BitSight Deepens Ties With Existing Partners To Double Channel Sales For Third Consecutive Year

BitSight now derives half its revenue from solution providers thanks to an expanded channel organization and new partnerships with the likes of WWT and ePlus.

Business for the Cambridge, Mass.-based company started to take off after hackers breached Target in November 2013 through a third-party HVAC vendor, according to Carla Morss, BitSight's senior director of worldwide partner sales and alliances.

The breach put third-party vendor risk management on the map from corporations and governments alike, Morss said, resulting in changes from a regulatory and compliance standpoint. As a result, Morss said third-party vendor risk management has gone from being an amorphous desire to a mandate with a specific deadline.

[Related: BitSight Lands $40M Series C Funding, Looks To Boost Growing Channel, Expand Product Line]

"It's no longer a 'nice to have,'" Morss said. "It's a 'need to have.'"

BitSight launched its global channel program a year after the Target breach, Morss said, with revenue from solution providers doubling each of the past three years. The company expects to derive half of its global revenue in 2017 from 120 channel partners, and some 45 percent of its business in the United States from 59 solution providers in the region, according to Morss.

The company expects roughly 60 percent of its global business to go through the channel by the end of 2018, according to Morss. Virtually all Asia-Pacific and EMEA (Europe, the Middle East, and Africa) sales go through partners today, Morss said, so that growth is expected to come from North America.

"BitSight is truly invested in its partner program," Morss said. "We want them to be an extension of the company."

BitSight partners average margins of between 15 percent and 20 percent, Morss said, and typically resell the offering using an annual Software-as-a-Service (SaaS) licensing subscription. Some channel partners over the past year or two have begun offering their customers three-year or five-year subscriptions to BitSight, which Morss said has been well received.

Solution providers can boost their margins through a range of ancillary professional services ranging from consultation around the customer's current vendor arrangements to implementing BitSight's offering to remediating a poor rating, according to Morss. Channel partners can also opt to manage a customer's entire vendor management program on their behalf, Morss said.

BitSight's is intended for both enterprise and SMB customers, Morss said, with enterprise customers increasingly setting up their own vendor risk management function outside the security team to address the security challenges stemming from doing business with more than 10,000 other vendors. SMB customers have fewer vendors in their ecosystem, according to Morss, but still see value in the offering.

The company has raised some $89 million of funding since its 2011 launch, landing $23 million of Series B funding in June 2015 and $40 million of Series C funding in September 2016 in a round led by GGV Capital.

Optiv has combined its third-party risk solution with BitSight to help clients make more informed and cost-effective decisions around the outside entities with which they do business, according to James Christiansen, vice president of information risk management.

"Third-party risk programs are a critical component to any comprehensive security program, but they can be complex and costly to plan, develop and manage," Christiansen said in a statement. "Organizations need help making clarity out of the chaos."