'7 Minutes' with CyberArk VP of Channels and Alliances Scott Whitehouse

**Editor’s Note: “7 Minutes” is a feature where we ask channel executives from startups – or companies that may be new to the Channel Partners audience – a series of quick questions about their businesses and channel programs.**

A much-discussed session at this year’s RSA conference involved a demo by CyberArk researchers showing how an attacker could create a privileged account in AWS, Azure or Google Cloud Platform and then use that access to steal data. This isn’t theoretical — it’s exactly how attackers got hold of millions of Uber driver and passenger records. The gory details of how a good DevOps account went very bad are here.

Your customers almost certainly have a privilege problem: One new study says close to half of data breaches in the past year involved these accounts.

From a process standpoint, partners should advise customers to avoid multi-user admin accounts with shared passwords, and all users should have only the access that they absolutely require, for only as long as they need it. However, that won’t eliminate the problem. Sometimes old accounts are forgotten, and there are techniques that malicious users may employ to become what CyberArk calls “shadow admins.”

CyberArk’s Scott Whitehouse

To seek out and control these accounts, companies including CyberArk provide PAM, or privileged access management, tools that find, secure, control and monitor privileged access across a customer’s on-premises and cloud systems. These tools log any actions taken with admin accounts, prevent escalation of privilege, raise alerts when anomalies are detected, and more.

While CyberArk is a leader in the PAM market, counting more than 50 percent of the Fortune 100 among its customers, the company has channel-focused challengers including BeyondTrust, Thycotic, and One Identity. We asked CyberArk’s VP of channels and alliances Scott Whitehouse why MSPs should select his newly expanded multitenant service, what programs are available for resellers and how he expects this market to evolve.

Whitehouse has a long tenure in the channel. Before joining CyberArk, he managed a regional channel team for Hewlett-Packard and helped set up HP’s global strategic alliance program.

Channel Partners: Tell us what customers love about your product or service. What’s the secret selling sauce?

Scott Whitehouse: CyberArk’s “secret sauce” for delivering proactive security solutions is a combination of innovation, research and unequaled cybersecurity experience. We’re a trusted adviser to our partners and customers. We encourage a “think like an attacker” mindset, empowering partners to offer proactive privileged-access security solutions that can reduce risk across all customer environments — on premises, in hybrid-cloud environments and at the endpoint.

We’re continuously investing in the success of our channel partners. We recently announced an expanded Managed Security Service Provider (MSSP) offering featuring a new multitenant, pay-as-you-go option. This provides partners with greater flexibility and the ability to easily add privileged-access security capabilities to their portfolios so they can expand market opportunities and create new revenue streams.

We also launched the CyberArk Marketplace as the industry’s broadest and deepest portfolio of privileged access security integrations, making it easy to find and deploy integrations in as little as four clicks. With CyberArk Marketplace, channel partners can accelerate the sales process by …

… driving awareness and access to available integrations. Partners will also be able to contribute their own integrations to the CyberArk Marketplace to help expand the community and drive competitive differentiation.

We want to make it easy for our partners to do business with CyberArk, enable them to scale their privileged-access security offering over time, and, most importantly, improve overall security for their customers.

CP: Describe your channel program — metal levels, heavy on certifications, open or selective, unique features?

SW: CyberArk’s channel program enables the flexibility for partners to work with us in a number of different ways, from onsite deployments and advisory services to reselling and managed services. We’ve built a community that brings together the strengths of advisory consultants, global systems integrators and regional solutions providers to help customers reduce risk and protect against cyberattacks. While the program is growing, we’re very much focused on quality over quantity and working with partners that really understand our vision and the future of privilege and secrets management.

The program itself consists of three levels – platinum, gold and silver. Our certification and training courses are core to the program and available to partners online via our partner portal, virtual classroom and face-to face classrooms. We also provide additional support to help scale deployments.

CP: Quick-hit answers: Percentage of sales through the channel, number of partners, average margin.

