This presentation provides a review of how IT firms approach the sale of IT security products and services. It details the types of security services they are offering, their outlook on security growth prospects and their involvement in areas such as security-as-a-service or managed security services.

1. IT Security
Sales
Practices
in the
Channel
Research Brief
Copyright (c) 2014 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org

2. Most IT Firms Involved with IT Security in Some Way
NET 73% of firms report some type of involvement in offering security products or services
Micro IT firms Small IT firms Medium IT firms Large IT firms Overall
38%
25%
37%
22%
12%
66%
29%
12%
59%
18%
15%
68%
27%
17%
56%
Not involved in security Security mostly offered as a
stand-alone product or service
Security mostly embedded /
a component of other
products or services
Source: CompTIA IT Security Research Brief | Base: n=284 U.S. IT industry executives

3. Current and Planned Security Offerings
Currently offering to customers Plan to begin offering over next 12 months
13%
13%
16%
15%
16%
15%
13%
19%
9%
9%
11%
37%
35%
33%
38%
42%
42%
42%
51%
48%
57%
56%
Network security
Backup/Disaster Recovery/Business Continuity
Data protection/mgt. (e.g. Data Loss Prevention)
Email and web security
Risk management (helping customers balancing security
priorities and cost)
Compliance management
Cloud security (helping secure customers’ cloud solutions)
Identity and access management (IAM)
Intrusion prevention/intrusion detection:
Mobile security (e.g. MDM, mobile antivirus)
Security information and event management (SIEM)
Cloud security
has the highest
intent to begin
offering rate,
indicating IT
firms see many
opportunities in
this area.
Source: CompTIA IT Security Research Brief | Base: n=284 U.S. IT industry executives

4. Majority of IT Firms See Favorable Growth Prospects for
Security over Next 12 Months
13%
1% 4%
24%
43%
NET 63%
15%
12%
1% 1%
24%
44%
A majority of IT firms
expect growth of security
products/services over
the next 12 months.
There is slightly more
optimism now vs. the
outlook in 2012.
19%
NA / will not
be involved in
security
Shrink
significantly
Shrink
modestly
Flat / no
change
Grow
modestly
Grow
significantly
(10% +)
2012 2014
Source: CompTIA IT Security Research Brief | Base: n=284 U.S. IT industry executives

5. Security Providers See Uptick in Customer Inquiries
Following Notable Breaches
Security incidents made the news on a regular basis during 2014. Home Depot, Target, SnapChat, DropBox, JP Morgan, and Apple iCloud just to
name a few, all made the news in 2014 for notable data breaches. According to the research, about half of the firms providing some type of
security product or service reported additional customer inquiries or other activities spurred by the security incidents.
Incidence of Activities in Response to
“Headline-making” Security Incidents
52%
48%
Some type of resulting activity
No resulting activity
21%
Security
conversations
beyond CIO;
including CEO 31%
New customers
inquired by
security services
33%
Existing customers
inquired about
additional security
safeguards
Source: CompTIA IT Security Research Brief | Base: n=284 U.S. IT industry executives

6. Slightly More IT Firms Offering Security-as-a-Service
Incidence of offering Security-as-a-Service Incidence of offering Managed Security Services
57%
20%
24%
46%
21%
33%
No /
No plans
Plan to begin
offering over
next 12 months
Currently
offering security-as-
a-service
2012 2014
49%
2012 2014
15%
36%
46%
17%
37%
No /
No plans
Plan to begin
offering over
next 12 months
Currently
offering security-as-
a-service
Source: CompTIA IT Security Research Brief | Base: n=284 U.S. IT industry executives