Channel Marker


January 22, 2020  8:28 PM

Clients deem MSSP companies ineffective in supporting SOCs

Spencer Smith Spencer Smith Profile: Spencer Smith
Channel partners, cybersecurity, Managed security services

MSSP companies appear to be missing the mark with customers that have in-house SOCs, according to a new security operations center benchmarking study by Ponemon Institute.

The study, sponsored by Respond Software, a security operations software vendor, surveyed 657 IT and IT security practitioners at organizations with in-house SOCs. The study showed that despite organizations investing heavily in SOCs, results of those investments were largely disappointing. Only 51% of the survey respondents said they were satisfied with their SOC’s effectiveness in detecting cyberattacks. Of the 51% of respondents that said their organization partially or completely outsources its SOC to a managed security service provider (MSSP), only 17% said their MSSP was highly effective, while 42% said rated their MSSP as effective.

More surprisingly, the study found that organizations spend an average of $2.86 million per year on their in-house SOCs. Yet when they outsourced to an MSSP, costs increased to $4.44 million annually — countering the expectation that outsourcing would reduce expenses.

Dan Lamorena, vice president of marketing at Respond Software, based in Mountain View, Calif., said the study suggests MSSP companies would do well to focus more on their customers’ personnel challenges rather than solely the technology. The costs of hiring, training and retaining SOC teams emerged as a key pain point among survey respondents. About half of a SOC budget goes toward personnel, he said.

“I think what we realized is that one of the biggest challenges people have is around people. They can’t hire enough people. … Once you hire them, they leave or they are expecting big pay raises. The cost of constantly keeping up with the people side of the SOC is a big challenge,” Lamorena said.

He noted MSSPs experience many of the same staffing challenges as the organizations polled by the study.

MSSP companies could do more to help customers train and retain SOC teams and ensure their SOC technology is benefiting them, Lamorena added. “We have been selling [customers] SIEM tools, SOAR tools and automation tools, and I think we forgot a lot of the people element of it.”

January 17, 2020  6:20 PM

Systems integrators emerge as key mobile SFA channel

John Moore John Moore Profile: John Moore
Channel, Mobile applications, Resellers, SFA, systems integrators

The mobilized sales force automation market will edge toward $4 billion by 2023 and systems integrators will serve as the main channel partner in that growing field.

A report from Frost & Sullivan, a market research firm based in Santa Clara, Calif., forecasts the North American mobile SFA market to grow at a compound annual rate of 15% over the next three years, reaching $3.68 billion from the current baseline of $1.83 billion. Mobile SFA offerings aim to support sales personnel in the field, letting sales teams access customer and product data through their smartphones and tablets.

The Frost & Sullivan report, released Jan. 14, examined distribution channels as well as general market trends. Jeanine Sterling, industry director, information and communication technologies, at Frost & Sullivan, cited systems integrators (SIs) as the key channel partner conduit for mobile SFA technology.

“Systems integrators remain the top channel partner at this time, bringing integration expertise, new geographic areas/regions, and upmarket prospects to the table,” she said. “SIs act as consultants and can work with businesses to customize SFA solutions to address the specific needs of their business customers.”

Vendors providing mobile SFA solutions range from mobile-oriented SFA specialists to larger vendors that provide mobile capabilities within broader product suites.

Other routes to market

Other channel partners include resellers, which Sterling said “fill any voids the SFA provider is experiencing, usually in terms of needed geographic coverage or expertise regarding the needs of a specific industry.” A bit more than half of mobile SFA revenue originates with channel partners, she added.

Beyond channel partners, mobile SFA routes to market include application storefronts and direct sales.  Prospective customers of all sizes use application storefronts, which Sterling said are especially critical for reaching down-market buyers.

Sterling said she anticipates SIs, which target mid-sized and larger businesses, will remain the major channel partner driving SFA sales going forward. Integrators’ North American market share is expected to increase year-over-year while the share of SFA direct sales decreases slightly, she noted.

“Systems integrators tend to have embedded customer bases that are prime candidates for mobilized solutions, including SFA,” Sterling said.

