At MPOWER Cybersecurity Summit, Adam Philpott, President, EMEA McAfee, talked to us about some of the key 2018 regional cybertrends and outlined the vendor’s priorities for 2019.
What key trends have you seen in the region in 2018?
I think the most notable trend across the region – including the Middle East as well – is the march towards cloud. I think that’s massive. It’s almost not newsworthy it’s so well known but I think there are some really interesting things within that.
When you look at the role of a CIO or even a CISO, the role is changing because of cloud and hybrid infrastructure. CIOs in particular are becoming architects of piecing together these cloud components and so they become the architect of these services and we need to help them with that.
Are there are any regional differences within EMEA as to cybersecurity approaches?
I think there is a sovereign view on cloud, where information is stored – that’s pretty common place across Europe I would say. I think there are different appetites for risk in terms of adoption – the early versus laggard adoption of technology.
I see the Nordics as early adopters and mainland Europe perhaps a little slower, Germany maybe even slower. Although we do see, because they are now in or going into cloud, that they are adopting at the same pace as others. The cloud seems to buck that trend a little bit I would say.
But definitely the Nordics are early adopters. I lived in Australia for many years and, similar to the Aussies, they are avant-garde when it comes to technology.
What do you see as the key talking points as we move into 2019?
The common themes that I’ve seen for more than the last six years are complexity, talent and the threat landscape. And those are kind of enduring trends.
That doesn’t mean they’re the same thing that they were, it means that they’re worse than they were.
Take talent. There are fewer people now – there is a greater deficit of talent today. Three years ago, we said there was a deficit of one million practitioners, now we see that at three million.
On complexity it’s getting harder, there are more and more complex systems – we have operations technology, IoT, sensors are coming in. The infrastructure that organisations are looking to protect is getting more complicated but at the same time the systems they use to protect that has also got more complicated.
So, there are more vendors, more products etc. If you go to RSA, there are 1,400/1,500 vendors – it’s mind bogglingly complicated so I think that’s a challenge. And also, that then exacerbates the talent challenge because you’ve got more stuff to protect, you need more skills to do so and there’s only so many multi-functional skills someone can have.
Then there’s the threat landscape. It’s not just sophisticated threats and the ever-increasing sophistication of the Dark Web and the bad actor communities and the public-private partnerships in the Dark, Dark Web, but also the volume of attacks – there’s just so many of them.
And some of them are pretty basic, just keeping up with basic block and tackle patching is pretty hard.
And again, I think with that threat landscape and that complexity, there’s also the talent piece – that if you’ve got complex systems to defend, you can’t detect at the pace you need to and act upon that. And therefore, you need humans, but humans can’t operate at the pace that digital crime can. So, there’s a real morass of challenges for customers to face.
Machine Learning – what role does that play today?
Machine Learning is really interesting. You can get phones that are called ‘AI now’ – but I think we’re a long way from singularity. That’s not to say we’re not using AI, but we’re very much in the early stages of it as a society I think, even as an industry.
But the interesting thing that our CTO, Steve Grobman, has talked about is how Machine Learning augments human capacity.
So therefore we reduce the number of people we need, we share the workload. We get the machines to do the hard, high-volume work and then humans do the intelligent work that computers can’t do, but have the basic stuff done more rapidly for them.
It was once put to me that it’s like comparing Iron Man to the Terminator. So Iron Man augments humankind. It’s a suit you put on, so you’ve got human and machine working together. Terminator is a robot that replaces human kind in the worst possible way. Iron Man is really how we see the power of Machine Learning and AI today.
Do you think ML and AI is the way the industry will look to go?
I think more and more it will do. Singularity is the point at which humans and AI have intelligence in common and that’s a long way away – it may not even be a reality – but I certainly see augmentation as being the practical application of it today.
Is ensuring a diverse workforce set to remain a key part of your strategy?
