Cisco believes that the time has come to shift toward a more architectural approach for security as most of the organisations – be it government or private, have different vendors and they all invest and spend lot of energy on figuring out ways to correlate all threat information promptly to deal with threats before losing the information. In an interview with EC’s Mohd Ujaley, Stephen Dane, Managing Director of Cisco’s Global Security Sales organisation (GSSO) for Asia Pacific, Japan and Greater China, says “Security is not just about breeding technologies, it is about actually integrating them together effectively.”
There is lot of heterogeneity in an organisation especially when it comes to adopting security solutions. How this complexity could be addressed?
To address this challenge, Cisco is focusing on a combination of two approaches. Firstly, the best to breed approach which is that every technology that we make available to customers is excellent, the best in the market and adding to that an integrated architectural approach.
In the past customers have defended themselves by buying lot of technology solutions from many different vendors and that hasn’t served them particularly well. It has created lots of complexity and therefore cost of operating those different vendors is high and has a relatively low effectiveness. So, best of breed has not really served the customer very well and as we look forward and think about what is going to happen in the next five years we see the digital transformation of organisations really further complicating the existing security landscape. With more devices coming online, the number today is 15 billion devices. We have been saying for a while that by 2020 there could be 50 billion devices and by 2030 we are now saying well actually there could be 500 billion. The Internet of Things is already with us 3.1 billion things.
Does that mean role of pure play security companies like Symantec or Fortinet will be impacted as companies like yours and Microsoft are offering products and solutions embedded with security?
I do not think I would say that. What I would say is that we have an opportunity to help customers reduce the number of vendors by creating a platform placed approach. This helps them to reduce the hardware within that infrastructure and the interfaces that their operations guys and analysts use by ensuring that we are actually reducing that footprint. An example is in the past a customer would buy Firewall if they were worried about security they would buy IPS and then recently they would have a Sandbox. Those are three separate hard boxes, three separate interfaces, three people that would need to be trained, maybe six people, maybe more than that and today we are able to offer that in one platform. So we turn that sort of one, two, three on its head and we say nowadays next generation Firewall has next generation IPS and advanced malware protection software that sits on that box and that is one single interface to manage.
Purely play security companies have dedicated solutions and dedicated focus on security, so how do you compare yourself and your solutions with them?
Cisco has been making acquisitions in the security space for the last three years, specifically in the area of threat centric security. The biggest acquisition we made was of Sourcefire in 2013 which was a company that focused very much on next generation IPS and advanced malware software. What we have done is integrate that capability into Cisco security portfolio which existed off Firewall, Secure Access Knack and Content Security fundamentally. With the addition of some other acquisitions, what we have now is the ability to protect customers before, during and after an attack. We have technologies across three areas in terms of Firewalling and Identity Services Engine which is our Knack service and for Secure Access we have e-mail and web security capabilities. We have obviously Sourcefire, next generation IPS and then after we have technologies like advanced malware protection which has the ability to detect the file as it goes into an organisation which is what FireEye is, they put into the Sandbox and explode it.
We have a very broad portfolio that is in itself very focused on threat effectiveness and we have some unique differentiators around the ability to continually assess files. Cisco is the world’s leading cyber security player in terms of revenues and we think this is an opportunity for the industry to consolidate and for us to do things differently.
So it is not just about breeding technologies, it is about actually integrating them together effectively. It is about ensuring that at Cisco we are able to take advantage of this security concept everywhere. So putting these controls, the ability to control and see everywhere in the network, so within the switching environment, within the routing environment, within the branch, on the endpoint, in the cloud, to have security everywhere and the ability to see and control is fundamental to protecting an organisation particularly as they go along the digital transformation.
How has been India’s performance and what are the key verticals that are driving the demand for security solutions?
From an India perspective, in the last two years, we have seen quite a drastic change in the way Indian customers are thinking about security. Everybody realises that they are under attack. Nobody feels 100% secure anymore and they are all in the phase of now looking at how they can prevent once they are attacked and how they can remediate.
There is huge potential and demand coming from any company that has sensitive information. Different examples, like software ITS companies have got customer information and they host applications, so they are sensitive about that. From a manufacturing perspective it is IP, it is R&D, it is their code IP. In the public sector, a lot of the digitisation projects at the state and at the center have security built in for smart cities projects.
E-commerce is another place where lots of new companies are coming up and so security is important for them. I think it is across and not any specific vertical. Maybe some verticals are little more advanced in terms of adopting technologies. ITS for instance has been a little more advanced because they are global and they have been doing business with global customers for many years.
From legislation point of view, how crucial is it to have necessary regulation around cyber security?
It is very crucial and our expectation is that the government will look at that as a particular area to legislate on. I believe this will have a big impact particularly at the board level around how important security is seen through them because in the US that is certainly happening. We have not actually necessarily stopped many of the massive breaches but the disclosure element really forces the business holistically and from the top to consider security as an accountability.