December 16, 2022

2023 IT Budget Insight

By Benjamin Buehne
Channel partners in North America and EMEA expect staffing challenges to drive outsourcing and automation during 2023, while hybrid work is expected to fuel security, identity and endpoint computing.
  • Source pipeline outlooks stable yy for government and education sectors, strengthening for security sectors, but weaker in SMB and among sources without a strong security focus
  • Data center spending de-prioritized, outlook muted by macro-related customer scrutiny, project delays; replacement of products purchased during pandemic delayed in favor of extending life cycle
  • Shortages in security staff prompt companies seek outsource services or managed cloud services and automation
  • Permanence of hybrid work environments (or “practices”) heightens need for EDR, XDR and zero-trust

2023 Pipelines Vs. 2022

FY2023 Pipeline YY
(number of sources)
 North AmericaEMEATotal
OTR Comparative Index--0
Note: The OTR Comparative Index is a quantitative representation of qualitative responses. The Index is calculated by subtracting the “worse” from the “better” responses, dividing by the total responses and multiplying by 100. An Index below zero indicates a negative trend; above zero indicates a positive trend.

Pipeline expectations among channel partners selling products from a variety of technology and security vendors ranged from shrinking to expanding compared with 2022 pipelines. Partners focused on government or education said they had fuller pipelines for 2023 than partners without this focus. A U.S. distributor said, “Schools are still getting money from the government. … In school, they still need the Chromebook — HP [Inc.], Lenovo [Group Ltd.]. Schools are still refreshing more than anybody.” Another U.S. channel partner said, “[Our pipeline is] a lot larger, primarily due to the fact that we have set up and structured what we do in particular with our group as far as how we deliver our services to the government.”

Partners focused on security also reported larger pipelines. A German partner said, “I am very positive and believe that we will have a very successful 2023. Security is on top.”

The five channel partners with smaller pipelines either focused on the SMB sector or are selling a more diverse portfolio of tech product categories. A non-security focused U.S. distributor said, “There’s definitely a downturn and from talking to other resellers. A lot of them are thinking it’ll be the same as last year or smaller.”

Customer Macro-Driven Behavior Changes
Twelve of 17 channel partners reported a variety of changes in customer behavior in response to macroeconomic concerns, similar to commentary in OTR Global’s Oct. 13 Cisco Systems Inc. and Nov. 3 Dell Technologies Inc. reports. Five partners said customers are scrutinizing projects more often. Four each said customers are holding off on purchases and are trying to do more through as-a-service offerings. A U.S. partner said, “Projects are being thoroughly evaluated. Project size isn’t going down, but there’s less willingness to just push through an automatic refresh. Competing vendors are getting a thorough review.”

Changes Prompted by Macro Concerns
(number of mentions)
Greater project scrutiny5
Holding off on purchases4
More as-a-service4
Extending warranties3
Consolidating vendors3
Reducing budgets3
No change5
Note: Some sources gave more than one answer while others did not answer

Three partners each cited reducing budgets, extending warranties and consolidating vendors as strategies customers are using to minimize macroeconomic impacts. A U.S. partner said, “There’s a lot of cutbacks. They are finding efficiencies. … A lot are reducing budgets, scrutinizing projects, holding off so they go into and out of the cloud. They prioritize some projects and others they just extend warranties. Some sectors have cutbacks and others [increase budgets].”

Five partners, including three in EMEA, reported no change to customer behavior.

Replacements for Hasty 2020 Pandemic-Driven Purchases Largely Delayed
Many partners were surprised that the three-year anniversary of 2020 pandemic-driven purchases was approaching, with more observing an extension of the life of equipment than a replacement for the 2020 purchases.

Most partners expect customers who bought equipment during the early days of the pandemic in response to unanticipated needs will extend the life of that equipment rather than replace it. A U.S. partner said, “We have people that try to wear out their equipment and go beyond the three years and five years. A lot try to make things last for six or seven years.” A U.K. partner said, “The days of a three- or five-year refresh lifecycle are numbered. People are looking to hang on to it for longer.” A U.S. partner said, “They hold off on projects, and they are sending approval all the way to the top now. I see that regularly. My run rate is [gone because customers are] holding off on purchases.”

