Pavel Ignatov - Fotolia
The best place to start a debate about the current state of the market is to look at what is happening with budgets. Customers are looking to spend on security as they look to protect themselves from the latest threats and TechTarget research indicates that UK firms are looking to spend more in the next year.
Q. Do you get the feeling that the rest of this year and 2016 are going to be strong for security?
Ian Trump: Could this be some of the requirements in the UK to do with the new European laws and the privacy issues? I’m wondering if that could be influencing the plans for next year.
Kevin Bailey: I wouldn’t put the new EU data protection regulation into the equation yet because I think too many people still don’t understand it. It has not even passed yet – it will come in at the end of this year and become law in a couple of years’ time. Organisations should be focusing on the new regulation, but they are not yet.
Neal Lillywhite: What we have experienced for a long time is that security has not been a boardroom issue. But as high-profile data thefts have increased over the past two years, it has slowly crept up the boardroom agenda and become a key business initiative.
- Stuart Taylor SI partner manager, Intel Security
- Neal Lillywhite Senior vice-president, northern Europe, Raytheon Websense
- Adam Bradley Sales director UK and Ireland, Sophos
- David Park Channel director, UK and Ireland, Fortinet
- Kevin Bailey Vice-president, market strategy, Clearswift
- Jamie Andrews Head of European channels, Lookout
- Ian Trump Security lead, LogicNow
David Park: We have seen more trends around outsourcing security.
Adam Bradley: We are seeing a trend towards organic growth in our customer base, which suggests they are preparing for a positive economy and therefore looking at new technologies and projects to attack their markets differently.
Stuart Taylor: We are certainly seeing money being spent on new technology, putting pressure on some of the more established systems. Customers are looking to enhance security defences to deal with the evolving threat landscape, while also consolidating their portfolio and benefiting from a true end-to-end connected security solution. Business transformation projects are taking place with the aim of driving costs down.
Q. In the past, people would shop for firewalls, but now the customer is worried about fixing issues, such as defending against advanced persistent threats. When asked how they buy, 75% of customers said they are looking to respond to a business problem and are prepared to look at a number of vendors to help them with that. Is that your experience?
Taylor: We have been talking about the ‘security connected’ message for ages – integrating solutions is absolutely key. The partners that truly understand this are able to deploy effective solutions and have therefore become a trusted advisor to their customer. Those partners which have taken this security connected message on board are seeing the benefits. We have to support them so they can understand the technology and deliver it efficiently in a profitable manner. We want them to become more relevant to their customers and are trying to make sure our sales representatives and partners can have a discussion which focuses not just on the technology itself, but also on the solution required by the customer.
Q. Are your channel partners in a position to take advantage of the changes that are happening in the market?
Taylor: We have all talked about consolidation before. It has previously been about putting more on a single device and reducing the cost of delivering it. This is valid, but consolidation discussions now consider multiple point solutions as well. The value can be found in integrating them so they are more effective at identifying and remediating against the threats that are out there. Our partners take that forward by planning business transformation projects. If you look at many large organisations, they have already deployed solutions and are not necessarily going to change the plethora of solutions they work with overnight. We have to work with channel organisations which understand that process and have the relationships in place with those customers to be able to work through the client transformation.
Bradley: We see a very similar thing as we are starting to see the market demand something different from us. People want a more encompassing policy enforcing capability and not a range of point products that will do a very good job at what they do but can’t actually be applied across policies. People want to have simpler management, and clearly they want to reduce cost. The message we are getting clearly from the channel is that they want a more comprehensive security solution – they want it to be simple but also to act as a system. Those are the three things that drive our focus as a vendor. We are focused on customers with 100-5,000 employees, and that really fits well with companies that don’t have armies of specialists to manage this stuff, which can be overly complicated and sometimes ineffective. These customers just want something they can put in and get going.
Park: In the past, a traditional reseller would have looked at a point product, put some margin on it and sold it to a customer. The boardroom got into the midst around looking at the costs of running their infrastructure and making sure it is secure and they are pushing that out to partners. Some of the things that were important in the customer boardroom are now important to the partners and they are looking at their cost model and their business and what they can deliver and the ease of delivering that.
Jamie Andrews: It is also about the security market maturing. If you went to InfoSec 10 years ago, the discussion was all about best of breed, whereas at this year’s show in April it was observed that the vendors’ core strength is often their breadth. Instead of sticking with core technologies, they now generally have a much wider portfolio and a wide product range to provide additional revenue streams. This shows the maturity of the market – customers might not want best of breed any more, but instead want the intelligence and the integrated message of a wider solution.
Bradley: If you look at the armed forces – the Army protects the land, the Navy protects the sea and the Air Force protects the air. Those three entities are siloed within themselves, but do they communicate? Absolutely. And do they share critical information in real time? Yes. But that is the thing that the security market doesn’t do in the corporate market today. That’s what I think we are all striving towards because I think the best of breed has run its course and people need and want a more consolidated effort that is more proactive.
Taylor: With more and more devices entering the market, being brought into the corporate environment and attached to the business network with the internet of things [IoT], we have to make sure we can protect them.
Park: Years ago you didn’t plug your video into an Ethernet port, but if you buy a Blu-ray player now you plug it into the wall and you need more Ethernet ports than you do power sockets in the house, and security is becoming more apparent to people as more and more things are connected. Consumers are going to work and saying that they have all these things connected at home so what do they have at work that is plugged in and what are they allowing to connect to their infrastructure.
Bradley: I think we are overlooking the risk of the IoT. You can have a fridge that connects and does your shopping for you and a TV that connects and downloads your movies for you, but zero security has gone into those devices. When those things are on the network there is a free pass straight through. I don’t think we have seen the challenges of being hit by that yet because it has not become mainstream, but when it does, it will become obvious that many of these access points don’t have even the most basic authentication mechanisms.
Q. Is there not an opportunity for the security industry to help guide IoT manufacturers?
Trump: The security research industry has been trying to have this dialogue with manufacturers. We have to have dialogue, but it has to go in the right way so it doesn’t scare people. There are going to be challenges with the IT supply chain.
For example, say there is a washing machine that you can plug into the wall and it will do your washing for you when you ask it to. That sounds like a great idea – until you have a vulnerability where you can turn the water on but can’t pump it out and then you are looking at costly damage that could be done by hackers because they have exploited that vulnerability.
I think that when lawyers start understanding the litigation potential around these types of things we are going to see a fundamental shift in terms of securing the current internet of things. Subscription-based security is also going to become popular because the business cycle now is so aggressive around growth that buying licences for one year doesn’t work because people can’t predict how many they will need.
The idea that you could go month to month or quarter to quarter is a really popular option, especially for security. For example, SMEs went a really long time thinking that their antivirus [AV] products would protect them, but they failed. The message to SMEs is that you need a number of different technologies – you need to be able to manage effectively through one pane of glass.
SME security is so precarious right now that if you give them complex solutions it won’t help. The opportunity in this space is huge and I think the next big thing will be security bundles that can meet business needs.
Bradley: Those bundles must be integratated.