With the launch of a new global partner program, Veracode, an application security risk management vendor, wants to beef up its channel presence in Canada and around the world.
Veracode is based in Burlington, Mass. and specializes in the identification and management of application security risks for businesses of all sizes with its software-as-a-service cloud-based platform known as SecurityReview.
Evan Fromberg, senior director of channel sales and business development at Veracode, said that today, roughly half of the company’s overall revenues comes from its channel partners and the other half comes from the company’s direct sales. With the creation of a global partner program last month, Fromberg said the company hopes to take “the vast majority” of its deals indirect in the future.
With its SecurityReview security verification cloud-based platform, businesses can gain visibility and an understanding of potential security risks and flaws that are associated with their applications, said Fromberg.
“We’ve made it possible for organizations to understand the risks in their application portfolio with minimal up-front cost and minimal training,” Fromberg said. “A small business, for example, could send one or two of their mission critical applications to us to get assessments and the results done in a matter of days. We’ll then give a profile of that application and we’ll reveal all of the flaws and possible exploits, such as cross-side scripting.”
From this point on, Fromberg said Veracode will provide remediation advice to the customer but then they’ll leave it up to the channel partner to follow thru with the appropriate support and services. For partners, it’s an opportunity to deliver additional services as a way to help businesses leverage their applications.
Fromberg said the application security space is still an “underdeveloped market” that holds “tremendous opportunities for growth” for partners. With more and more applications on mobile devices both in and out of the workplace, he said security and the understanding of potential application risks becomes essential.
“There’s an opportunity for partners to help organizations understand the risks in the applications that are being built internally and to also see what security flaws may exist in third party applications,” Fromberg said. “Partners can build services around and receive recurring revenue from the Veracode Platform by reselling it and also providing consulting, prioritization and remediation services.”
Currently the company has 12 channel partners globally, nine from the U.S. and one from Canada. With the availability of its global partner program, Fromberg said the company wants to continue to grow its Canadian business by raising awareness.
“We want to let partners know that this is a net new area for them to work in and we’re a one-tier channel distribution company that’s not overly-distributed in the market,” Fromberg said. “We also offer partners things such as margin protection and deal registration.”
As for the types of partners the company’s looking for, Fromberg said Veracode needs security-centric channel partners, risk management consultants and managed service providers that focus on network security or application security.
The channel program is made up of three tiers defined by revenue recommendations and discount margins, Fromberg said. Partners are also rewarded when they find opportunities and register them with Veracode, he added.
SecurityReview is sold on an annual subscription basis and it’s sold either on a per-application basis for small business customers that have one or two critical applications, or it’s sold as an enterprise-wide license to larger businesses that need to assess all of their applications in the given year.
Fromberg said partners will make at least 35 per cent margins when they resell the SecurityReview service, and they’ll earn more when they deliver services around that.
Follow Maxine Cheung on Twitter: @MaxineCheungCDN.