‘As-A-Service’ model: The future for partners operating in cyber security domain

0

It will be difficult for partners, who are offering traditional cyber security solutions, to
continue with their current model. Cloud has upended the business models. The ease with which products can be provided ‘as a service’ over the cloud is making the businesses of many partners redundant. K K Mookhey, Founder & CEO, Network Intelligence, and Altaf Halde, Global Business Head, Network Intelligence speak to CRN

With the emergence of cloud, how do you see the evolution of cybersecurity players in the channel partner business?
K K Mookhey: The quickly emerging and faster growing cloud-first and mobility-first startups are changing the way enterprises use IT. They are providing a huge value addition to enterprise end users. The same applies to the channel partner ecosystem. Cloud is disrupting our business. The conventional trading business of the channel partners is already disappearing unless the channel partner makes a value addition in
the offering.

Technology Goliaths like Microsoft and AWS are gobbling up technology companies and serving their solutions over their cloud offerings like Azure or AWS. Web application firewall is provided as a service. Even Privilege Identity Management (PIM), which was provided as a product is now available as a service. The same goes for Identity and Access Management (IAM) too. In such a scenario, the role of the players like Network Intelligence becomes ‘cloudy’.

Precisely why, the conversation with the system integrators usually involves how can we take bundled solutions to the end customer? This is where we tie the offerings from Network Intelligence with that of OEMs and deliver it as a bundled solution. Ways are also being explored to deliver services on an Opex model. Channel partners will invest in the Capex and then deliver using an Opex arrangement. The channel partners will have to identify the pockets of value addition.

What’s the level of maturity among the customers in terms of how they see the Opex model?
Altaf Halde: There are two levels of maturity. One class of customers is in an advanced phase and understands the requirements and the potential of cloud. The second level has identified the importance but needs partners like us to help them understand the potential and then implement. Moreover, the customers trust and see us as a partner in real terms when we go as a consultant whereas they perceive us as a seller when we represent a product company.

K K Mookhey: The consumers with installed cybersecurity infrastructure worth millions of dollars have come to the realization that they do want to explore the Opex or as-a-service model. The other type of customers who are yet to take a decision on their cybersecurity spend are also exploring the same model. They are becoming averse to the Capex model with mandates even coming from as higher an authority like the board of the company to freeze the Capex expenditure.

You have also launched new products and are in the process of entering into new LoBs. What’s the latest update?
K K Mookhey: I have a mantra in business- if a company does more than three times of the same thing, then either it doesn’t know its business or it doesn’t know enough about the space of cybersecurity. Companies should automate routine activities.

This thought is the genesis for our product ‘Firesec’. I was working on a firewall review project from a telecom company. There were 100 firewalls with the largest firewall having close to 15,000 rules. To review it manually wasn’t possible. We automated it by writing code for doing the review. This is the birth story of Firesec. The challenge with most of the end users is they are not able to optimally use the mammoth cybersecurity infrastructure bought over the years. Firesec helps them do just that. It passes through the network and recommends changes and suggests how certain security products can be better configured. Firesec not only helps in automation but also orchestration, wherein IP blocking and rule development can be automated after a ticket has been generated in response to an incident identified by the SIEM solution in the Security Operations Center (SOC). This is currently done manually by the L1 and L2 staff at the SOC. Firesec will be able to integrate with all the security technologies and examine if they are optimally configured.

Our other offering, ‘Insight’, is a Big Data analytics product for the security analysts. It’s provided as a service by doing a ‘Compromise Assessment’. We plug the product at the end user location and tell them whether they have been hacked already. But they are unaware about it. Insight has been built on the ‘elastic’ stack platform. It was realized that Elastic can be used to deliver threat hunting, CISO dashboards etc. Hitherto the traditional solutions weren’t able to do the analysis because they couldn’t take the massive amount of log volume. Elastic is able to intake gigabytes of logs and do the analysis before designing user friendly dashboards to bring the analysis to the fore.

What efforts have you invested in skilling your teams?
Altaf Halde: There are two more differentiators we have. Network Intelligence runs an independent business of cybersecurity training. It has been nine years since the training business is operational. Our internal hiring happens from these training interventions. The clients, in fact, ask us when the next batch is getting over for them to hire the required cyber security staff. Our competitors also look forward to hire from the same pool. The students passing out of our institute are immediately employable. There is no need for ‘shadowing’ or ‘on the job training’. The consultants working internally at Network Intelligence are the trainers. They are hands on with the operational and practical aspect of working with the clients. They inculcate the same in the students too. Thus, the training intervention is designed for the students to become problem solvers and trouble shooters from day one.
Secondly, skill upgrade and knowledge transfer are followed religiously at the company.

In the skill upgrade space, employees have been certified with the various cloud security certifications. The demand for cloud security professionals is high. We are a cloud-first company. Network Intelligence’s SOC and vulnerability management infrastructure runs on Azure. The cloud security certification program began two years ago. We are a Microsoft cybersecurity partner, which leans more towards Azure and Office 365. This is because a majority of the users are moving these applications on the cloud. The employees have acquired AWS security certification too. The efforts to get the employees IoT security certified has just started. Training programmes are also being run on ‘Critical Infrastructure’ security.

What’s the direction and key thrust areas that channel partners will take in 2018, in the cybersecurity space?
K K Mookhey: Managed security services will be a key thrust area for us. This will be powered by the technology being developed in-house and also that will be procured. International business will also be a focus area. We have set up shop in the USA and Singapore last year. The attention will be on four markets: India (60 per cent business), the Middle East (40 per cent), the USA and SE Asia.

Altaf Halde: Thrust will also be on skill development and training. The demand for cyber security jobs is only going to move northwards and we will play a significant part in providing skilled professionals to the industry
in 2018.