Helping future-proof security with Data-first SASE Platform: Manny Rivelo, Global CEO, Forcepoint
Express Computer (EC) recently conducted an enlightening interview with Manny Rivelo, Global CEO, Forcepoint. During this interview, Rivelo provided insights into Forcepoint’s journey as a standalone commercial entity delivering its differentiated Data-first SASE platform, Forcepoint ONE. He emphasised the profound impact of cloud technology’s evolution and the advancements in Generative AI, which are paving the way for exciting opportunities in the SASE approach. Read the full interview
EC: What makes the Indian market hold such significant importance to you, given your extensive experiences and numerous visits to India?
Manny Rivelo: I haven’t been to India in two years. Two years ago, we established an innovation center in Mumbai, which now has nearly 200 employees. Our commitment to India as a company is very strong, especially considering our large customer base here. During this visit, I had the opportunity to meet with customers, our development team, and ensure that they understand our direction. Although I have been to India frequently during my time at Cisco and with other vendors, I believe there is still untapped potential. India produces an incredible amount of young talent, but it often lacks the maturity found in other markets. To tap into this potential, two key factors are needed. First, strong India-based leadership that has global experience can mentor and shape this young talent. Second, companies need to move beyond providing sustaining work and focus on innovation. This is why we intentionally named our center the India Innovation Center, as we aim to build products here rather than just fix bugs. The talented individuals here are working on critical aspects of our platform, and we are fortunate to have them. We want to continue to harness this talent as India evolves and changes.
EC: How is Forcepoint solidifying its position as a prominent security player following its split and subsequent acquisition in India?
Manny Rivelo: Forcepoint, once a small piece of Raytheon, a renowned government contractor and systems innovator, underwent a significant transition. It was acquired by Francisco Partners, a successful private equity firm. Under new leadership, Forcepoint was divided into two distinct entities: a government business and a commercial business. This strategic move aimed to unlock the untapped potential of each segment and maximise the individual value.
The government business, after a successful run, was later transacted to TPG, another private equity firm. On the other hand, the commercial business embarked on a journey to tap into the growing market of Secure Access Service Edge (SASE). With a strong foundation in raw technology, the commercial arm of Forcepoint recognized the need to pivot towards cloud-based solutions. Furthermore, we made strategic acquisitions, including cyber Inc, based in Pune, and Bitglass. These acquisitions formed the bedrock of Forcepoint’s cloud-based platform, aptly named Forcepoint ONE.
As with any technological transformation, the migration to the cloud and the integration of various technologies into the platform is an ongoing process that requires time and adaptability. However, we remain committed to our strategy, which consists of two vital components. The first component focuses on SASE, a comprehensive convergence of technologies that are now delivered through the cloud. The second component revolves around strong data security, extending beyond traditional Data Loss Prevention (DLP) measures and addressing the entire data lifecycle.
By combining expertise in SASE and data security, we bring to market a Data-first SASE platform. This innovative approach recognizes the need for holistic security solutions that safeguard data throughout its journey, ensuring comprehensive protection for businesses in an evolving threat landscape. The split of the two Forcepoint business units and its subsequent transformation highlights the company’s dedication to harnessing the potential of different market segments and delivering cutting-edge solutions that prioritise data security in the era of cloud-based services.
EC: Can you explain how the Data Led SASE platform-Forcepoint ONE is growing in the Indian enterprises?
Manny Rivelo: We have been focused on implementing a data-first approach within commercial business for the past couple of years. This approach entails considering data as a primary concern while designing and implementing security measures. We are actively bringing this Data-first SASE product to the market, with plans to further enhance it by introducing additional features, functions, and use cases in the future. Recognising the value of data and the increasing risks associated with it, we emphasise the integration of data policy and security policy within the network. Rather than treating data security as an afterthought, the approach is to prioritise data alongside network design, particularly in zero-trust networks. Hackers primarily target valuable data, necessitating a shift towards a data-centric security perspective. This perspective considers data as an essential aspect of security, both within and outside the network perimeter.
India’s adoption of cloud-based services and SASE is progressing, although it may not be as forward-leaning as countries like the US or Australia. However, there is an acceleration in cloud acceptance in India, making it a significant market for SASE adoption. The acceptance of SaaS (Software-as-a-Service) applications and infrastructure services indicates a good market for SASE, as it addresses the connectivity needs of hybrid environments.
SASE is not a specific product but rather a collection of technologies delivered through a cloud-based architecture. The cultural maturity of leveraging the cloud and accepting its security aspects is crucial for SASE adoption Cloud providers specialise in delivering cloud-based services and have the expertise to ensure security and efficiency by moving certain components to the cloud, such as the control plane and analytics, organisations can benefit from speed, agility, and cost savings.
