How Palo Alto Networks Realigned Its Partner Program

TREND ANALYSIS: Most businesses standardize on couple of server, network and storage vendors but are forced to use dozens of security vendors. Palo Alto Networks uses its platform security approach to enable partners to add their IP under the umbrella of a single provider.


Digital transformation has shaken up every industry as smaller, more agile companies have come out of nowhere to disrupt the status quo. For example, Airbnb’s valuation is now higher than Hilton and Hyatt combined, and it owns no properties. Traditional businesses need to be agile to compete in the digital era, and that’s caused them to adopt a flurry of new technologies that include the cloud, mobility and the internet of things.

This may be great for business, but as is the case with many things in life, for every Yin there’s a Yang, and the Yang in this case is an increase in the complexity of cybersecurity.

Securing an organization has never been easy, but it used to be a lot more straightforward, because IT had control over where people work, what devices are connected and where the data is stored. Digital businesses are dynamic and distributed, and that means data, people or devices can be anywhere--enlarging the attack surface by an order of magnitude. Also, data can originate in the cloud, traverse the network, go into the data center and then out to the endpoint, carrying with it malware. Protecting the organization has becoming exponentially more difficult.

No portion of a network is immune from security issues.

No Single Vendor Can Offer an End-to-end Solution

Another challenge for security professionals is that there is no single vendor that can offer an end-to-end solution. My research shows that the average number of security vendors that enterprise class companies use is 32. Most businesses standardize on couple of server, network and storage vendors but are forced to use dozens of security vendors.

One vendor that seems to have solved this is Palo Alto Networks. However, its solution isn’t based on having a single vendor. Instead, the company goes to market with a security platform that enables a single architecture. The pillars of the platform are the company’s network, cloud and endpoint security products, but customers can then drop third-party security solutions into the platform enabled by Cortex (formerly known as Application Framework). This creates a “best of both worlds” scenario, in which businesses can have multiple vendors, but the single architecture simplifies on going management.

One of the challenges Palo Alto Networks has had in getting its customers to evolve to a platform approach is to have its resellers aligned to sell that way. Many resellers are really good at selling specific security products  (such as firewalls), but selling more products doesn’t really help the end-customer be more secure. The last thing security professionals need is a reseller pushing more hardware, but resellers often sell only what they know instead of what’s best for the customer. What security professionals need today is a reseller partner that can help deliver better business outcomes to ensure their digital transformation initiatives are being secured and that’s enabled via the platform.

Revamping the Partner Program

To incent its partners to make this shift, Palo Alto Networks has put its money where its mouth is and revamped its partner program. The new NextWave program is based on its partners selling a services lead--full platform rather than just individual products. Those who do will be up to five times more profitable than those who only resell firewalls.

The enhanced program is built on the following three pillars:

  • Profitability, from selling the platform built on network, endpoint and cloud. Also, for the first time ever, Palo Alto Networks has introduced a rebate program for its top tier (Diamond) partners.
  • Optimization, by automating and maturing processes that will make Palo Alto Networks easier to work with.
  • Services that enable partners to deliver advanced capabilities and ensures that customers are getting full value from the company's technology they purchased. All partners should be moving to a services-led model, because services typically carry a margin that is about 3x-4x products.

Other key changes to the partner program include:

  • reducing the number of tiers from 4 to 3 by consolidating the lower two;
  • higher deal registration incentives;
  • incentives on the renewals of SaaS and subscription services;
  • managed services program; and
  • transformation services, including assessment services, on the front end to post-sales optimization services.

Win-win-win for All Parties in the Deal

The changes to NextWave creates a true win-win-win for the vendor, partners and customers. The value to Palo Alto Networks and its partners is obvious, because the former will sell more products, and the latter will make more money.

Some customers may look at this and think: “Why should I care that the reseller is making more money?” In actuality, this is also of great benefit to the company's customers. Security products certainly aren’t cheap, and despite spending millions annually, many businesses continue to fall behind. The changes to NextWave ensure that resellers are helping their customers evolve to an agile security platform that can meet their needs today but also in the future as things continue to change.

Also, it ensures that customers are getting full value from the security dollars already spent by making sure they’re deployed correctly and all the features are being used. This can be particularly important with newer cloud-based security, such as CASB (cloud-access security brokers), where there are fewer best practices and many knobs and levers to tune and tweak.

The security industry as a whole is evolving, and customers need to ensure they’re moving with it. They can’t do this if the reseller they are using is stuck in the old world. The updates to its partner program ensure that Palo Alto Networks customers are deploying the right security tools to meet the demands that digital transformation creates.

Zeus Kerravala is the founder and principal analyst with ZK Research. He spent 10 years at Yankee Group and prior to that held a number of corporate IT positions.