Does the Channel Matter Anymore in a Shift Left World?

The evolution of the security channel eco-system 

Why security companies need to rely on channel partners to survive the shift left movement 

Though technology is always evolving and advancing, there have been a few seismic shifts in recent years that have compelled companies to rethink their channels and routes to market, especially in the security space. These massive changes forced security companies to adapt and answer to the ever-changing needs of their clients. To stay afloat and keep customer data truly safe, these companies often need to lean on channel partners to fill in knowledge and expertise gaps.

Major shifts in technology 

Early on, most software companies managed security in-house. But as the threat landscape became more complex, many businesses, especially small and midsized companies, started outsourcing their security efforts to third-party security advisors. During this period, security firms needed to have a solid understanding of security hardware and how to physically implement it.

Then, everything moved to the cloud, and once again, the security industry had to pivot towards finding ways to keep data safe that was being stored in a new way. Service providers who were experts in security hardware needed to learn about remote monitoring and how to virtually deliver solutions to customers. No small tasks, these security firms started outsourcing cloud-based security tasks to third-party providers until they developed that expertise in-house. 

Most recently, we’ve seen the start of the shift left movement, where there’s a demand to embed security deeper and deeper into the development of IoT devices, software and applications. Because technology is fundamental to most businesses, the shift left will have a huge impact on nearly every industry. 

So, what is the shift left? 

In the development cycle, data security is typically an afterthought and left to other teams like infrastructure to secure. Developers build an application and the security team tests it post-production and the infrastructure team puts security solutions around the data. Developers aren’t typically experts in security and it’s an easy thing to get wrong, so companies rely on other groups to secure the data from applications. 

With near constant news stories about data breaches and calls for increased regulations around data, many companies started integrating security earlier in the development process—or shifting left. This means that security is becoming a fundamental part of the software itself. Generally, companies with robust security teams should fare well, but many others will turn to their security advisors for help securing their products on a more fundamental level. 

How security companies can keep pace

This will be a significant shift for traditional security companies that are currently helping build secure infrastructures. They’ll need to determine how and where to add value because it will no longer be enough to secure the perimeter of the network from a data breach. Security companies will need to go back further and talk to developers about where the real vulnerabilities lie in order to secure applications and data on a more fundamental level. They’ll need to identify where the data is being generated, where it’s being consumed, where it’s being stored, which apps are using it and how. 

This, in turn, will alter the way security companies find new opportunities, hire sales staff and market their services. There will be another layer of expertise required of both sales and marketing folks to be able to speak with developers about how their company can help solve common issues. Unlike the traditional C-suite client, developers need to see the technical value of a product and test it in a sandbox environment before putting it into production. The green-light to go ahead before the purchase of API-based solutions will in a majority of cases sit with the developer. Freemium models are becoming more popular and new financial models will emerge as it will become increasingly difficult to sell a three-year license and attach support and services on later. Moving forward, there will need to be a sustained sales effort in order to help companies understand how to embed security into the software they’re creating. 

Partnering with security software experts 

Channel partners have an incredible opportunity to help customers secure their data without actually touching or seeing the data. If they embrace the shift left movement and scale up their expertise in that area—or outsource that piece of the puzzle—they’ll be able to catch this next wave and continue to navigate the constantly evolving security landscape. Much like the move to cloud-based technology, it will require significant change to stay afloat and likely a partnership with a technology company that can offer expertise in the security-as-code culture. 

At Ubiq our API-based security software helps developers code more secure applications. We made the decision to launch with a channel-first, partner-centric model where we partner with trusted security advisors and technology partners who are trying to keep pace with the constantly evolving security landscape and know that shifting left is the next step towards helping customers truly secure their data. 

Follow our journey at Ubiq www.ubiqsecurity.com