Exclusive Interview: Chris Moore, SVP, Global Channels, CyberArk

In an exclusive interview with DQ Channels, Chris Moore, SVP, of Global Channels, CyberArk shared deep insight on their channel program, growth of MSPs and cloud marketplaces, and CyberArk’s 3 main identified areas of focus.

What are the recent developments within CyberArk?

The recent development in the company is that we exited from the USI, and we have sort of exited the pandemic. We weathered that storm really well as a company and the industry as a whole too. We also have weathered this storm fairly well from a security perspective, and now as we enter into a phase where some geopolitical things are going on and some economic crises are happening right now. I still believe that security and what we read in the industry will continue to kind of be well. It is an area where there has to be an investment. The more uncertainties that are there in the world, more the hackers and security come to the forefront. 

We have had, multiple quarters of growth, and multiple quarters of success, and we have recently completed our subscription and SaaS transition as a company. We shifted our go-to-market to subscription SaaS away from perpetual and did all that through the pandemic.

We have weathered that pandemic really well.  Now, we are embarking on the next iteration of company growth, which is around identity security and we are taking our entire portfolio of security products and making sure that partners and customers are protected end to end, everything from human to non-human identities, all the way through from single sign-on and multifactor through privilege credentialing, through privilege controls all the way through to developer access controls and that's what you will hear a lot about as we are embarking on our Impact World Tour. And talking about the future, you will hear a lot about identity security in the framework that we are building around identity security and sorting our new go-to-market.

What are the new technologies around security that the partners can look forward to as a new business perspective?

The market is growing and security, is what used to be kind of at the enterprise level, the main focus, it's coming downstream and it's across every single vertical.  When we talk to partners and to large partners and small regional partners, it's not necessarily about new technology, it's really about stitching together the technology to go into end to end, it's really focusing on kind of the non-human aspect.  

It’s not just a person that you are protecting now it’s an RPA process, it's a non-human entity, that’s a new area where there's a lot of focus. Building it together from end-to-end and building that zero-trust kind of framework along the entire paradigm move of customers is new, but it's really coming up from whether you want to call it SMB or mid-market, commercial markets, the market there is building.  As more and more companies realize that security is important to everyone, not just the high enterprises, anyone and everyone is vulnerable to attacks, the attack vectors are getting bigger and more sophisticated and everyone up and down needs a level of security and need to become more and more prevalent, especially with cloud and cloud security and kind of cloud consoles into your different cloud providers.  It's no longer the large enterprises.  It's actually the mid-market commercial, kind of low enterprise customers as well, where there's a huge opportunity for our partners.

What is the partner ecosystem in India? What is the distribution model in India?

We have a two-tier channel model. All the partners go through the distributors. We have three distributors in India right now, it’s iValue, Inflow, and MTech. We have got partners across right from tier two, the typical tier two security partners, we have got some boutique partners who do purely CyberArk and only CyberArk services. We have got a range of partners through the perimeter, right up to the Global SIS as well as advisories. I wouldn't have a count, but we are a very focused channel organization - 100% of our business happens through channels here in India.  Our focus is very, high on channels and we try to ensure that we work with partners who are committed and really invest with us.  I may have hundreds of partners signed up, but at the end of the day, we really want to spend time with partners who are committed to our business, and that is what we give them back as well.

What are your strategies for partner expansion? Also, how you are making sure to educate partners in a proper way that teams should be well educated, they should understand your technology to sell to the end customers?

It fundamentally goes back to enablement and making sure that we have the right enablement track. We have broken our enablement into four different tracks, across each of our different product portfolios for sales, pre-sales, technical implementation, and now customer success across each one of our pillars, whether that's access or privilege or DevSecOps, security.  Any partner within the ecosystem that has an interest in any one of those or the entire identity security portfolio, we have a track for them from a training perspective where they can come in and can become enabled and become self-proficient to both sell and implement our technologies. The other thing that we were looking at doing is really focusing on our partners that have a high capacity, high commitment, and high capabilities and investing further with those partners to make sure that we are not just enabling them on our technology but driving joint initiatives and joint offerings. Go into the market in a way that's identity security as a whole CyberArk at the core within our partners, services, and their IP wrapped around our software, that's incredibly important, especially when you think about kind of what I am seeing.  There is a huge amount of shifts that I am seeing.  One is kind of the shift to managed services, which we are supporting very holistically and in that, if you are a vendor, if you are a partner today and you are not creating a managed service, you are probably going to miss a chunk of the market. 

Gartner's numbers are 40% of customers who want to buy the security as a service and they need that partner IP right around it and we are never going to build a managed service, we have a SaaS service and what I am working on with our partners on, we are working with our partners on is building their IP around our SaaS offerings.  That's the first kind of paradigm shift and I am happy to talk about that a little bit more.  

The second one is really the growth of the marketplace and we have specifically partnered very strongly with AWS on the marketplace side. This is a shift that's gaining momentum. Customers are now acquiring software from the marketplaces because of the financial advantages and because of some of the support that they are getting. What we have looked at doing and what we are doing is just driving a very inclusive model. It’s our marketplace partners, lots of regional partners with their services delivered through a marketplace offering and to the customer so that the customer can buy the software the way they want, and they can get the financial advantages of a marketplace acquisition, but that partner can still sell and deliver their services wrapped around our software.  Those are the two biggest shifts that I see globally.  It’s an interesting time for some of the partners that you have talked about and what I am seeing is them making those shifts into these two different kinds of routes, leveraging the marketplace for scale and volume, and then looking at managed services to really solidify their place in the customer so that they can continue to deliver those services downstream.

What are the criteria for selecting partners?

