Taking Security to the Next level

RSA’s Intelligence Driven Security solutions help organizations reduce the risks of operating in a digital world. Through visibility, analysis, and action, RSA solutions give customers the ability to detect, investigate and respond to advanced threats; confirm and manage identities; and ultimately, prevent IP theft, fraud and cybercrime. We spoke with Mr. Navin Sadhwani, Channel Director at RSA India on RSA’s plans for India market, their solutions and plans for channel partners.

1. What is the focus of RSA on India?

We have categorized our products into 3 segments according to their lifecycle – Growth, Foundational and Transitional.  The Growth product segment is relevant to the customer today and in the future, and this will also be the main source of revenue for RSA. Foundation is where our integrated solutions are part of – like authentication, which is our bread and butter. This will give us consistent revenue and our existing customer base will continue to grow steadily. However, we do not see any exponential growth in the foundational products. The third set of technology that we have is transitional. These are products like DLP and others which have declining relevance in the customer place. For India, foundational and growth segments will be key areas. Foundational has a lot of customer base and continue to grow.  The focus will be on our core technologies – Security Analytics Platform, Governance and Risk (GRC) Solution and Our Identity and Access Management (IDAM).

2. RSA is focusing on ‘core technologies’ like Security Analytics and GRC?  Please elaborate.

Customers earlier looked at security traditionally – for example, perimeter security.  This evolved into log based solutions like, SIEM. While these technologies have been deployed in Government and large banks, these are still reactive, waiting and watching for an incident to mitigate risks and cut losses. RSA changed the philosophy and decided to be ‘The Hunter’ and not ‘The Hunted’. We are going out there identifying vulnerabilities and risks associated with our organizations and ensuring that those gaps are addressed. Our solutions on the security analytics platform have moved away from the conventional log collection to now packet level collection, enabling us to track attacks much earlier and able to take corrective action in a much more aggressive manner. Our solutions are covering three aspects – visibility, analysis and action. Visibility is to collect data from packets, logs and events, while Analysis is typically faster, and cannot last for a long period. Action is acting on the analysis. Our GRC, IDAM and Security Analytics solutions comprehensively cover this.

3. How are customers in India, especially large enterprises adapting to this shift?

Large Banks have been the early adapters. In the last three-four years, we have seen Government planning on large spend for high end security. With Banks getting into Net Banking, Mobile Banking, security becomes even more relevant.  Banks too have approached security in a structured manner – appointing consultants to design and evaluate RFPs on relevant areas of security. We are glad to share that in some of the projects, RSA has played an important role to be part of Security Operations Center solutions. Thus overall, we have played a key role in creating highly secure environment for transactions for these Banks and Government.

4. How does RSA motivate and incentivize channels in India?

RSA is a 100% channel company. All our solutions are sold through channels. For our solutions, we need both large system integrators and niche partners to cover the market space. Niche partners can be consulting partners in some of the accounts and specialists in one of the areas like GRC or IDAM.  Some of the larger system integrators offer comprehensive security solutions to the banks and governments. We have strong and deep partnership with our channels. We partner with their sales team and train them on the RSA story. There is online content for the partners – which is Level 1. For the presales team, we have training programmes which are relevant and continuously changed with time.  We are helping partners to build service opportunities as more than 50% of revenue in GRC or IDAM comes from services, and this is what partners are looking for. So this is a big incentive to look at these solutions, as value addition from the partners is much higher in terms of both mindshare and revenue from the customer. For niche partners, we have teams in RSA who work on their niche areas on accounts that are relevant to them. So if we have a partner who specializes in Archer, our GRC tool, then the RSA team builds a specific program around their competency development and focus. So there are two programs – one for generic but large SI’s and another for niche SI’s are available.

5.   How does your partner evaluation happen at an opportunity level?

We evaluate partners based on their competency and their revenue. Competency could be specific to one technology or all the four technologies. If we are in the market and evaluate a partner in a particular opportunity, we evaluate their competency, their engagement in their account, their ability to service RSA’s solutions and vision, and also customer’s mindshare. We have a big customer base around authentication and mid-tier customers. Here we engage with the regional partners specifically who have customer connect and build relationship with them. For markets like Chennai, we will not engage many partners, but only 3 or 4. These are equal partners to make enough revenue and make RSA business relevant to them.

