Juan Miguel Velasco, founder and CEO, Aiuken Solutions, talks about why managed security is a compelling business proposition for regional enterprises.
What does Aiuken bring to the table for customers?
When we started Aiuken around six years ago, we believed cloud was going to play a dominant role in the IT market. Back then, cloud was a mysterious thing to big companies and we strongly believed that cloud infrastructure will be the next security perimeter, which needs to be protected. So we started building services around that. Fortunately, we were right. The penetration of cloud is huge now, and cloud perimeter protection services have evolved over time. If you look at attacks like DDoS, it is impossible to prevent it outside the cloud because it is distributed in nature and the way telcos operate. As long as telecom service providers continue to make money from peering agreements, they will not protect you from DDoS attacks for the simple reason that more traffic means more money for them. Meanwhile, DDoS attacks continue to grow. We try to convince people that cloud can be a secure place if you take advantage of the tool we provide. We have two security operations centres in Spain and one in Latin America, and we are building a new SOC here in the UAE. We see an opportunity in this market.
When you say cloud security, is it primarily to secure the public, private or hybrid cloud?
All three. We realise that some countries have unique regulations for cloud in this region when it comes to moving workloads to public cloud environment. But, private cloud can also take advantage of the same public cloud technologies and solve data residency issues.
Do you also offer a hardware solution?
Not really. Appliance philosophy is good, I respect it but I don’t trust it. If you develop something then you should be able to deploy it in every hardware. Hardware is going to be useless in five years.
As long as you have connectivity and data centre availability, you can hook up to cloud services. We are one of the few companies that can look after our customers even when they under an attack. We will not say, solve your problem first and then call us. Because of the technology we have, we can apply that on an ongoing attack, which is an issue for many other vendors.
So how would you stop a DDoS attack? You don’t deploy anything on premise, do you?
No, we don’t. It is just a matter of moving traffic between our SOCs and our alliance partner networks. We just divert traffic based on BGP, DNS, and we combine different technologies and different architecture. The nice thing about DDoS attacks is that you know where all the attacks go, though you don’t know where they are coming from. If you are able to combine BGP, DNS and distributed connection, you can stop these attacks from reaching their target.
Do you have any customers in this region?
We are doing some pilot projects in the region now. Once we finish building our SOC, we are going to hire some local talent. In every country we operate, there is a lot of cybersecurity talent but the problem is how you develop it.
Do you offer training and certification as well?
Yes we do, and we like it. We train our customers not only on our tehcnologies, but also for many other technologies. We are vendor agnostic. So if you have Fortinet, or Palo Alto Networks, we don’t care; what is important that the customer has the confidence in you as a managed security service provider that you are able to operate whatever they have or may need. The problem is that companies have to invest a lot in resources of their own to try to understand the complex world of cybersecurity. In most of the cases, the investment they make is on hardware, which leaves them with no money for anything else. What we are trying to create is the awareness that companies like us are a reality and necessity in today’s world. We are the experts in our field, and we will do security as a service, and we will provide you with KPIs and SLAs.
What is your go-to-market strategy?
We operate in the market with local partners mainly telcos and ISPs or big integrators. We typically look for big SIs because our target is mainly medium to large enterprises. We are now partnering with local companies in the region – we have already signed up one in Saudi and another in Dubai. We are also talking to couple of telcos and ISPs in GCC.
When do you plan to build a SOC here?
We are looking at June or July.