Selling security software and hardware to enterprise customers can be difficult, given their sheer size and the need for buy-in from multiple departments. But enterprise customers can write seven-figure checks, so you don't have to kill a lot of those elephants to be a hero in your shop. After all, it's just as easy to sell a million-dollar deal as it is a $10,000 deal, but the margin is a lot better, right? Or wrong? Is it better, given the emerging security market dynamics, to focus on selling smaller products to many small and medium-sized businesses (SMBs) -- or does it still make sense to focus on young enterprise markets with lots of margin and high-ticket items?
If you do a bottom-up analysis, clearly there's something to be said about the size of the SMB market. There are around 26 million small and medium-sized businesses in the U.S. alone. You don't have to get much market share, even in your own region, to put up some big numbers.
Before you walk away from those big NAC and DLP deals (which you've been working on for nine months already with another six months to go -- if you're lucky), there are some things you need to know about playing in the SMB market. And quite a few of them will require you to rethink the way you do business.
Go-to-market is different
In many cases, vendors will bring you large enterprise deals that they are already working on because they need local support. When you target an SMB customer, you aren't
Requires Membership to View
To gain access to this and all member only content, please provide the following information:
By submitting your registration information to SearchSecurityChannel.com you agree to receive email communications from the TechTarget network of sites, and/or third party content providers that have relationships with TechTarget, based on your topic interests and activity, including updates on new content, event notifications, new site launches and market research surveys. Please verify all information and selections above. You may unsubscribe at any time from one or more of the services you have selected by editing your profile, unsubscribing via email or by contacting us here
- Your use of SearchSecurityChannel.com is governed by our Terms of Use
- We designed our Privacy Policy to provide you with important disclosures about how we collect and use your registration and other information. We encourage you to read the Privacy Policy, and to use it to help make informed decisions.
- If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States.
going to get much of anything from the vendors. You may get a lead, but they could be tire kickers or someone just looking for a T-shirt at the local ISSA meeting. There is a lot of brute-force qualification work that needs to be done in the SMB market.
Lead generation is different
You can afford to wine and dine your enterprise customers because they will (hopefully) buy a lot of stuff from you throughout the year. You work with them constantly, you know what projects are in the budget, you know where they need a bit of staff augmentation or other services work, and you are the go-to service provider when they are ready to buy.
 |
||||
|
|
|||
|
||||
In the SMB market, not so much. You are dealing with customers that have a short attention span because they are typically responsible for all of IT, not just security. You've got to get to these guys where they hang out, and it's usually not at a security show. Instead, look for them at Microsoft or Cisco or Salesforce.com events. You also need a marketing model using a lot of online and offline tactics (email, direct mail, advertising and search) to get six to 10 impressions with each of these folks before they'll even take your call.
Sales cycle is different
Finally, a positive in dealing with the SMB. Basically, small businesses want their systems or hardware to work, and they want you to make them work. Most SMB IT directors are not specialists, so they need a simple solution, and they are usually willing to pay you to install it and support it. Once customers decide they need something, there generally aren't groups of influences or extended testing periods. If they have the need and like you (or your rep), then they'll buy. But you need to have a more transactional order processing capability. The hope is that you'll be doing lots of transactions every day, which we know isn't the case in the enterprise market. So think about your end-of-quarter craziness, from an order processing and logistics perspective. That could be every day for you. Make sure you are ready.
Level of vendor tech support is different
That's right -- you won't get a lot of love from your manufacturers. They can't make a lot of money if they spend a ton of time on a $3000 deal. So they expect you to do that and make your margin. That means you are Level 1 and Level 2 on the support front. It's also debatable whether you'll get adequate Level 3 support from the vendor. Make sure you understand the products well enough to really support them. Ultimately the customer is counting on you to provide the services that make the products work.
Sounds like a lot of fun, eh? Well, it can be, if you hit the market correctly with a model that you can support. Take antispam, for instance. When that market hit its exponential growth phase, lots of value-added resellers (VARs) were doing two or three deployments per day. Sure, the boxes didn't cost a lot, but doing a bunch of installs for $1,500 was a pretty good way to keep staffers utilized and revenue coming in.
About the author
Mike Rothman is president and principal analyst of Security Incite, an industry analyst firm in Atlanta, and the author of The Pragmatic CSO: 12 Steps to Being a Security Master. Get more information about the Pragmatic CSO at http://www.pragmaticcso.com, read his blog at http://blog.securityincite.com, or reach him via e-mail at mike.rothman (at) securityincite (dot) com.
This was first published in December 2007