Channel conflict for integration services?

Frost & Sullivan research points to considerable demand for integration services in the mobile SFA market.  Slightly more than a third of the respondents to the company’s Global Enterprise Digital Solutions Survey said their mobile SFA products need additional integration with other company systems. Sterling said that response indicates a “large revenue opportunity” for professional integration services.

SFA vendors are responding to market demand, “ensuring a high level of integration” with customers’ CRM systems, Sterling noted. SFA vendors also have an opportunity to boost growth through monetizing their customization and integration services, she added.

But will systems integrators bump into SFA vendors providing similar services? Sterling said mobile SFA vendors, to date, “appear to have done a good, proactive job of avoiding serious conflicts around integration and customization services.” She said vendors have been able to select partners that address geographies and industries not already targets of their direct sales teams.

Vendor practices for avoiding future disputes include clearly defined channel-  partner strategies, careful evaluation of new partners and the use of sales team incentives that discourage channel conflict, according to Sterling.


January 14, 2020  3:21 PM

MSP business trends, from e-waste to virtual warehouses

John Moore John Moore Profile: John Moore
Channel, Cloud distribution, e-waste, IT trends, MSP, regulatory compliance

MSP business trends expected to take off this year include industry-specific AI opportunities, an uptick in cloud-native development and the near-constant need to update employees on emerging technologies.

Fields such as computer vision, multi-cloud deployment and corporate IT training are poised to rank among the key themes for managed service providers (MSPs) in 2020. But those won’t be the only notable developments. Here are a few other items to keep on the MSP business radar:

E-waste as a channel opportunity

IT asset disposition isn’t new and some channel partners have been working with customers to safely rid themselves of out-of-date or redundant servers, storage devices and other equipment. What is new is a growing interest in sustainability efforts amid a global glut of e-waste.

Blancco Technology Group, a data erasure technology company based in Austin, Texas, contends the world faces an e-waste crisis. Christina Walker, global director of channel sales and partner programs at Blancco, citing World Economic Forum data, noted the current 50 million tons of e-waste produced annually could rise to 120 million tons by 2050, unless efforts are put in place to stem the tide of digital detritus.

E-waste is receiving regulatory attention. Walker cited the European Union’s energy-related products regulations, also known as Ecodesign, which she said are “serving as models for similar laws and regulations” in the U.S.

The upshot for service providers is an opportunity to help customers sell or recycle their unwanted IT assets and cleanse equipment of any lingering data before disposition, Walker noted. Partners might find new revenue streams in this process.

Distributors as cloud purveyors

Distributors have served as physical warehouses for channel partners for years, providing a range of hardware and software products. The rise of cloud computing, however, is changing the traditional distributor business model.

A report from the Global Technology Distribution Council (GTDC), a Tampa, Fla., consortium that represents tech distributors, points to “virtual warehouse” services as the future of distribution. GTDC-commissioned research polled MSP business firms, solution providers, emerging technology companies, original equipment manufacturers, venture capitalists and end customers. Respondents projected virtual warehouse support for SaaS and cloud offerings as distributors’ top supply-chain capability in 2025.

That said, respondents to GTDC’s Tech Distribution 2025 survey also suggested distributors’ traditional services — such as integration, logistics, inventory management and asset lifecycle — will continue to prove important.

Distributors already have made some headway into the cloud, offering specialized marketplaces and clusters of cloud offerings around platforms such as Microsoft Office 365.

Ripple effects from CCPA

The California Consumer Privacy Act (CCPA), which went into effect in January, will influence the MSP business this year and beyond. Industry, for starters, can expect to see litigation. “The legal system in the U.S. will precipitate some high-profile cases involving [CCPA] in 2020,” said Nigel Tozer, solutions director EMEA at backup and recovery vendor Commvault, based in Tinton Falls, N.J. Tozer noted CCPA doesn’t permit class-action suits, but added a successful case will have a knock-on effect, creating an opening for “high numbers of plaintiffs.”

Blancco’s Walker pointed to another possible CCPA ripple effect: the emergence of additional state privacy laws. “We expect other states will likely enact similar privacy legislation, so MSPs should be prepared to help their customers that must comply with new regulations,” she said.


