Guest Column | January 10, 2022

Why It's Time For The Channel To Embrace Usage-Based Security

By Dean Porter, F-Secure

Security Vulnerability

As consumers, we’re used to paying for goods and services as and when we want them. You can go and get a car wash without being locked into an annual contract, and you don’t need to sign up for a daily supply of sandwiches when you go out for lunch. Even for utilities which are usually based on fixed contracts, pay-as-you-go has long been a mainstay of the mobile phone market.

By contrast, in the business world, most services are heavily geared around long-term contracts. This made sense from a supplier perspective as it locks the customer in and ensures a set income for the contracted period. Likewise, channel partners have extensively relied on long-term contracts to profit from reliable revenue streams and maintain customer relationships. And equally, businesses have generally been happy with the simplicity of longer contracts.

However, this approach has become a bad fit for the rapid pace of the modern digital enterprise. Businesses pursuing digital transformation projects will often find they need to scale back or change how they use certain services or find themselves no longer needing them at all. Being locked into an annual contract can stifle innovation, as organizations are forced to choose between delaying digital transformation projects or expending budgets on break clause fees.

How Do Usage-Based Contracts Work?

The answer to this problem is to move away from rigid long-term contracts and toward a usage-based approach. This means organizations are only charged for services they are using, rather than being bound by contracts that charge them regardless of what they do.

This makes it easier to pursue digital transformation efforts and generally take a more agile footing without wasting money on unnecessary services. It also reduces the administrative burden on companies, freeing them from the bureaucratic cycle of managing renewals. Instead, their payments simply match whatever their current needs are each month.

Usage-based contracts have become increasingly common for digital services such as web hosting and cloud storage as providers have realized the value proposition in matching the more fluid nature of demand today.

However, the approach is fairly unknown in the cyber security field. Although the industry likes to talk the talk about being agile and responsive, most services and solutions are still sold on long-term fixed contracts.

Security vendors have a lot to gain by offering customers their services on a more flexible usage-based approach, and the structure is also very beneficial to the channel partners facilitating these relationships.

How MSPs Benefit From A Usage-Based Approach

Usage-based licensing is a fantastic way for MSPs to provide more value to their customers. While it may occasionally mean lower income when a customer cuts back their usage, a usage-based contract firmly establishes that a partner is interested in their customer’s success, not just their money. Being able to offer flexible services that can be easily scaled up or down will help establish an MSP’s status as an active and invested partner, rather than a replaceable provider of transactional deals.

This approach is also a good fit with volume-based licensing, making it easier for partners to introduce more licenses from the same vendor. Solutions such as this enable a partner to add additional licenses, resulting in reduced costs.

MSPs can use this to increase their profit margins, but ideally should also be passing on savings to their customer. This is particularly valuable for smaller businesses as it makes it more affordable to access enterprise-grade security solutions.

Alongside licensing costs, the ability to provide multiple security solutions through a single management portal also makes it easier for MSPs to manage their portfolio. The security sector has become increasingly crowded as new vendors enter the fray to seize their share of the high-demand, high-growth market. As a result, there are a plethora of competing vendors offering very similar solutions and services.

MSPs must consider the best way to deliver these services, ensuring that they aren’t selling their customers conflicting agents that will not work together effectively on the organization’s endpoints. Ideally, they want to be able to offer businesses a portfolio of solutions that integrate well and mesh smoothly, saving the need to spend time pulling data from multiple sources to provide visibility of network activity. This is particularly important for Managed Security Service Providers (MSSPs) that are directly managing security for their customers.

Delivering Security As And When It Is Needed

A usage-based payment structure is beneficial for most services but is a particularly good fit for cyber security. Costs are reduced during periods of smooth sailing when solutions and practitioners are only dealing with low-level threats and routine activity. But security support can be immediately dialed up when a serious incident occurs, and the customer needs all hands on deck to avert disaster.

The last thing an organization wants to think about during a serious security crisis is contractual limitations and sorting out paperwork. MSPs that can instantly step things up without any additional cost or complexity will go a long way in cementing themselves as trusted and reliable partners.

Alongside security incidents, this is also valuable for companies undergoing periods of rapid growth or change as part of digital transformation projects. A usage-based approach enables them to fully pursue their plans and opportunities without any contractual ties to hold them back. With a standard fixed contract, companies that are facing an exceptional period of growth will be effectively punished for their success since they must file for an extension if they want to maintain a good level of security.

Start-ups and other smaller firms also benefit greatly here as they can access quality security solutions at a level that fits their needs, rather than paying over the odds for contracts that are too large for their headcount and IT footprint. This in turn enables MSPs to capture a market segment where firms would otherwise be priced out.

It's time for the security sector to catch up with the more agile and accommodating usage approach which is commonplace in many other fields. By working with security vendors that offer a usage-based approach, MSPs can pass the increased flexibility and savings onto their customers, increase their status as a trusted partner, and capture new markets.

About The Author

Dean Porter is U.K. Country Manager at F-Secure.