Post its spin-merger with HPE software, Micro Focus is now a $4.5 billion company, with an enhanced security portfolio. Gonzalo Usandizaga, VP and GM of emerging markets and Neeti Rodrigues, regional director of enterprise security products, explain why the company’s open and intelligent approach to ‘securing the new’ resonates well with the regional security buyers.
Given that Micro Focus is a relatively new brand in this region, are you not going to face brand challenges?
Gonzalo: We are in the process of creating brand awareness. We have done roadshows since September this year to make customers aware of the scale and volume of the new company. Of course, there are questions from customers and partners about our innovations and portfolio, and they want to know about our future roadmap. The good news is that the product portfolios of both companies are complimentary in nature, with very little overlap.
How about the areas where you do have an overlap?
Gonzalo: We are taking a best-of-both-worlds approach, and we will continue to support what our existing customers have, and offer them a migration path. In the 40-year history of Micro Focus, we have never discontinued a product after acquisition. If the customers want to continue using a product or solution, we will support it forever.
You have announced an expanded security portfolio as a result of this union. Is your strategy going to be around analytics-driven security?
Gonzalo: Security is of strategic importance to us and it is going to be one of our growth engines. We see a big opportunity in this region particularly. From legacy Micro Focus we have IAM and single sign-on solutions, and when you combine these with legacy HPE security solutions such as ArcSight and Fortify, it gives us a breadth and depth that can address the security challenges our customer face. The fact that Micro Focus didn’t have a direct presence in the Middle East meant we don’t have a big installed base for IAM solutions, and we are going to cash in on that opportunity now.
Neeti: Security and information governance will be key pillars for us. If you look at the fastest growing areas within security it is around application security, data security, security operations management, and identity and access management solutions. And these are the areas where we are investing in heavily.
Do we need to rethink our approach to security in this age of dynamic threat landscape?
Gonzalo: Yes, and it should start with a change in employee mindset. Security is not a technology problem but a business one. So far, we have been focused on protection; what we need to realise is that breaches pose a serious risk to business, not just IT systems. Your company’s success depends on how good your security architecture is. This is why security has now become a boardroom-level discussion.
Neeti: If you start off with security as a tech problem, you have already got it wrong. Security affects your bottomline and that is why you can now see CIOs reporting to boards. The new breed of CIOs don’t talk about technology, they speak the language of business. They are C-level execs, not security managers, who speak of risk from a business perspective.
Should we plan to fail, if we can’t keep the bad guys out?
Gonzalo: Yes, and we are starting to see a lot of momentum around secure data and encryption. No matter how many firewalls or monitoring tools you have, hackers will find a way to get into your networks. How do you make sure they can’t access sensitive business data is what really matters. Encryption is going to be a hot spot in the next 12-18 months and we have Voltage line of data encryption and tokenisation solutions in our portfolio to address this.
Is compliance a big driver for security?
Gonzalo: Not yet, but it will be. There are lot of regional brands that have global ambitions and following regulations would be important for them.
Will analytics and machine learning shape the future of cybersecurity?
Gonzalo: Yes, and our strategy is to have analytics as the cornerstone of everything we do – be it DevOps, security or information governance and management. We believe security is a key component of digital transformation, and Big Data analytics will have a huge role to play, providing actionable insights to customers about their environments.
What differentiates you from other security vendors?
Gonzalo: The fact that we are taking an open and intelligent approach to security. You don’t have to limit yourself to one set of products or solutions; we believe no vendor can offer you end-to-end solutions to address the security challenges. Being open and collaborative to help our customers to respond immediately to threats is our mantra.
ArcSight is an ageing platform and users have been complaining about not being able to extract data to use it elsewhere. Have you addressed this issue with the newer version?
Neeti: The new ArcSight platform offers better visibility and insights with dashboards and built-in analytics. Most people don’t realise that we have aged out old ArcSight platform five years ago and it has now become more user-friendly, with actionable intelligence and threat hunting capabilities
Do you think sticking to basic security hygiene could help us avoid most of the breaches?
Neeti: Hygiene is of course important, but the biggest gap is in skillsets. Security is all about three things – people, process and technology, and we are woefully inadequate on the first two. Assuming technology can do wonders is wrong; tech by itself is just a tool and we need a full circle of people, process and technology.
Is Secure DevOps a big focus area for you?
Neeti: We have automated Secure DevOps with our Fortify portfolio. It is ten times cheaper to bake in security during the application development process itself rather than putting in compensating controls after it goes into production. In fact, the biggest growth we have seen in this region is from Fortify, and we have had double-digit growth in Fortify SaaS business.