Data Center De-prioritized
Channel partners said customers are not adhering to a standard three-year refresh cycle for data center equipment, opting instead to extended the life cycle of data center equipment with manufacturer and third-party warranties, which could affect data center centric vendors such as Cisco, Dell and NetApp Inc. A U.S. partner said, “Our customers will continue to pay for [Cisco] SmartNet, which is their maintenance software. Also customers will continue to do this with [Hewlett Packard Enterprise Co.’s] HPE Aruba — extend and keep.” Another said, “Customers will extend the life of equipment, rather than replace. We sell a lot of networking equipment: switches, routers, firewalls, and wireless [and we see extensions not replacements].”

Third-party warranties not only delay purchases for equipment but take away from manufacturer revenue. A U.S. partner offering third-party warranties said, “[We’ve seen] the physical server storage and networking — IBM [Corp.], Oracle [Corp.], Hitachi [Ltd. (6501 JP)], Dell, HPE, Cisco, and F5 [Inc.] — extended via third-party warranties].” Another U.S. partner offering third-party warranties said, “It’s data center equipment we are extending the life of. They want to get the biggest bang for the buck. We want to deal in the data center more. The majority of new opportunites we are presented aren’t in the data center.” Another U.S. partner said, “NetApp’s warranty is pretty expensive and there are some good third-party offerings for NetApp extensions.”

Trend Summary

Channel partners said their customers’ 2023 budgets are being driven by a scarcity of qualified IT personnel, particularly in security, and continued hybrid-work enablement. Channel partners most often cited endpoint security (XDR [extended detection and response] and EDR [endpoint detection and response]), security services, remote access via zero-trust solutions, automation and endpoint computing.

Security Services
Seven channel partners highlighted security services as gaining in customer’s 2023 budgets, driven by the lack of skilled resources available for companies to hire. A U.S. partner said, “We are seeing a big uptick in interest in MSSPs [managed security service providers]. Security people are expensive and in high demand.” Another said, “We are anticipating another 20% to 30% growth on services. We attribute it to more of a pivot toward managed services. We’re in a really hot sector, it’s growing really fast and there’s a cyber-security talent shortage nationwide.”

Companies expect growth in security as a service (SaaS) and are expanding their ability to deliver. A German partner said, “SaaS solutions will also become more and more interesting for customers because they can save personnel and resources.” A U.S. partner said, “We are entering into more MSSP programs. … Zscaler [Inc.] is one in the past 12 months, Palo Alto [Networks Inc.] is doing more managed programs, Cisco [is] doing more partner-delivered managed services. Those programs are things we are entering into. Horizon3.AI [Inc.], [penetration testing]. More specialized — CyberArk [Software Ltd.] and others in the emerging space.”

Staff scarcity was also cited as driving demand for automation because it can reduce the required workload. A U.S. partner said, “Related to the shortage of labor in the security market and incident response, a lot of us are going to be looking to streamlining and automating our processes to make up for that lack of human resources.”

Automation applies not only to customer plans but how partners plan to provide services to customers. A U.S. source said, “People are coming to the point where, if you want to call it AI [artificial intelligence], but there are manual processes you can automate.” Another said, “With the lack of people available in the consulting space, we’re going to be a lot more reliant on tools and frameworks that we can almost automate to deliver these services to clients.”

Hybrid Work
An underlying theme to 2023 budget reallocations is the technology surrounding hybrid or remote work. A U.S. partner said, “Work from home isn’t going away — at least hybrid. As people are thinking through their zero trust or other things, it’s a big piece.” A German partner said, “Some people are now working more in the office again, but it has been noticed that home office also works well and they want to keep this option.”

