Joining the dots
It’s an industry cliché and he knows it, so when Paul Anderson references the ‘single pane of glass’ to describe his customers’ desire for a fully-integrated security solution, he does it with a wry smile.
But in a period where security providers are innovating to meet the increased client demands associated with ever-more complex networks, delivering as simple an answer as possible presents a big challenge – while also being a crucial factor in keeping pace in the market.
“If you look at Fortinet’s approach to the marketplace, we’ve grown up, as have some of our competitors, in that core firewall and data centre space,” explains Anderson, who took up the role as the company’s Regional Director for UK & Ireland in May last year.
“Over that same period of time, what we have seen – and it’s no news to anybody – is that where you keep your data and what we think of as the ‘perimeter’ has completely changed. Data is now everywhere; it moves rapidly, it changes its location, there is no ‘perimeter’. The perimeter is now where you are.
“When I go out to talk to customers, the big challenge they have is that they feel like they potentially need to have conversations with 30 or 40 different vendors, each with a different capability, each telling them that they need their niche solution to fix their new problem. The simple reality is, there are very few [security] organisations on the planet, if any, who can truly manage everything.
Fortinet is attempting to get close with ‘Security Fabric’, a service that links all of its security technologies into one platform. By using a common operating system and open standards, Fortinet is able to offer a single system that, integrated with its most advanced threat protection technologies, offers customers a simplified view of their network security.
The ‘fabric’ covers multi-cloud environments to Internet of Things (IoT) endpoints, as well as smaller network access points like email and web applications. Broad visibility and integration are two of the three keystones upon which Fortinet has built its flagship product, with automation the third. Underlying artificial intelligence powers immediate, coordinated responses to threats across the network.
Anderson believes efficiency as well as simplicity is achieved through this means, which is a major consideration for customers who may be concerned by the cost and resource-draining that comes with a multi-vendor approach.
“You need to try and do more things under a singular umbrella, which means you can utilise your resource better and do more with less people,” he adds. “Obviously, it also has the upside where if some kind of event happens in one part of the infrastructure, the rest of the infrastructure can respond.
“We know that we may never have absolutely everything you need in one bucket, but also any infrastructure, or any company, that’s been around for more than a year will have some kind of legacy infrastructure. We need to be able to integrate and talk to other parts of your ecosystem.
“In terms of the problems that I’m hearing, people need to be able to have a joined-up approach across all of those traditionally siloed parts of the business. This dissolves silos.”
The rise of connected devices, both on a consumer and industrial level, has changed the landscape for security vendors, perhaps influencing their strategic planning more than any other factor. IoT security is only going to become more critical throughout the enterprise too, with Bain projecting the IoT marketplace to double in overall value by 2021.
Rising amounts of data and IP are being stored outside of the core and on endpoints, which has hackers licking their lips. Historically, threat intelligence from endpoint solutions hasn’t been shared with the rest of the network, which slows response rates and increases the likelihood of an infected device precipitating a far greater problem.
FortiClient, Fortinet’s endpoint protection software that is a key component of its ‘Security Fabric’, tackles this head on by leveraging machine learning to proactively defend against malware. But Anderson accepts that there are still questions to answer when it comes to IoT security, especially in relation to the sheer number of endpoints that will exist within organisations.
“It’s one of those areas that is kind of grey, if that’s the right word,” he explains. “When people talk about IoT, it can mean lots of different things. For example, it could be how you secure a connected device like a thermostat or it could mean something on a much larger scale. Is the approach to go that we need to embed something in every single device, or does it need to come through some kind of gateway?
“The problem is in the future, when every single electrical device in your home, or that you experience from walking down the street, is going to be connected to the internet. What’s the cost to embed a security device into a lighting system, for example? I’m not sure where the breakpoint comes.
“I think you need to approach the problem differently. You’re not going to embed security into each intelligent light. It probably all comes back to a building where you have a choke point, a firewall – and that’s where you build the security.”
Fortinet works with customers who are deploying connected devices on a far more industrial scale, however, and this is where a bespoke approach is vital according to Anderson – even though more often than not they are operating with unsuitable legacy infrastructure.
“Imagine a hospital where you’ve got MRI scanners and other medical systems which run physically on old operating systems; that is a point of vulnerability,” he carries on.
“From our perspective, we would say that, in the future, we’d work with the manufacturers of that equipment to embed security into their devices but at the moment, we would put a firewall between that device and the rest of the infrastructure.
“As soon as you get to a situation where the device that is enabled to be intelligent reaches a certain price point, clearly there’s a long-term value to the customer and the vendor to make that industrially secure with its own embedded solution.”
As Regional Director for UK&I, Anderson’s remit stretches beyond Fortinet’s technical capabilities. As a global entity, Fortinet achieved $1.5 billion worth of full-year revenue in 2017 and the California-headquartered company has its sights on challenging the biggest fish in the pond.
Since assuming his position in May last year, Anderson has been working towards the specific objective of using Fortinet’s platform-based approach to increase penetration in a saturated regional market.
“We have fairly aggressive growth objectives but the marketplace itself is expanding rapidly. You’ve got a number of adjacent markets that are colliding together.” he outlines.
“Also, the UK marketplace is seen as, for want of a better phrase, an ‘icon’ market from an IT perspective. A number of things go on within the UK marketplace and within our business that often lead to thought leadership across the enterprise.
“For me, it’s about creating the right structure for the next three to five-year journey that enables us to exceed the growth and objectives that the company is giving me. We have the ability here to grow more significantly than we have in the past, and more significantly that our primary competitors.”
One stumbling block to growth vendors are repeatedly coming across is a widening skills gap within the industry. As networks become ever more intricate and segmented, the pool of suitable professionals to manage them becomes shallower, with the biggest companies having to scrap it out for the best talent.
This also translates further into the workplace, where a dearth of basic technical knowledge can lead to issues. One of the most common causes of a breach remains something Fortinet and its rivals struggle to have control over: human error. That is why the company is investing in training to educate key stakeholders within its client organisations, while also running its Network Security Expert (NSE) programme aimed at technical experts.
“People are sometimes unknowingly stupid, if that makes sense,” says Anderson. “We’ve all done it, there are lots of examples of how people easily get phished – they give their password information away, that sort of stuff.
“All too often, we’re so busy with our lives that we don’t take time to think about what we’re receiving. If we can get some basic education out there on this subject, I think that really helps solve the core problem. So far, we’ve had over 163,000 people come through the programme. It’s been a real success.”