remains complicated, as Veeam’s global channel chief Larissa Crandall discussed with me a few months ago. Marketplaces (with an emerging exception or two) aren’t channel-friendly.
Indeed, one reason end users prefer service providers over resellers these days, according to McEvoy, is that they no longer have use for partners who merely transact sales. “They can go in a marketplace and purchase a license on a marketplace without a partner,” McEvoy notes. And that is not what Trend Micro wants.
“We’re not looking to go direct at all,” McEvoy says. “We’re a cybersecurity company. That’s our bread and butter. We don’t want to invest in operations, back end, legal, procurement, finance, etc.”
Trend’s strategy for avoiding that fate on the AWS marketplace in particular hinges on channel partner private offers, or CPPOs. Unlike “regular” private offers, which help buyers and vendors negotiate deals, CPPOs facilitate deal-making between buyers and partners.
So why isn’t every vendor with a channel leveraging CPPOs? Because becoming one takes a lot of time and effort, so much in fact that Trend currently has a full-time employee doing nothing but walk partners through the onboarding process. A few thousand partners globally have made it to the other side so far, and it’ll be a while before the rest of them (the company has 147,000 profiled partners worldwide) join them.
“I’m looking to onboard at least 100 new existing partners who are not on CPPO per month,” McEvoy says. “It’s a lot of administrative work.”
Worth the investment, according to Trend Micro (which has something similar underway with Microsoft’s Azure Marketplace), but not cheap. It’ll be interesting to see how many other vendors adopt that model, and what alternatives they devise.
Also worth noting
True channelholics will find this amazing new vendor map from Channel Program and Syncro as mesmerizing as I do.
Acronis has a new integration technology designed to make linking its solutions with products from other vendors a lot easier.
OpenText has a new partner program to match its new partner-first security sales policy.
Check Point is the latest addition to D&H’s line card.
BlackBerry has new endpoint management tools for fields with lots of endpoints and relatively few management tools, IoT and edge computing.
Egnyte’s new “Document Room” feature is designed to be a more intuitive means of sharing documents securely with third parties than virtual data rooms.
At its annual user conference this week, Dropbox unveiled…well, more than we have space to list here, so check this out instead.
Nikhil Harsh, previously of Datto, is now senior vice president of sales and revenue operations at Cytracom.