For any Information Security vendor, building a solid and tight security ecosystem should be a top priority, a strategic initiative that creates a sustainable competitive advantage. After all, Information Security is a team sport. So why do ecosystems so often take a back seat for many security vendors? Because it is hard to do well, and it is tricky to structure true win-win relationships. In this series of blogs on The Art and Science of Security Ecosystems, we will make it easier for you as security vendor to understand drivers, critical success factors, and best practices so you can define, structure, build and manage ecosystems that will create value for your and all your partners.

1. Introduction:
For any Information Security vendor, building a solid and tight security ecosystem
should be a top priority, a strategic initiative that creates a sustainable competitive
advantage.
Studies published for example in Harvard Business Review show that alliances
account for 30% of many companies’ revenue and value, and that cloud based
businesses generate even more via partners; SalesForce is said to generate 50% of its
revenue through their APIs, eBay 60% and Expedia 90%.
So why do ecosystems so often take a back seat for many security vendors? Because
it is hard to do well, and it is tricky to structure true win-win relationships –
according to the same study, the failure rate for alliances hovers between 60% and
70%.
This is an introduction to a series of blogs on The Art and Science of Security
Ecosystems, where we will make it easier for you as security vendor to better
understand drivers, critical success factors, and best practices so you can define,
structure, build and manage ecosystems that will create value for your and all your
partners.
Information security needs to be a team sport:
How about we turn the traditional Information Security model upside down? Up to
now, all the innovation has gone to addressing specific problems and solving the
latest threats. But attack surface and attack methodologies morph too fast, so
constantly chasing the latest attacks becomes an unsustainable model that has lead
to a very fragmented vendor landscape – 687 vendors exhibiting at RSA US 2017, up
20% year over year since 2013.
Information security is a team sport, and although highly specialized expert players
are indeed required, it is the level of cooperation among them and the team spirit
that differentiates a high performing team from just a collection of star individuals.
Likewise, it is the tight coupling as well as the high level of collaboration and
coopetition between many discrete entities that give an ecosystem its highly
adaptable structure that is so resilient to hard hitting attacks.
Building technology and business stacks is similar to building teams and ecosystems.
Specialized vendors and solutions are our expert team members, and we need to
generate a team spirit by thinking about our surroundings, working on
interconnection and collaboration, and incentivizing desired behaviors.
As vendors, taking an ecosystem first approach is the only possible answer to the
problems that customers are facing and are demanding an answer for – inconsistent
functional coverage, incompatible management platforms, portal fatigue, high
operational costs and other issues coming from proliferation of point solutions.

2. There are many benefits for being a team:
As a team, we will be able to count on our partners, and they should be able to
count on us, to create massive value for all entities in the areas of product, sales, and
customer satisfaction. Specifically our partners will help us in these 5 goals.
1. Define a better solution faster and cheaper.
2. Build a better brand that rises above the noise.
3. Navigate complex customer environments and accelerate sales cycles.
4. Expand our addressable market and insert our products into massively scalable
and highly leveraged sales routes.
5. Benefit from easier and more successful product deployment and management
to improve customer satisfaction and pave the way for land and expand
strategies.
The best moment to engage with partners, to draft a core ecosystem and to initiate
a partner program is at the product prototype stage, when we can ask – will our
product help a partner solve their problem or will we compete against him? Will our
solution be MSSP ready, or at least will it be MSSP friendly? Will our approach create
or remove friction for key partners who want to integrate with it? Engage early and
get these answers.
There are 5 steps to building an ecosystem:
Although there are many nuances, details, known pitfalls and corresponding best
practices, there are main 5 steps in defining and building an ecosystem.
1. Define the strategy.
2. Articulate respective value proposition for all involved entities.
3. Decide between a flat or tiered structure, go wide or go deep.
4. Iteratively roll out a partner program that clearly specifies expected roles and
responsibilities, and incentivizes desired behaviors.
5. Bake metrics throughout your organization to measure and track progress.
In summary, there are the 5 key takeaways:
There are 5 key takeaways that we will elaborate on.
1. Innovation is now moving to the area of ecosystem because just having a good
product is not good enough.
2. The end-to-end model for customer satisfaction about your product involves
many third parties, work closely with them.
3. Engage early with your partners, at the prototype stage, and iterate.
4. Always keep in mind what value you create for your partners so it is in their best
interest that you succeed.
5. And measure, measure and measure so you understand how all of these pieces
work together.
This blog is an introduction to the series of blogs on The Art and Science of Security
Ecosystems. For more information, please reach out to gorka@expand.solutions and
visit https://www.expand.solutions/blog