One of the advantages of SASE is its ability to intercept and inspect traffic in a more efficient manner, as users can be located anywhere and work from multiple locations sending all traffic back to a central office creates latency, costs, and potential choke points. By leveraging SASE, organisations can reduce the need for VPN connectors, larger network pipes, and maintenance of on-premises infrastructure. Moving to the cloud also shifts certain responsibilities to the SASE provider, such as software upgrades and patching, which can increase productivity and reduce costs.
EC: Can you share Forcepoint’s progress and plans for the Indian market?
Manny Rivelo: Over the past year, we have experienced significant success in terms of customer acquisition – with a customer growth rate that has exceeded 400%. This indicates that we are operating in a rapidly expanding market. We have attracted both new customers and those who have transitioned from old technology to our new and improved solutions. Our progress has been remarkable, considering our relatively short time in the market.
Our goal is to move into the Leaders quadrant as defined by Gartner. This move is contingent upon acquiring more customers, as customer wins are a key factor in determining the vertical axis of execution. We are confident in our ability to become a major player in the market. As I engage with customers, it has been encouraging to witness how our vision and strategy align with their needs. Execution is the key to our success.
In terms of security needs, whether a company employs 2,000 or 60,000 individuals, the importance of security remains the same. The potential harm that hackers can inflict on a company’s data is significant, regardless of its size. Additionally, with new regulations coming into effect, the penalties for data breaches can be severe. The difference lies in the resources available to address these security needs. Larger companies can afford larger IT staff to meet their security requirements. On the other hand, smaller companies often rely on a single person to handle network security along with desktop support. This integration requires careful attention, as there are limited resources available to carry out the necessary tasks.
We offer our solutions to companies of all sizes. However, we are experiencing significant momentum and excitement within the mid-enterprise segment of the market. This is because our integrated stack allows fewer individuals to handle more tasks and maximise the benefits of technology.
EC: In a highly digitised world where organisations are embracing digital transformation and actively generating and consuming data, what are some of the best practices you would recommend for ensuring robust data security?
Manny Rivelo: Data security is a critical aspect that has often been overlooked in many organisations. During conversations with customers, it has become evident that they are often unaware of the structure and location of their data. In the past, it was easier to keep track of data as it was primarily stored within on-premises and data centers. However, with the adoption of external services like SaaS and infrastructure services, as well as the remote work trend accelerated by the COVID-19 pandemic, data has become more dispersed. Amidst the pandemic, many individuals had to take data home to continue their work remotely.
Consequently, data has moved beyond the confines of the enterprise, making it challenging to maintain its protection. It is essential to know where all the data is located to effectively safeguard it. Additionally, data classification plays a crucial role in data protection. By categorising data based on its sensitivity, such as personally identifiable information (PII), confidential or proprietary data, organisations can prioritise their protection efforts.
Not all data holds the same level of importance within an enterprise. Some data carries significant risks, like exposing customer information or facing regulatory compliance issues. On the other hand, there is less critical data, such as casual email conversations or lunch plans. Implementing better controls for structured data, which follows a predefined format, is comparatively easier. However, safeguarding unstructured data, which includes documents and files created by employees, requires more comprehensive measures.
While network security has received considerable attention, the exponential growth of data demands a more holistic approach. Enterprises are beginning to realise the importance of data protection, driven by increased scrutiny from governments and regulators. The penalties for non-compliance have become more severe, prompting organisations to prioritise data security. However, it is crucial to recognize that network security and data security go hand in hand. Both aspects must coexist to create a secure environment. By implementing robust network security measures and governing the flow of data across various channels, organisations can ensure the overall security of their valuable information.
EC: As a security provider, what insights can you offer regarding the security concerns associated with the adoption of ChatGPT, considering the increasing interest shown by companies across various sectors.
Manny Rivelo: When new technologies emerge, it is common for people to initially resist adopting them. This pattern has been observed with the introduction of various technologies such as the internet and cloud computing. The same apprehension was seen when ChatGPT technology was introduced, as it represented a significant advancement in AI capabilities. However, generative AI, including ChatGPT, is becoming increasingly integral to every aspect of business operations. Recognizing this trend, it is essential for organisations to manage the risks associated with these technologies rather than trying to completely prevent its use. The key objective is to establish control over their usage. One effective approach is to form an AI council within the company to define policies and guidelines for the application of AI. This helps clarify where AI can be utilised and where its use should be restricted, similar to determining which websites are allowed or prohibited.
Technological solutions also exist to regulate AI usage within an organisation. These solutions can block AI entirely for all employees or specific groups, or limit access to certain AI engines. By implementing deny and allow measures, organisations can be selective in granting AI access based on individual or group needs. It is crucial to ensure that only those who are trained and can derive value from AI tools are granted access, while others are restricted. Furthermore, data security services can provide visibility into the usage of AI and monitor the information being processed by AI systems. These services enable organisations to understand how AI is being leveraged and ensure compliance with data protection regulations. Overall, it is important for businesses to embrace AI as a foundational element in their operations. With proper policies, controls, and data security measures in place, organizations can effectively leverage AI to enhance their productivity and achieve their goals.