SW: CyberArk works with more than 350 channel partners and systems integrators around the world. In [the first quarter of] 2018, more than 60 percent of CyberArk’s business was done through the channel.

CP: Who are your main competitors, and what makes your offering better?

SW: As the No. 1 undisputed market share leader, CyberArk offers the only privileged access security solution designed and built from the beginning for security. It’s differentiated by its ability to protect privileged accounts, credentials and secrets anywhere – in the cloud, across DevOps workflows and at the endpoint – and at scale.

Only CyberArk provides the critical, must-have layer of IT security that enables organizations to stay ahead of external attackers and malicious insiders, and mitigate attacks to limit damage as quickly as possible. With a focus on simplicity, automation and risk reduction, the CyberArk Privileged Access Security Solution eliminates the most advanced cyber threats. It identifies existing privileged credentials across networks, makes sure those credentials are locked down and secure, and utilizes continuous monitoring to detect anomalous behavior and stop attacks early on, before they cause irreparable damage.

Based on research from the CyberArk Labs team, which helps inform R&D and product roadmap, CyberArk is constantly evolving its solution, helping global partners and customers stay ahead of attackers. CyberArk led the industry with early investments in areas such as threat analytics and endpoint protection, and raised the bar with the launch of a cutting-edge secrets management solution for DevOps through the acquisition of Conjur, which was quickly integrated into the CyberArk solution.

No other vendor in the space has this powerful combination of solutions in a single platform to improve the overall security of an organization today, as it progresses its digital-transformation strategies.

CP: How do you think your technology portfolio will change in the next three years?

SW: Attackers are constantly changing their attack methods, finding new ways to steal credentials, infiltrate networks and halt business operations. CyberArk will continue to invest in and innovate our solutions as partners and their customers …

… blaze new frontiers and accelerate digital-transformation strategies involving cloud and DevOps environments.

CyberArk’s innovative advancements in DevOps have had a significant impact on the company and partner community. With increased DevOps adoption comes challenges with securing these dynamic, high-velocity environments. We’re committed to helping partners and their clients meet those challenges head-on. To do that, we’re dedicated to expanding partner ecosystems and driving integrated DevOps solutions to the channel. CyberArk DevOps integrations – including Red Hat, Puppet, Ansible and Jenkins – help our partner community access the most comprehensive secrets-management solution on the market. CyberArk understands that third-party relationships are very important in DevOps, and delivering an advanced secrets-management solution in one flexible, resilient platform is a competitive differentiator for CyberArk, and its partners.

CP: How do you expect your channel strategy to evolve over that time frame?

SW: We’ll continue to evolve our channel strategy to meet the changing needs of global partners and their customers. We’ve traditionally focused on scaling our channel strategy by building deeper relationships with partners, especially with those building and prioritizing privileged-access security programs. Our focus is on increasing the quality of partnerships, versus quantity.

Again, our new multitenant offering is a great example. We introduced the pay-as-you-go offering when we saw an increase in channel partners providing expanded offerings — including security as a service. With CyberArk Marketplace, we’re also able to better support partners and their customers in their efforts to improve security and IT operations across cloud, DevOps, robotic process automation software and more.

CP: What didn’t we ask that partners should know?

SW: Nearly all advanced attacks involve the compromise of privileged credentials, which provide powerful access to organizations’ most sensitive data, applications and infrastructure. As organizations embrace digital transformation, investments in cloud and DevOps are creating an expanded attack surface. Coupled with the evolving definition of “privilege” to encompass human and non-human identities, it’s never been more important for organizations to automatically monitor, manage and control both who and what has access to their networks.

This is an exciting time to work in IT security as a channel partner. Privileged-access security represents a tremendous greenfield market opportunity globally, across industry sectors and company sizes. CyberArk is empowering partners with proactive cybersecurity solutions to help protect customer networks in the face of emerging threats.