December 31, 2019  5:08 PM

RPA software, partner program updates top 2019 blog posts

Spencer Smith Spencer Smith Profile: Spencer Smith
Channel partners, ConnectWise, Digital transformation, IT Managed Service, MSP, robotic process automation

As 2019 draws to a close, we’ve rounded up our 10 most-read Channel Marker blog posts from the year. The articles below highlight several technology areas, including robotic process automation (RPA) software, MSP software tools and cybersecurity, as well as moves by channel heavyweights. Stay tuned for more coverage and commentary on Channel Marker in 2020.

1. RPA software may fall short of expectations

Some organizations view RPA software as the tool of choice for their digital transformation efforts. However, Pegasystems’ vice president of digital automation and robotics, Francis Carden, asserted that RPA software deployments pose a range of limitations.

2. Online RPA marketplace expands prospect for ISVs, SIs

Automation Anywhere’s online Bot Store debuted in March 2018 and currently provides more than 500 software bot and digital worker products. The RPA software vendor said it aims to create more Bot Store opportunities for ISVs and systems integrators with a bot-monetization program.

3. ConnectWise acquired by Thoma Bravo, names new CEO

MSP software company ConnectWise had a busy 2019. In February, ConnectWise agreed to be acquired by private equity investment firm Thoma Bravo. As a result, ConnectWise named a new CEO and restructured. Later in the year, ConnectWise revealed it would acquire rival Continuum, also owned by Thoma Bravo.

4. Dell EMC enters FY20 confident in channel approach

Dell EMC headed into its 2019 Global Partner Summit boasting healthy channel sales. Cheryl Cook, senior vice president of global partner marketing at Dell EMC, attributed the company’s positive financial results to its consistent channel strategy and partner program.

5. Digital transformation hits snags, empowering IT consultants

Enterprise digital transformation projects are plagued by organizational and technology challenges, according to multiple studies. The troubled state of these projects provides a clear role for IT consultants, which can help organizations navigate the many options and potential pitfalls.

6. IBM doubles-down on ecosystem strategy

IBM continued to invest in channel resources to support a variety of partner business models. New developments included a partner matchmaking tool to encourage collaboration, a program for managed security service providers, and partner training updates.

7. Citrix’s cloud transition gets boost from partners

Citrix partners are contributing to the company’s expansion beyond its traditional virtualization products and into cloud and subscription-based services. The types of partners involved in Citrix’s cloud business run the gamut from large global systems integrators to services providers in the SMB space.

8. MSPs find new tool option in ServiceNow, LogicMonitor

MSPs have a new option for deploying software to automate their core functions. Instead of using best-in-class systems or integrated MSP software suites, some MSPs have paired ServiceNow’s IT service management product with LogicMonitor’s performance monitoring technology.

9. Cybersecurity rises to the top of customers’ concerns

Cybersecurity became a front-and-center issue for channel partners and their customers in 2019. A study by Insight Enterprise Inc. reinforced the demand for cybersecurity expertise, as IT professionals ranked security as the top challenge in several IT areas.

10. Dell Technologies program updates highlight cross-selling potential

Dell Technologies said its partners are benefiting from the cross-selling potential of the company’s broad technology portfolio. According to Winslow Technology Group, a Dell partner, the tighter integration of Dell’s strategically aligned businesses is a boon for its business.


December 16, 2019  2:08 PM

Clarity Insights to bolster Accenture’s AI consulting

John Moore John Moore Profile: John Moore
Artificial intelligence, Channel, Data Science, IT Consulting

Accenture’s agreement to acquire Clarity Insights, an AI consulting and data science firm based in Chicago, will add personnel and IP at a time when customers are struggling to scale AI deployments.

An Accenture study published in November revealed the criticality of AI to large enterprises. The company said 76% of 1,500 C-level executives surveyed grapple with scaling AI beyond proof-of-concept projects. A similar percentage of respondents said they “risk going out of business” in the next five years if they are unable to scale the technology, according to Accenture. The survey polled executives in organizations with at least $1 billion in revenue.