6. Can you talk about training programs for partners?

There is a lot of online content for Level 1 training for partners. The Level 2 training involves sales professionals working with our specialist team members. They have face to face engagement, where our team evaluates the partner sales representative and trains them on how to articulate the RSA solutions better. More relevant is the post sales and implementation part. We engage with the partner – our services and presales team works to improve the partner capability through hands-on classroom training and shadowing the partner team on projects. Most of the challenges happen at the customer’s place, and the partner teams should be capable of handling them. We have created a partner program called Delivery Service Partner (DSP), after which we expect the partners to drive projects on their own, irrespective of the complexity. It starts with online content, followed by classroom training and finally the shadowing happens during the customer’s projects. And at the end of it, they are certified as delivery services partner based on their competency line.

7. With wearables entering the enterprise, how do  RSA solution address this new paradigm shift in security?

With more and more mobile devices coming prevalent, security becomes more important. The relevance of the threat is more to do with the mobile transactions that are happening through these devices. Now it is beyond data leakage – it is data theft, monetary theft through these devices. One of the earlier solutions from RSA was on authentication – using soft and hard tokens. We have now taken this to the next level called ‘RSA Via’ – a solution which was recently launched.  RSA Via is a solution that focus on convenience needs of end users and security needs of the business. It goes beyond traditional tokens, and integrates identity with the security landscape of the enterprise. We will launch RSA Via in India shortly. This will become more relevant in the mobile and cloud space.

8. Can you elaborate RSA’s organization structure in India?

RSA is basically present in 3 cities – Mumbai, Bangalore and Delhi, which contribute a fair share of our business. We have been in India over a decade and are now the security division of EMC. We as an organization have a strong team – direct account and mid-market team – that works closely with the channels. For large accounts, the engagement is direct but the execution is through channels. In some places, it is cohabitation and in some collaboration. We don’t sell directly into accounts. The presales team is based in the three cities and focussed on India and SAARC region. We have an engineering centre in India, which focusses on development of RSA technologies. Their relevance to India business is key. We leverage them for some of our customer discussions for customization of some of our solutions. When they are available in India, they understand the mind set of Indian customers. When the solutions are out of the box or complex, they become very relevant.

9. How does RSA see India as an opportunity?

India is a large market and key for our region – Asia Pacific and Japan. Organizations in India that traditionally did not have a focus on, security technologies are now beginning to realize the implications that a weak information security and risk posture can have on their businesses as seen with the impact of numerous cyber-attacks which has taken place in some major corporates in recent past. This combined with regulations /guidelines laid by industry bodies in some verticals, businesses moving online for growth, mobile access to business applications, consumers adopting mobile platforms etc. are some other factors which have led to the growth in the Information Security market in India. As per Gartner’s report, the security vendor revenue comprising of hardware, software and services, will continue to grow in 2015 and is projected to reach $1.06 billion. RSA’s market share is also growing across sectors due to the large opportunities opening up as a result of India’s shift from traditional security to more evolved security approach to keep with the times.         10.    Can you give a market commentary on security, industry-wise with respect to security solutions? RSA is working towards addressing security challenges of today and the future. Most of our solutions have demonstrated thought leadership. For example, our packet monitoring solution – RSA NetWitness was in the market 7-8 years back. With RSA Via, we see a similar trend. This becomes relevant to banks, telecom and some of the large manufacturing enterprises.  We are part of their security landscape – in GRC, IDAM and as well as within the SOC, play an important role with our security analytics platform. Lot of integration has happened within the portfolio, where through integration, data feeds have been shared. RSA solution has become very relevant in activities like collaborating with external devices within the customer’s landscape, like collecting logs. For SMB space to, we are relevant with authentication, and we are growing with the SMBs to make them secure as they grow. Our pricing strategy works in the same lines.