CIOL: Do you think companies should look at increasing the budgets on the security products at least?
GH: I am going to answer this question like a CEO, not like a vendor. This is not a time that most companies can afford to increase spending in almost any area; and as a CEO, I call on our CIO and I think this is happening with most of our customers to make hard trade-offs.
We would advise our customers that they should do a simple analysis in their mind, take a page, draw a line down the middle, and look at the investments that are being made basically to prevent or to protect the infrastructure and then the investments that are being made to protect the essential information in the corporation.
The infrastructure investments are being in the areas where basically the problem is solved, and this is an area where you can afford to compete vendors against each other very aggressively; you are definitely going to be able to get significant price concessions in anti-virus, in firewall, in IDS/IPS.
The other side of the page is generally less than 20 per cent on the IT investment today. Yet, from a threat perspective, it's 90 per cent of the threat.
So, I think good business judgment says balance to take the infrastructure investment down and shift that and, of course, not just in web sense but authentication projects, encryption projects, all the types of technologies that support information assurance.
CIOL: Do you see customers leaving hardware security solutions and gravitating towards the managed security services as the economy worsens?
GH: We see..., what I would characterize as myopic vendor behavior – trying to make it look that way. Let me explain what I mean. There is an old American phrase – "To a carpenter everything looks like a nail". And this means that if you have been making appliances, for example, and this is the way you deliver your solutions, you argue very strongly that, the cloud is insecure and appliances have high performance.
If you are a vendor who has been in the cloud solutions, you argue that total cost of ownership over a period is going to be cheaper.
Our view is these are sides in a debate that really shouldn't be occurring because the way the customer will have the best solution in terms of security, effectiveness, and cost is to be able to combine these two and to do that transparently in terms of a policy management model.
So, we are developing – and we will ship the first of this capability at the beginning of next year – integrated policy management which combines software service with on premise.
So, for example, I will take a customer I was talking to last week in Beijing – this is the Agriculture Bank of China. They have 35,000 branches and those branches are in the rural areas. This is a horribly expensive infrastructure to build if you want to put appliances in those branches.
On the other hand, their main facilities are data centers that TCS and Wipro would be proud to have. They are the huge buildings that go for a block. There they have the talent and need of level of effectiveness that they will get out of an on-premise appliance solution.
So, our view is "combine them. Don't make it an either-or. Allow minimization of cost with the most effective security." Think about how this will roll out.
Let's say you do an acquisition and this happens all the time. So, you acquire a company today – if you are going to do an on-premise solution, it is a real labor to retool the infrastructure to match the pipes, get the domains, etc. etc., right?
On the other hand, in the acquired company's big facilities, this is probably what you want to have. You can move in a cloud solution, offer the security – we can bring up a large company on in the cloud web security in a matter of weeks.
Then, as the infrastructure gets built, go back in and install appliances and manage through your single policy manager – just move the users. You don't have to, you know, change vendors; you don't have to re-provision, and we think this is going to be a much easier way for us all to live.
