By Reseller Middle East
Q) How has the security landscape changed over the last few years? How have these changes affected the demand for security solutions? How have these changes impacted your revenues from this line of business?
Since its establishment in the Middle East in 2004, Help AG has always focused on advanced IT security services and solutions, laying specific importance to three pillars: Application Security; understanding of the security impact of the application; and the governance and standards around protecting information. For the same reason Help AG also changed its motto from “protecting networks” to “protecting information”.
Looking back at the last 10 years, I must say that we were correct in our observation back then as security today is all about the application. We are also witnessing that requirements for governance and standards have increased, and will continue to increase a lot.
This evolution of the Middle East security market has in turn resulted in the materialized of three 3 different business units within Help AG. These are Security Analysis, where we focus on analyzing the security of applications and the network; Strategic Information Consulting, which focuses on the different standards and governing frameworks for protecting information; and finally Security Consulting, which focuses on delivering the most innovative security solutions in the market.
Today you can really say that the application is king, and whereas earlier on, we discussed about firewall throughput, today, the only relevant criteria for a firewall is whether or not it includes full applications visibility and security features. This is definitely an area that customers need to look at very closely.
For customers who publish applications, our focus lies in validating the security posture of the application.
Specifically from a technology perspective, the challenge of dealing efficiently with Malware is one of the areas that customers are very concerned about and we see a lot of focus on that.
What is very interesting in the security solutions field is that our technology area is constantly challenged as security needs to both adapt and enable other solutions. Because of this, we are always busy identifying new solid solutions. Personally, I think that the enablement of visibility of what is happening is one of the key aspects of security in the coming years. Specifically big-data analysis solutions look very promising given their ability to correlate multiple events and provide some level of automated response on an event. This way we no longer need to look for bad stuff, but can look at what is not normal as the baseline of our security environment.
Q) How do you go about selecting the vendor portfolio? Please list out your line up of security products and solutions?
Help AG goes to great lengths in order to identifying new solutions. The first step is to constantly evaluate our product portfolio and see if it meet the requirements of our customers and the security requirements we see coming up. Our security analysis team is a great source of knowledge and insight for this task.
The next step is to identify the major areas where we need technology and then finally, we begin evaluating vendors. Vendors are evaluated from both a technical and commercial perspective, but all aspects of a solution need to be correct. Generally it is easier to compensate for a poor local presence by a vendor if the technology is phenomenal, than it is to have a large sales organization present, but with a bad product!
In all of our core technology and solutions areas we simply perform group tests, where we evaluate how well the products work. This exercise allows us to build competence in both the technology domain as well as in the specific products. Right now we are spending some time in the lab identifying network access control solutions.
In my role as the Director of Technology Services at Help AG, I spend quite a lot of time reading analysts reports and also attending various security events both here in the region as well as in the US, Europe and Asia. This not only helps me understand what is going on in our technology domain, but also helps me identify that next solution that can address a complex requirement.
Q) What do you believe are the elements that differentiate your offerings from those of your competitors?
One of the things we focus a lot on is thinking of products as part of an integrated solution that needs to work together, without lowering the technical capabilities. This is opposed to the market trend of choosing products which are built by the same vendor. Some of the very large security vendors in the market try to position themselves as being capable of fixing every single problem for a customer, from AV, IPS, FW and Event management. The problem however, is that when you try to do everything you end up not being very good at anything.
At Help AG, we instead believe in identifying the correct point products and then the supporting solutions which will allow the products to work together.
This means that if you look at our portfolio today, every single product is included in the Help AG Security Architecture, which is a reference architecture that describes the various aspects of security requirements to various areas of a customer’s environment and maps the products into the correct technical controls.
Q) How is the adoption of cloud and virtualisation set to affect the security landscape and how are you preparing to leverage this change?
Needless to say virtualization has changed the way we deliver solutions or how our solutions integrate in the environment. However what is very interesting is that while before, virtualization was something that we needed security to integrate with, today, virtualization has become an enabler of security. I am speaking specific of computing virtualization and such aspects as VDI which is helping address how organizations can support BYOD. Here I am not just refering toa mobile phone, but also computers, laptops and whatever computing device of choice an employee may have.
Cloud is a little more difficult, as there continue to be many big unresolved issues in cloud relating to data ownership, legal frameworks and availability. That being said, cloud is here to stay and it will be a topic that is interesting to follow in the future. Many of the venture investments in IT security in the US are happening exactly in the domain of cloud security.
Q) Are there any other trends security partners should look out for in the next few years?
The area is increasingly complex and I would advise anyone to gear up for the requirements of the future. Investment in knowledge and human resources is increasingly important.
While other areas of IT may be ok with “good enough” services, IT Security and Information Security are areas where knowledge, experience and the correct exposure are required to deliver relevant and cost effective solutions.
In other words, in the future customers will focus more on value for money than just the financial aspects of a service, especially as IT security increasingly becomes the topic of board-room discussions.