Endpoint Security
Six partners said endpoint security is pulling more customer budget with EDR and XDR offerings, consistent with comments in OTR Global’s Nov. 7 Palo Alto report, in which Cortex XDR emerged as an anticipated 2023 growth driver. A U.S. partner said, “EDR products, specifically CrowdStrike [Holdings Inc.], SentinelOne [Inc.] and [VMware Inc.’s] Carbon Black, as well as other services, and an increase in XDR [are a growing priority]. It is just what is happening now.” Another partner said, “In 2023, we’ll see trends in solutions and tools not only doing one thing ─ such as CrowdStrike or SentinelOne. They’re not just doing threat detection or response, they’re also starting to creep into the market of asset identification and vulnerability identification, [though] SentinelOne and CrowdStrike are maybe not doing it as well as a company like Tanium [Inc.], for example, or Microsoft [Corp.].” A German partner said, “Traditional VPN, AV and endpoint solutions, i.e. [Broadcom Inc.’s] Symantec, Kaspersky [Lab Inc.], [Trellix Corp.’s] McAfee are being replaced by vendors offering new technologies, like Zscaler, CrowdStrike, Tanium. But also Cisco, Check Point [Software Technologies Ltd.] or Fortinet [Inc.].”

Remote Access and Identity
Partners also expect budgets to be allocated toward remote access, including through zero-trust solutions and identity. A U.S. partner said, “[I expect] a continued focus on cybersecurity, especially the push to harden access into Active Directory. Endpoint security and identity will remain top priorities, customers have little option but continue with those investments.” Another U.S. partner said, “The elimination of VPN [virtual private network] technology and replacing [it] with zero-trust approaches [is a priority]. The whole point of zero trust is you could do these things without a VPN and make it more secure.” Another partner said, “One of the core things for zero trust is web access management, which is your Okta [Inc.]s and Ping [Inc.]s of the world.”

Consistent with comments in OTR Global’s Nov. 11 Zscaler report, partners said customers who acted quickly at the beginning of the pandemic to secure remote users are now taking a more strategic approach. A U.S. partner said, “Everyone rushed and gave no thought on how to protect ourselves. Maybe a VPN with MFA [multifactor authentication] and that was it. They threw money [at it], and now we are past the health part of COVID for the most part and as people are thinking through their zero trust or other things, it’s a big piece.” A German partner said, “We are replacing a lot of classic VPN solutions with Zscaler. Because during the pandemic it had to happen quickly, customers had extended their VPN solutions, for example with RSA [Security LLC] tokens, and they are now investing in modern infrastructure with Cisco Umbrella, Zscaler, Fortinet, etc. We see a lot of SD-WAN [software defined wide area network] projects replacing classic point-to-point connections. But, in the mobile workforce space, SASE [Secure Access Service Edge] is certainly the key driver.”

Endpoint Computing
Sources said customers are focusing part of their 2023 spending on replacing the panic-purchased inventory of 2020. A U.S. partner said, “Everything was panic buying. They were worried about stock and running out of stock.” A U.K. partner said, “[We’ll see an uptick in] the mobile stuff for people working at home, such as laptops, as you have a lot more people doing hybrid working.” A U.S. partner focused on lifecycle management said, “Distributed assets. Desktops and laptops. … With the change of the global workforce there is a lot of replacing distributed assets.” Another U.S. partner said, “When I think of smaller clients, they’re generally going to be [budgeting for] endpoints and workstations — Dell, Lenovo and HP.”

Additional Quotes
North America

“Wi-Fi7 is going to be big for next year. The problem I anticipate is availability. I’m thinking [some customers] will not cancel Wi-Fi6 [orders]. SLED end users are late adopters so they won’t. … But your typical end-user business-to-business customer they may cancel [Wi-Fi6 orders to buy Wi-Fi7].”

“People aren’t as much worried about which supplier, it’s what area first. ‘Should I buy identity, endpoint, encryption, SIEM [security information and event management] first?’ Then from there, they can quickly get it down and do a shortlist of what will work.”

“We are considering adding Cyolo [Security Ltd.], an OT [operational technology] and PAM vendor. Primarily because it’s a new space, internet of things. It’s basically privileged access management with a context on internet of things.”