Against that backdrop, the pending Clarity Insights deal would provide 350 employees and a number of “accelerators,” which Accenture said help organizations speed up the task of generating value from their data. Those resources will reside in Accenture’s Applied Intelligence business.

Clarity Insights’ data scientists and machine learning engineers will bolster Accenture’s North American AI consulting workforce.  The companies’ pursuit of accelerators is another area of convergence.

“We also share the same view that, to be competitive, you need to invest in industry-specific accelerators,” said John Matchette, managing director, North America lead, Accenture Applied Intelligence.

He said Accenture already has a portfolio of accelerators, noting that Clarity Insights’ focus on industries such as healthcare and financial services will provide additional assets and expertise.

Accenture isn’t alone among consultancies in pursuing AI deals. In September, InterVision, an IT service provider, acquired AI consulting and analytics firm SeyVu. Expect more transactions to follow in 2020 as service providers gear up to help their clients push beyond AI pilots.


December 6, 2019  8:57 PM

MSP automation taps PowerShell as multi-tool

John Moore John Moore Profile: John Moore
Automation, Channel, Managed Services, MSP, Powershell

PowerShell serves as the Swiss army knife of MSP automation.

Indeed, Microsoft’s PowerShell scripting language has become a highly versatile tool for managed service providers (MSPs). PowerShell scripts plays multiple roles, including in software installation and integration, report creation, policy enforcement, customer onboarding and new user account creation. An MSP’s imagination is perhaps the only limit on PowerShell’s applicability.

Wider use of PowerShell and automation, in general, has critical implications for MSPs. A service provider’s efficiency and profitability increasingly depends on its ability to minimize manual tasks. Automation’s benefits cut to the bottom line when MSPs devote fewer technician-hours to on-site client work or shrink the volume of mundane administrative chores. MSP automation also helps service providers manage the daily challenge of juggling multiple customers and their varied IT environments.

Multiple roles

Shawn Sachs, senior solutions architect at Generation IX, an MSP based in Culver City, Calif., has written numerous PowerShell scripts, covering use cases such as software integration and reporting. But his use of PowerShell continues to evolve. Sachs said he is now considering pursuing configuration management through PowerShell.

To that end, Microsoft offers Desired State Configuration (DSC) as a configuration management tool within PowerShell. DSC, which Sachs likened to Ansible and Chef, revolves around PowerShell scripts that describe an IT environment — devices such as servers and their particular attributes. DSC’s monitoring capabilities check the configuration for continued compliance.

In addition, Sachs said he plans to look into PowerShell for Mac OS X. “I’m very curious to see how that is going to change the game as far as Mac management and bringing Macs into enterprise environments,” he said.

Cultural change via MSP automation

PowerShell’s use as an MSP automation multi-tool marks a cultural shift. Many MSPs originally pursued a break/fix business model: they waited for something at the customer’s location to fail and then provided services. That approach encouraged service providers to focus on hourly rates and making sure technicians were as close to 100% billable as possible. Automation wasn’t particularly essential to that formula.

MSPs, however, are transitioning from a billable-hours mentality to “all-you-can-eat” pricing and monthly recurring revenue, noted Brett Cheloff, vice president for ConnectWise’s Automate remote monitoring and management product. The emphasis now is on spending the least amount of time with customers, while still making sure their systems are well-maintained and running properly.

“It’s completely inverted,” Cheloff said, referring to MSPs’ business philosophy.

Automation works in lockstep with MSPs’ emerging service-delivery methods and pricing models. Look for PowerShell, low-code/no-code offerings and robotic process automation to grow in importance among service providers.


November 27, 2019  9:53 PM

Understanding co-managed IT services

Spencer Smith Spencer Smith Profile: Spencer Smith
Managed service providers, Managed Services, MSP

MSPs sometimes avoid prospective clients that already have internal IT staff, but by taking the co-managed IT services approach, they don’t have to.