It revolves around, three aspects which are capabilities, commitment, and capacity. You look at regions and you look at; do we have the right capacity within that region. What we need are partners that can talk about security and deliver security messaging and solve customer problems and deliver use cases. I have worked in channels before where it's really fulfillment and it’s just the acquisition of software. What we tend to look at is in our specific region, do we have the capacity or to be able to deliver that to our customers and where we don't, we look for partners that have that ability and capability to go drive used case messaging and solve business customer needs and they do they have the commitment to go through the training that's needed.

We are fortunate that we have a very strong subset of partners. We have around 1400 partners in our network, I don't believe all the assets within those partners are activated.  How do we activate everyone that's in our existing channel and then where are the gaps after you do that where you need to bring in partners, it's very important to make sure that we have the right level of partner with the right capacity capability within the region?   We look at who are the partners that we should have an ecosystem that can help lift up our customers. Not just do we have enough partners that can go and get a PO because we really need partners driving value in the market versus just getting a purchase order for us.

Any particular vertical for Indian specific that you are targeting?

We talk a lot about segmentation and verticalization as a go-to-market and it's very hard for us because there is no kind of standout vertical.  Every vertical needs identity security. We have tremendous success in manufacturing, in healthcare, and we have got very strong success in BFSI.  We have really strong success kind of smaller kinds of firms that are looking for insurance compliance.  They need risk insurance; they need to check the box and say I have got security and that's coming way down.  We are not verticalizing in the sense that we are going after, and healthcare as the big one. What we are doing is looking at what are the use cases within each of the verticals that we can then go out and deliver and then align ourselves with the partners that are in those verticals and that can deliver those use cases. But we strongly believe that our market is broad enough and it's really a used case within the individual verticals and I don't think there's any vertical that's off limits. Every single vertical that you could mention, I could point to a success that we have had in the last 12 months where we are into those verticals and again it goes back to what I said earlier throughout the pandemic and kind of as we are looking forward into the 18 months of financial uncertainty globally. I have heard a couple of kinds of prognosticators talk about and it's not CyberArk view, but from an external view, which is security is going to stay steady because they can't invest in security because the risk vectors just become greater and greater.  We are in a really good spot with our partners to continue to see growth and continue to see how customers really need immediate kind of security at a very broad scale, but again, we talked about the verticalization a lot and I can point as I said to wind up and down the vertical stack and so we will support our partners with use cases and enablement and wherever they want to go in the marketplace.

What are the different incentive programs/ schemes for partners?

Our view is I like to be very transparent and very predictable. Why in different companies, the incentive programs have sort of gone up and down? For a partner, that becomes kind of scary when you don't know if there is an incentive this quarter and it incites bad behavior. We have set the baseline for the program. We believe in the research that we have done and that we have an incredibly rich program when you look at it our entire ecosystem of partners. And so, we have a program that we have launched at the beginning of the year, it is the program that lasts at the end of the year, and we make small tweaks, kind of on a yearly basis, but we don't really do it on a quarterly basis.  

The thing that I talk to partners a lot about is how can we help partners drive and accelerate their services within our accounts.  We don't want to be a services company; we don't want to sell services at all. We want our partners to deliver the services components, wherever we can help them develop a services footprint within the account and then expand that out, that's really kind of what we want to do.  From a financial perspective leveraging the marketplaces and how can we help them leverage that and that's neutral for them.  They will get that lift and there's no disincentive for them to leverage the marketplaces and then how can they go and drive more services and how can we help them go drive that, but we try not to do waves of monetary incentives simply because I want really strong predictability and consistency through the programs for a long period of time.

What are your future plans for the next 12 to 18 months from global and Indian perspectives?

Global and India are sort of similar.  From a global perspective, I see the three really big shifts. The three really big shifts are a kind of growth within the managed service providers.  We are really investing and accelerating within the partner community that is building managed services and this isn't just specific managed services, this is every single partner that has been a traditional kind of reseller is now building a managed service.  We are supporting them, we have a program specific to manage services, we have enablement specific to managed services and we have got a financial model specific to managed services partners that's on a graduated scale.  The larger they get, obviously the more discount they get and the bigger their profitability becomes as they scale out.

We are working with partners that are small, regional managed services all the way up through global partners that are building entire stacks of CyberArk software to deliver and that continuing to grow at a tremendous scale.

We are investing in the AWS Marketplace ecosystem to grow that marketplace to help our customers reach more or help our partners reach more customers.  Things like we can do propensity studies with AWS, where AWS can give us a customer list and we know that customer has the propensity to buy security software, has X amount of commission dollars, AWS and it's been in the market, and we can deliver that to our partners to help our partners go drive into the marketplace.

AWS also had 18,000 sales reps worldwide that do nothing but look at AWS consumption and how we align with that, and we have everything from AWS from that regional seller model that is supporting our partners to our integrations with our other ecosystem partners that are supporting that all kind of meeting at the partner in the field to kind of accelerate.

We believe that the larger system integrators, the larger advisory partners, they are going to continue to be more and more important as we work out to improve security, and what I mean by that is somebody is setting the security posture and the zero-trust posture and the identity posture it is about.  It’s the system integrators that are aligning with the system integrators and making sure that we are built into their go-to markets, which allows us to get in early with the customer or become kind of the de facto standard, which then kind of lifts the boats for all partners and that customer to make decisions.  

Focusing early on system integrators, and advisories to lift up everyone in both and it really focused on enablement and enablement becomes more and more critical as the market starts to expand we have got a brand-new marketing campaign, marketing collateral that will launch in 2023 and we are building a very high end, low touch concierge type service for our partners.  They will be able to do work on leveraging our collateral, leveraging our go-to marketplace into their customer base.  Giving them the enablement that they want, giving them the marketing and support that they need, and then helping them around the go to market, whether they are ready to kind of throw the market and we will continue to double down and invest in the channels to really help them drive demand.