“Some customers that moved to the cloud are pulling back some apps to on-prem and using a hybrid model — and that is what we are seeing in all customers.”

“We are now seeing more adoption of cloud-centric phone systems. We are a big Cisco reseller. That’s something picking up. The adoption of UC [unified communication] to the cloud service. Microsoft Teams as well. That’s very popular.”

“On the security side, the two areas where we see growth are on EDR, and some type of penetration testing and VM [vulnerability management].”

“I can think of people that reacted [to COVID-19] that were expanding business as usual, buying more VPN, that are [now] shifting more to a cloud delivered or SASE as well as cloud calling and conferencing and stepping back for the long-term fit because we put something in place for the pandemic but is it right? Does it make sense for five to seven years?”

“Any vendor that provides subscriptions for services that was based on a high count [is at risk of declining contracts due to layoffs]. Things like Microsoft Office 365 sold on a per-user basis will see a decline when it is trued up based on count.”

“We hope to move more toward open source, distributed applications, block chain technologies. Applications that can run on the block chain.”

“It is an evolving workforce. Customers are still adapting to being more remote.”

“Customers want to squeeze as much life out of their networking equipment as they can. All the manufacturers have extended licensing and maintenance terms. … Networking hardware won’t be replaced any time soon; that won’t be where the money is going”

“We were already a Netwrix [Corp.] partner but we’re going to increase our partnership in order to invest in Netwrix. They’re an IGA [identity governance and administration] vendor and they are pretty darn good.”

“General process automation reduces demands on IT staff. Coordinated upgrades, disaster configurations, patching, maintenance. [IBM RedHat] Ansible reduces labor hours.”

“People are saying, ‘Can I get rid of Wi-Fi altogether, using MPN [mobile private network] or 5G, and have my security posture in the cloud with a model where I don’t trust anything?’”

“The projects I have in flight are all waiting on hardware for deployment, and IT is predominantly worrying about the next step after that. What will they do next?”

“We have replaced some Sophos [Group PLC] environments recently, especially with Fortinet. Our main SD-WAN vendors continue to be Cisco and Fortinet followed by [HPE Aruba] Silver Peak, who work closely with Check Point. Check Point does not have its own SD-WAN solution yet.”

“Those businesses that have said they are going to continue with a hybrid working policy will have a collapsed pipeline for LAN, Wi-Fi, access control, CCTV — all those digital services that would have been up for refresh. Instead they will be reusing assets from the buildings they close for the buildings they decide to keep.”

“I’m seeing customers that had adopted hybrid and are now asking their staff to return to the office. For them, I’m seeing a downturn in their security requirements for remote users, with a shifting of the way they get their WAN [wide area network] infrastructure with increasing internet and lowering of MPLS [multi-protocol label switching].”

“Availability of products is becoming more and more important. More and more customers are asking us what alternatives there are if Cisco’s delivery times continue to be so long.”

“We are getting more and more requests for SD-WAN and are already implementing significantly more SD-WAN projects, sometimes at the expense of traditional security, so that customers are buying SD-WAN with appropriate security features. SD-WAN and cloud will be important drivers next year.”

“We are finding that some customers are extending their cycles. Before, they did refreshes after three years, and now they say five years will also do.”

“Our large customers are complaining, but they are currently making billions in profits and I think they will also invest heavily in IT again. We are very well positioned with our customer base in the public sector and large customers, but I know that other integrators who work more in the SMB or midmarket have certain problems, because the macro factors affect these market segments more negatively.”

“Everybody is talking about consolidation. We have customers who have a Cisco EA and could have everything but then do a market analysis on XDR or SASE. So we ask ourselves, ‘Why don’t they just do everything with Cisco?’ But customers will have to consolidate because they don’t have enough staff to support multiple vendors.”

“Many of my customers are big military integrators, so business for them has been quite consistent, and that’s not changed. I know that could be somewhat against the grain but as a company we’ve been growing consistently year on year for the last 10 years or so.”