That’s according to Bob Coppedge, owner of Simplex-IT, an MSP based in Stow, Ohio. Co-managed IT services, or CoMITS, is a model for developing mutually supportive relationships with customers’ internal IT teams. Coppedge has helped pioneer the strategy, even writing a book on the subject. He discussed the CoMITS approach at the IT Nation Connect conference, held Oct. 30 to Nov.  1 in Orlando, Fla.

“In my opinion, with some very critical exceptions, most MSPs can do this,” Coppedge said of CoMITS in a conference session.

Internal IT teams and MSPs very often regard each other in a competitive, adversarial light, Coppedge said. The presence of an MSP can be threatening to internal IT people, giving them the impression that their value or even their jobs are at risk. MSPs often don’t do much to dispel these concerns. “One of the problems is, for the last 10 years, MSPs have been by default walking in and going, ‘Oh, you’re the IT person. … I’m more efficient …. more effective … [and] up-to-date,’ ” he said.

“By and large, IT people … expect [MSPs] to be adversarial, because they are coming in and doing stuff that they can’t, and usually not showing them how,” Coppedge added.

CoMITS aims to help MSPs create a win-win relationship with the internal IT staff. The approach that Coppedge advocates involves forming a tight partnership with IT staff and sharing abundantly with the team. He said MSPs can share their best practices, methodologies as well as access to their tools. In part, CoMITS looks to instill the idea among IT people that they remain owners of the IT. “It is still their IT. We aren’t taking it away. We are partnering with them and making it better,” he said. “They can … say, ‘We did it.’ … This is critical. … You can actually be a mentor to the internal IT to make them stronger.”

Co-managed IT services “can be a fantastic relationship builder for organizations if you do it right,” Coppedge said.


November 27, 2019  8:20 PM

MBX Systems reinvents itself in computer hardware manufacturing

Spencer Smith Spencer Smith Profile: Spencer Smith
Business model, Manufacturing, Vertical markets

Twenty-five-year-old MBX Systems, a computer hardware manufacturer, is an example of how technology companies can continually adapt to the ever-changing marketplace.

In 1995, the organization started in the consumer space as Drive Express (later Motherboard Express), focused on selling technology components to enthusiasts building their own hardware systems. As the market commoditized, the company pivoted to building and selling systems, before seeing a need to pivot again as Dell and Gateway gained dominance. In the early 2000s, MBX Systems identified an opportunity in the emerging market for enterprise dedicated-use systems.

“We transitioned completely out of the consumer market and then into the enterprise market. … We have been really focused in that area of dedicated-use systems since then,” said Chris Tucker, president of MBX Systems, headquartered in Libertyville, Ill.

Since making the enterprise shift, MBX Systems has continually modified its approach to keep solid footing. Today, the company is pursuing a deep vertical market strategy and differentiating itself with manufacturing orchestration software it developed internally.

Responding to changing customer preferences

In 2017, MBX Systems took note of a couple of market trends to which it saw a need to respond.

The first trend was its software provider customers moving toward alternative deployment methods, such as cloud computing, virtualization and containers, Tucker said. Customers had begun distributing their deployments much more broadly, making them less dependent on the hardware that MBX provided. As a result, MBX rapidly lost spending from “a decent portion” of its customers, he said.

The second trend was that customers wanted to consume data in a different way than before. “We were getting more questions, a higher expectation of information and a higher level of granularity” in the information requested, Tucker said. He noted that customers sought a level of transparency  similar to what Amazon provides consumers, where an Amazon buyer can see each step of an order’s journey, from purchase to delivery. “People were asking for that same level of granularity from us as a manufacturer or integrator of products.”

Taking these trends into account, MBX retooled its focus.

Hardware in search of a market

The first adjustments MBX Systems made were to the customer segments it targets. The company started looking at market segments that require on-premises, high-performance needs, Tucker said. The investigation led MBX to zero in on niche vertical markets, ultimately choosing three to invest in: the video streaming segment of the broadcast market, flight simulation and physical security surveillance.

“Over the course of two or three years, we transitioned most of our business out of those traditional markets and into these markets where the hardware was still required,” Tucker said.

