On the front line of defence

What changes have you seen in tech purchasing behaviour and what is your market outlook?

There has been a dramatic change in end-user expectations. Their buying behaviour and patterns are changing. The times when people bought new technologies just because they didn’t have any budget constraints or wanted to stay up-to-date are long gone now. What we are seeing is that customers are doing due diligence and looking at the business case for any technology investment. Clearly, there is a big shift in IT investment from a Capex to Opex model. There are still many critical infrastructure projects going on where customers are requesting 3-4 years’ time of Opex engagement. In certain domains, companies are looking to outsource their IT operations, and there is a growing appetite for managed services, as compared to a few years ago.

Our business is growing, and we have just closed our H1 results with a year-on-year growth as a group. The growth of our networking and security business has also exceeded our expectations. This has become a market for really mature companies with deep roots; it is not a market where you can be opportunistic. The region is stabilising from geopolitical uncertainties and we are seeing, in general, a decent pipeline with solid and strategic projects.

 Cybersecurity is the bright spot in an otherwise sluggish IT market. Don’t you think this space is getting a bit crowded now?

 It is still a highly fragmented market. We spend a lot of time to understand how to build an offering that doesn’t leave any stone unturned and bring value to the users. It is crowded in the legacy security domain, but on the other hand, you have many niche players coming into certain areas of cybersecurity, which is a positive sign. However, there is a big question mark at the longevity of these vendors; most of them are small players who might get acquired or become cash-strapped. We don’t want to end up with a technology or a vendor that is vanishing from the market. This is why we continue to be standardised on two or three core suppliers, and it is IBM and Cisco for us, arguably the two largest security vendors today.

 We do have a lot of complementary solutions that create a story for us that we can take to the market. We typically look for products and solutions that complement our services offering. In any other domain, you can do basic implementation, offer break/fix IT support, but you can’t do that in security. It’s not about building the technology or putting the pieces the puzzle together; it is about running the whole process to ensure that the technology will meet your needs and protect your business.

 We have built a comprehensive security suite with people of high caliber from all over the world. If you want to classify how companies work in the security domain, you will find vendors with vision, but they can be counted on one hand. There are many niche players who offer solutions that plug into a particular area, but they are still point products. On the services front, you don’t have many system integrators who understand security. That is a key differentiator for us, and we do have a broad spectrum of products and solutions outside of security as well.

 Do you have any plans to build a SOC?

 We have always looked at the business case of building one, and the short answer is no. There is a reason for that – our customers are primarily large enterprises and government entities, which have on-premise SOCs. In fact, 81 percent of respondents to our annual security survey still prefer having their security operations on-premise; they will ask you to build it and if required, operate it, but they are not likely to outsource it. Our strategy is focused on enabling and building on-premise SOCs.

 If you look around, I don’t think anyone has been successful in the managed SOC market. Having said that, SMEs that face shortage of skills, and cost constraints are likely to outsource their security requirements to a managed security service provider. One key finding of our survey was that 32 percent of organisations in the Gulf did not have a SOC, which rules out detection and response strategy.

 Are you looking at the market opportunities around AI and blockchain?

 It is the next big thing, and you can see a lot of commitment from governments in the region to take advantage of the value they bring to the table. Clearly, we play a role with IBM, which happens to be a leader in both these domains. However, these technologies are still evolving and there is a lot of work to be done by the principles themselves. Our job is to ensure that we have the capabilities to bring these emerging technologies to our customers and we work very closely with IBM on cognitive computing. We are embedding these capabilities to almost every solution we offer, whether it is analytics or security, so that our customers can benefit from it.

 Should we now look to automating security functions with AI and machine learning?

I think there are many security processes that you need to automate. What we need to realise is that the same modern technology that we use to protect our organisations can be used by cybercriminals to break it down. We have pointed this out in our annual survey, where we said the future of cybersecurity will be intelligent machines fighting with one another over your organisation’s data. I think AI and machine learning-driven security automation is not an option anymore, just because of the  sheer sophistication of attacks and the volume of data being collected by organisations. You cannot process it manually in a short time to take the right decisions.