India punches way above its weight on security: Jeff Reed, Cisco
Networking giant Cisco has been late to the software-driven model in the networking industry and is now being challenged by Huawei, Arista Networks and Juniper Networks. The $50 billion company, which saw flat revenues between late 2013 and late 2016, has since staged a comeback on the basis of its software business including the security and application division. The company is also poised to benefit hugely from 5G rollouts.
The security segment accounts for 16% of Cisco's revenues and is the third largest business segment for the San Jose, California-based based technology giant.
In a conversation with TechCircle, Jeff Reed, senior vice president for product at the company’s security business, spoke about the scope of the India market for the company. Reed, who has been with the company for close to a decade, also talked about the false promises of the IoT (internet of things) domain and why he remains cautious about it. Unlike other large technology companies, Cisco has not developed a marketplace for its customers as Reed believes that integration is a big challenge.
How has the cloud changed the cybersecurity paradigm from a networking company's perspective?
That is the most important conversation I have with customers. How users talk to applications is changing like traffic patterns or access patterns. We also need to revisit the type of security coverage we give our customers. The ramifications at the broadest level are how we are protecting the applications itself because it is built and operated differently now. We are in the early innings of a lot of these transitions and we are coming up with new solutions now.
Did Cisco wake up late to the cloud transition? Does that have an impact when you speak with your customers?
Not particularly. Part of the reason is the virtual firewall is like a transitory phase and the capabilities over time will adapt to the application and data centre environment. The types of control are changing but we do that a lot like the less and less firewall-based solutions. What we see is the micro-segmentation route. It is going to be hard even for a virtual network security solution to be dynamic as the application environment is. The services spinning up and down or the migration of services, I see a real pick up from the macro segmentation angle as the way to solve that. It is going to be a replacement for what the virtual firewalls might have done.
How important is India as a market with a lot of data centres coming up?
India punches way above its weight for us from a security perspective. It is doing very well and is bigger than what we do in Japan. It has been the number two market for Cisco in the Asia Pacific and Japan region. It has been a terrific growth region for us and one of the reasons for that has been the large IT investment in the country over the past few years and the security requirements that come as part of it. The IT service providers in India work for the world out of India and those vendors have grown and that helps our security portfolio. We see great traction for security from Indian enterprises as well as the financial sector.
Is the data centre security business portfolio getting bigger because of the data explosion and localisation requirements?
It is an open question and we need to see how that piece happens. Right now, cloud is driving big growth in area of the user traffic going to cloud as more application data moves to cloud driven by the infrastructure as a service (IaaS) and software as a service (SaaS) players. The second one is around the micro-segmentation, which is around the substitution of what might have been a firewall in a classic on-prem server. The dollar to dollar transition is roughly equivalent, so it is not an expansion of our overall business. The emerging technologies' security portfolio is not a big segment if you take the absolute revenue but is growing very quickly.
How long does it take before digitalisation and IoT become big business?
I wish I had an answer for that. There are a lot of discussions around it but in terms of actual spend, certainly there are products in the market, but in size, it is not large yet. There are some big differences than in the past like in manufacturing or energy, you see a huge emphasis on uptime and safety. There are proof of concepts going on and I had the first discussions on IoT in 2011 and then I thought this would be right around the corner and was proven wrong for years. I am a bit cautious and it will take a few years before you see that becoming a big market.
I am probably bearish, but that is because of my experience when I was thinking it will happen any day but I am still waiting.
You don't seem bullish on creating an open marketplace for third-party players to build solutions on top of your existing product or platform. Why?
We are probably a little early in the cycle for that. And to be clear, our strategy is not a marketplace as I don't need to be the place where customers procure their solutions. What we hear from customers is they are struggling with the complexity of the products. We saw for the first time a reduction in the number of tools used on a per-customer basis according to our annual survey. A lot of security alerts - only half - are actually legitimate concerns. How do we reduce that? One of the solutions for that is better integration between products. We have invested to be able to do that working with other parties apart from standardising.