Tucker said MBX “took a very structured approach” to entering the vertical markets over a two-year period. In the first year, MBX focused on identifying and building the skillsets and tools it would need to target the markets and “gain interest in one or two banner accounts.” In the second year, MBX moved to bring those new customer accounts onboard and then leverage them to win additional accounts.

“Over the course of 24 to 36 months, we were able to swing our core business, which was our old traditional business, which was maybe 70% to 80% of our business typically … to where we have now flipped that on its head” in sustainable, vertical business, Tucker said.

He noted that MBX remains on the lookout for additional vertical markets it could expand its business.

Developing Hatch software

MBX Systems responded to customers’ demand for higher levels of data visibility by creating a software toolset called Hatch. Hatch aims to provide customers with a hub for managing complex hardware programs, Tucker said. Customers can use Hatch for a range of functions, including customizing product configurations, managing engineering changes and tracking shipment status, according to MBX. Additionally, Hatch offers inventory management, work-in-process tracking and global compliance intelligence.

The introduction of Hatch “made a big difference” to MBX’s customer base, Tucker said. He added that the majority of MBX customers today use Hatch and the company is betting on the software to be its key differentiator among competitors. “When a customer or a prospective customer sees Hatch for the first time, you can see their eyes light up. You can see them understanding the problems that it is solving, and you can see them understand the labor and cost savings of this unit,” he said.

However, while ultimately rewarding, the release of Hatch initially posed challenges because it required MBX to expose almost all of its data to customers.  “There is a reason that some companies don’t make the decision to open their kimono and share all the data. Some of the decisions that we made in doing that … exposed some of the warts that we had in our internal processes,” he said.

“Over time what it did was build trust, but initially [it] was difficult to expose some of the creaks and the strains of actual manufacturing,” Tucker said. He noted that with the data exposed, MBX works even harder to adhere to high standards.

Hatch has also helped MBX plant its flag in the vertical markets it targets. Tucker said customers in those verticals are receptive to Hatch because none of the other manufacturing players in those markets offer anything like it. “One of the reasons that we picked those markets is that they were really ripe for disruption,” he said.


November 27, 2019  6:46 PM

IT channel news: Buyout target Tech Data sees 2% drop in sales

John Moore John Moore Profile: John Moore
Channel, Channel partners, distribution

IT channel companies continued to make news during the shortened Thanksgiving work week. Here’s a quick summary:

  • Distributor Tech Data reported a 2% year-over-year decrease in third quarter sales, with a drop in European revenue the key contributor. The company generated worldwide sales of $9.1 billion for the quarter ended October 31. Gross profit increased 1% for the quarter. Tech Data said it does not plan to hold an earnings call or provide forward-looking guidance, citing its pending sale to Apollo Global Management. Apollo, a private equity firm, agreed to purchase Tech Data in a transaction valued at $5.4 billion.
  • DLT Solutions, an IT aggregator based in Herndon, Va., has captured a contract to provide SaaS offerings, support and other services to state, local and education agencies in Texas. The contract with the Texas Department of Information Resources could run through October 2025, if all options are exercised. DLT’s IT channel partners can tap the contract through the company’s Contract Access Agreement program. Tech Data in October agreed to acquire DLT, in a deal expected to close by the end of 2019.
  • D&H Distributing, a distributor based in Harrisburg, Pa., said it will boost credit lines for about 600 of its IT channel partners, which include value-added resellers and retailers. The $21.5 million increase, spread across the selected partners, will help those companies pursue larger projects, enter new markets or capture a larger business volume, according to D&H.
  • The NPD Group’s B2B Distributor and Reseller Tracking Service reported a 3% uptick in year-over-year sales growth through the third quarter of 2019. The Port Washington, N.Y., company noted software sales outpaced hardware sales, with software rising 9% compared to a 1% increase for hardware. IT operations and networking software represented the largest dollar share of overall B2B software and cloud services sales, according to the tracking service.
  • Distributor Ingram Micro has bolstered its Salesforce expertise. The company this week purchased the Salesforce consulting practice of Quosphere, a global IT firm with U.S. headquarters in New York .
  • Lastline, a security and breach detection vendor, inked an agreement with immixGroup, the public sector IT distribution subsidiary of Arrow ECS. Lastline said the agreement enables immixGroup partners to sell its network detection and response platform to federal, state and local government agencies.
  • Avaya said distributor Synnex Corp. is now providing Avaya OneCloud Secure unified-communications-as-service products to partners in the U.S. public sector market.
  • Windstream Enterprise, a managed communications service provider, recently restructured its channel organization. The company promoted Matt Milliron from vice president of channel sales to head of strategic channels, replacing Curt Allen. Allen will move into an advisory role, consulting with Milliron and Windstream executives on the channel, the company said.
  • Anexinet Corp, a digital business solutions provider based in Philadelphia, has appointed Robert Sheinker as vice president of partner strategy. Sheinker is responsible for vendor partnerships, with a focus on hybrid cloud, hyper-converged technology, flash storage, networking, virtualization and security offerings.

