Channel Partners Favor Scale and Deliverability Over Product Margins, Finds Cato Survey

Our recent survey Security or Performance: How do you Prioritize? has a lot to say about what enterprise IT leaders value vis-à-vis the tradeoffs between network performance and security effectiveness. But as a channel guy, what I found particularly interesting were the insights the survey offered about the channel.

Along with the 2045 IT leaders, the survey canvassed nearly 1,000 channel partners across the globe about their top security partner considerations. Partners covered the spectrum including resellers, MSP, agents, and master agents across the Americas (33%), EMEA (26%), and APAC (41%). Only a handful of them worked with Cato, providing us deep insight into the overall channel industry.

What we found was surprising and should help inform the strategic direction of any IT service provider or reseller.

Delivering Appliances Has Become Risky Business

You might think that money talks, and so product margins and wealth of services would be the channel’s top considerations, but our survey tells a different story. Far more important than a product’s margins, is the complexity of bringing that product to market. Product margins came in 8th overall when we asked respondents about their priorities when evaluating security vendors. Scalability, ease of management, ease of integration, and the ability to deliver as service were all ranked higher, regardless if you’re speaking about agents and master agents or VARs, MSPs, SIs, or ISPs.

Another way to put that is that the overhead of delivering appliances often outweigh the margins in selling them. This just one indicator that the business argument for network appliances is being called into question.

Appliances have always been about facilitating access to the datacenter, but over 70% of respondents agree or strongly agree that the datacenter is no longer the center of data and that most applications and data reside elsewhere.

Furthermore, security appliances themselves are proving to be a source of security vulnerabilities, which creates brand and customer relationship problems for the partners delivering those products. As Cato’s director of security, Elad Menahem, explained back in October, security advisories published by Cisco Security revealed several significant vulnerabilities in Cisco IOS and IOS XE software. Nor is Cisco alone. Having to drop everything and patch appliances has become all too common, pointed out Peter Lee, security engineer at Cato last fall.  No wonder that 80% of respondents agree or strongly agree that for mid-size enterprises, SASE offers better security as it’s easier to manage and allows full visibility into network traffic.

It should also come as no surprise then that over 60% of respondents agree or strongly agree that reselling security appliances has become a risky business. The question is, what’s the alternative?

SASE Cloud Addresses Appliance Limitations

Again, looking at the priorities for the channel — scalability, ease of management, ease of integration, the ability to deliver as service, and time to market – are all attributes of the cloud. It becomes much easier to profit from offering cloud services. Delivering security and networking capabilities as cloud services then is increasingly important to partners not only because of the impact it has on the customer’s business but because of the impact it has on their business.

At Cato, I’ve seen that firsthand. The Cato SASE Cloud is a single vendor, cloud-native SASE solution. Our onboarding time for partners is just 4-6 weeks. What’s more the service is always update, managed and protected by our operations and security teams.  If you’ve delivered security appliances at all you’ll know how remarkable that is. Having come from a security appliance vendor, I can tell you that onboarding time typically takes many months and requires massive upfront investment.

But frankly, the short time to market and easy adoption of a cloud-native SASE platform, like Cato SASE Cloud, is unusual for SASE solutions today. That’s because many vendors rebrand legacy appliances as SASE portfolios. What’s needed, as Gartner points out, is a SASE platform. (See this blog for detailed differentiation between SASE platforms and SASE portfolios.)  It’s little wonder then that when we asked respondents how long should channel partners would require to build a full SASE offering, only 17% assessed that it should take less than two months. By contrast, nearly half (44%) estimated that it should take up to a year, and 39% estimated that it should take more than a year.

Still, with the easy delivery of SASE platforms, the security improvements SASE brings to the enterprise, and the ability to deliver and manage the complete range of enterprises security and networking services from a single solution, the vast majority of respondents (84%) believe that SASE will become the preferred choice among customers.  Over 70% of respondents agree or strongly agree that customers are already looking into SASE to simplify their network and lower TCO (total cost of ownership).

It should be no surprise that most channel partners have adopted (59%) or are looking to offer their customers a SASE solution (31%) Only 10% of respondents have no plans to offer SASE anytime soon.

To learn more about Cato and its partner program, visit


Leave a Response