It will because I care about it – it matters to me. We talk about our company values and our ‘why – why are we doing this?’ and of course we are doing it to earn a living and support our families and so on but there are many places we can earn a living. We’re doing it here because we believe in the purpose of the company. And part of that value system is also around having a team that reflects the nature of society we’re seeking to serve. And I applaud what the UK government is doing as well – it’s not about quotas but being visible, how do you compare to other organisations? I think that’s a really good thing.
How has GDPR been for your customers – has there been an upheaval within the region?
I think there was a bit of a grieving process – a bit of disbelief at first and then recognition, then comprehension, then whatever stages one goes through, and adoption.
I think by the time GDPR came onto the statute books earlier this year, customers were in a broadly manually capable position. They had manual processes to deal with it. They want to move to a more automated mechanism to do that. So I think there’s been a different approach from different clients.
Our approach as an organisation, was led primarily by the corporate council, by the legal team. But it was very much a multi-function effort. I think most organisations got on board in a pretty good way.
We’ve seen the ICO double the fines that they’ve handed out on a per organisation average since May, although net fines have decreased slightly. So there have been fewer organisations but bigger fines issues – that’s how I interpreted their data.
There have been some interesting ones in the press where they’ve been making an example of organisations, not in terms of naming and shaming but, for example, they’ve fined organisations in the UK and said the fine is actually less because of the way the organisation has engaged and been transparent in the process.
I think it’s quite clever how they’ve done that – not just going with fear but saying ‘here’s the positive behaviour we’re looking for’, which is quite a nice blended approach I think.
Finally I would say, going back to the cloud and looking at the sorts of information clients are trying to protect, they don’t always know where it is. If it’s in the cloud they don’t always know which country or so on it might be in, depending on the nature of their contract. So we’ve seen a huge uptake of things like data loss protection capabilities.
Are you able to touch on your channel partnerships and the importance of those to the business?
We had a partner day for EMEA and had 250 partners there which is significantly up from last year. I’ve brought in a channel leader, Ed Baker, who came in mid-way through the year.
I asked him to come in and just drastically re-shape our channel strategy. And there’s a myriad of things within that.
Some of the things within that, which you wouldn’t necessarily consider, are our culture. We need to have a much more channel-centric, channel favourable culture, because if we don’t build trust with the right set of partners, they’re never going to be able to transact at the volumes required in order to repilicably use their billable skills.
So it’s just going to be cost and then loss of knowledge, cost and then loss of knowledge rather than invest, re-use, re-use and that’s how they make profit.
For us, that also means our customers get better outcomes and they’re not fully dependent on our limited professional services capacity. The partners have the capacity so they get much better outcomes, quicker time to value, less day two support cases etc.
Ed has come in to re-shape the strategy and to simplify it, to focus it. To look at how it integrates not just as a channel team but into our sales organisation and the other functions as well so I think that’s really positive.
What I would say, and I say this to Ed – I really like holding people to the next level, is that strategy is for amateurs. You can have a beautiful strategy but it’s nothing without execution so for me FY 19 is really about measuring that we’re doing the stuff we say we’re going to do.
What will be the priorities for the channel programme in 2019?
There will be three tiers of partners that we really focus on. There will be global service providers, we’ll have a small group of those that are more global in nature and that we invest time with, not just creating managed services but in going to market on managed services.
You see so many vendors which build a managed service and they build it and think that’s the finish line and it’s actually the start line. If you don’t sell, then it’s just cost, so really going to market with them is the first tier.
Second tier is our regional partnerships. Different countries have different important partners, so we need to make sure we’re not dealing with millions of them but really focusing in on the few in a country that really want to co-invest and we can have joint growth plans with.
And then the third area is our distributors, who represent us at volume as well.
So those are the three tiers. There’ll also be a real focus on market expansion and new business. We sell an architecture and customers who get the most value from what we do don’t buy one or two things, they buy four or five or six different categories from us and they get that integrated systems value.
So really working with our partners to incentivise them, enable them and drive them to do that with our customers.