Additional reporting by Spencer Smith.

Our usual Market Share IT channel news roundup resumes next week.


November 26, 2019  3:55 PM

Consultant’s free FedRAMP readiness assessment tool gets early looks

John Moore John Moore Profile: John Moore
Channel

Quzara LLC, a consulting firm based in Reston, Va., has rolled out a FedRAMP readiness assessment tool, conducting 30 reviews of independent software vendors and cloud providers in its first 60 days of availability.

FedRAMP, which stands for the Federal Risk Authorization Management Program, is a government-wide initiative to provide a seal-of-approval of sorts for companies offering cloud services to federal agencies. The program spells out a standard process of security assessment and authorization.

The Office of Management and Budget established FedRAMP in 2011, and requires any cloud service holding federal data to be authorized under the initiative. It conceived the program to facilitate cloud adoption, but industry executives have viewed the process of vetting cloud security as time-consuming and expensive. Smaller cloud providers, in particular, have balked at the expense and complexity of getting their offerings FedRAMP authorized.

Against that backdrop, Quzara launched its FedRAMP readiness assessment tool, dubbed FRAT. Saif Rahman, Quzara’s co-founder and managing director, said the big players in cloud — AWS and Salesforce, among others — had the deep pockets to invest in FedRAMP compliance six or seven years ago. But that potentially leaves thousands of other cloud providers on the sidelines.

“We have a bunch of smaller ISVs and SaaS [providers] that want to get into the federal market, but are finding it extremely difficult,” Rahman said.

The FRAT tool aims to reduce the expense of FedRAMP. The authorization process starts with a FedRAMP readiness assessment, which determines the extent to which a vendor’s cloud meets FedRAMP controls — or fails to do so. The readiness assessment typically costs around $50,000 on average, with the price tag rising to $100,000 in some cases, Rahman said. The cost of the preliminary cloud check is a deal breaker for many FedRAMP aspirants.

“Seventy percent of the conversations die there,” Rahman said.

FRAT, however, is a free, web-based tool that lets cloud vendors conduct a self-assessment based on a reduced set of security controls. For example, FRAT narrows the 325 controls for a FedRAMP moderate security baseline to 100 of the most critical controls, Rahman explained.

Quzara and its cloud customer discuss the results of the self-assessment in a two-hour workshop, also free of charge. After the talks, clients come away with an understanding of the cost and level of effort required to achieve FedRAMP compliance, Rahman said.

“We help them build a FedRAMP roadmap,” he said. That guidance includes an initial timeline for achieving authorization and a prioritized to-do list for meeting FedRAMP requirements.Cloud formation

Companies participating in FRAT assessments thus far have included the expected smaller ISVs, but also larger entities. Rahman cited the example of a defense contractor with multiple data center-based applications it plans to turn into cloud services.  The contractor needs FedRAMP authorization for each one, a costly proposition for even a sizable enterprise.

For Quzara, the no-cost FedRAMP readiness assessment has kept alive conversations with prospective customers, and could lead to fee-based business down the road. In the meantime, Rahman said the early interest in the assessment is encouraging.

“There’s a market that is hungry for real data,” Rahman said.


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: