[00:00:00] Speaker A: If you're a startup and you want your VCs to sort of bless you, definitely you need to point out a problem that's so compelling for them to say yes, that's a problem that needs to be solved and your solution rightly fits there, whether it's a first mover advantage or like, you know, second or third entrant, but solving the limitations of the first mover advantage. So there is that compelling early stage that you need to pass. And when you do that, there is a clear possibility that you are addressing a problem that most of the big players are not addressing.
[00:00:40] Speaker B: This is katycaz. I'll be completely silent.
[00:00:43] Speaker A: As a primary target for ransomware campaigns, security and testing and performance, we can.
[00:00:49] Speaker B: Actually automate that, take that data and use it.
[00:00:56] Speaker A: The opinions expressed are solely my own and they do not express the views or opinions of my employer.
[00:01:04] Speaker B: Joining me today is Venkat Balakrishnan, Chief Information Security Officer from tel. And today we're discussing platformization and solving the real problem. So, Venkat, thanks for joining and welcome.
[00:01:15] Speaker A: Thanks for having me, Carissa. Really honored to be here.
[00:01:19] Speaker B: Okay, I want to start with your version of platformization. Now this is important because again, I think people have different views or versions in their minds. So let's just maybe that we're all on the same sort of footing. What does this mean to you?
[00:01:33] Speaker A: I have to say the concept of platformization is still evolving in the cyber industry. However, in my view, it's about how you can bring a whole set of platforms, closely connected cyber functions, into platform. To give a view, there are several tools we run on an endpoint, like a laptop. Is there an opportunity to bring them under one umbrella and so it's easier to manage? That's a simple way of looking at platform. As I said, you can start to apply this concept in various places and some areas are more mature, some are still in early infant stages. So as an example, to make it real, you take a endpoint and security operations area. There's several things there. You have endpoint to protect a laptop, you got a data loss prevention sitting in a laptop, you got a vulnerability discovery sitting in a laptop and you got certain controls checking about the cyber compliance on a laptop. Is that a way to bring them under one umbrella? And, and, and, and by doing that, what are the benefits we will be able to harness? And that's the key drivers for this platformization.
[00:02:54] Speaker B: Some things are more mature than others. So what does that look like? What's more mature would you say, as an example?
[00:03:00] Speaker A: Look It's a, it's a, it's a traditional concept where like you know, we've started to two areas where you know the network was protected by firewall 25 years back and the endpoints were protected by you know, anti malware control.
Those two areas have really evolved and matured a lot. So specifically if I just anchor on network and then we can put it as a network security platform. Take secure web gateway, say it's a centralized cloud firewall, say whether you have zero trust access. Right. So all these could basically now combine as a single platform. There are multiple vendors out there and who are able to provide it and they are continuously expanding. So the benefit if you really look at as a consumer especially in the, in the size of space, it's a real simplification. I don't have to go and then try to manage 4, 5, 6 different tools. Rather I can actually focus on one platform. What this consolidation allows us is a better management. It also create more efficiency within the team because you don't have multiple security engineers or personal looking apples. So you are consolidating that and in overall there is direction towards lowering the total cost of ownership. You know, I've just gone through about network security. So back to your questions. The endpoint and security operations platform as an example. In the endpoint you look at, you got EDR Endpoint Detection and response platform. There's a vulnerability discovery, there's a data loss prevention. You can bring them together. Now a new term is XDR. As a, as a shift from SIEM, the SIEM vault. What we are seeing is this endpoint and SecOps are combining together as a single platform. It's great like if I apply a lens of what that means as a benefit to me, I don't have to run a lot of plumbing. In bringing these data together and doing a homegrown integrations and engineering then I have like, you know, potential single point of failures because I have dependencies on key personnel in supporting and maintaining the homegrown plumbing. So all those goes away. And as a ciso I'm focused on, you know, understanding the threats and how well we are managing the threats and the corresponding risk. So it helps me and my team to be much more laser focused in that space.
[00:05:47] Speaker B: Okay, you raised a good point before around to consolidate. Now we're hearing that. Well I'm personally hearing that word a lot in this space. Now that's not. It's an easier said thing to do than, than done. So what would be your approach to doing this effectively? And then to ensure that you're still focusing on, on the game. Right, because these things are sort of administrative type of functions because at the end of the day you're there to, you know, protect the business, etc. What would be your, how would you approach that?
[00:06:16] Speaker A: Look, there is no single template. If that's the case, I'm sure the industry would have now just taken the template and then repetitively applied it. As I am figuring out, my team is figuring out and we are figuring out that there are peers, my peers in the industry are figuring this out. But there are some principles you can see emerging commonly as we sort of approach this one. It is a conscious decision that you have to make to see where we have this opportunity for consolidation. Because one of the challenge for cyber leaders is when they look at you, you have emerging threat and, and you really have a niche solution and you step in and then procure that solution because you need to manage that, that sort of emerging threat. And then that's happened, you know, over the last five years, especially during COVID like how well you are across of your attack surface management and there's this prolific of tools that's now, but there were very few like in the early days similarly API security. So, so what I'm trying to say is as cyber leaders, we have to go and then address these threats at that point in time, then we have to step back and consciously look and see where the existing, you know, the predominant vendors are expanding their footprint and is there an opportunity to consolidate. So the third one is it becomes exercise to understand where that investment is going to be. So you can look at and say like, okay, I have potentially two or three vendors in my space. They have a lot of overlaps, but you need to move on to one. And that's where you start to look at the challenges. How long would it take for me to move in, how easy it is for consolidation, what is that the vendor lock in looks like and how well this, you know, specific vendor is progressing in their research and development. What is their investment? Because you want to be part of that innovation. That's why you are moving towards that consolidation and platformization. The most important is the cost of change. Sometimes you are locked in for a year, multiple years in an agreement, and as much you want to consolidate, you're not in a position to consolidate. And that's where you also look at if you are considering a specific vendor platform to move, what is that investment they are willing to make to help you to move, if not neutralizing, at least lowering the cost of change. So I'm sure I've sort of like touched multiple points. So as I started with the point there is no given one template, but there are these aspects need to be taken in and looked at where the organization is at a point and what are the opportunities, you know, ahead and then bring these factors in so that you can develop, you know, informed roadmap and then make a conscious decision. So in my experience I've seen it's, it's not done like in 12 months. It is a journey, it sometimes take multiple years. But that conscious decision of like driving towards that platformization is necessary.
[00:09:40] Speaker B: Okay, this is interesting what you, what you're saying here Venkat. So I interviewed GT Patel, who's executive vice president and GM of security and collaboration from Cisco. He talks a lot about vendors are overlapping. Like there is, there's so many now at some degree there is an overlap. Right. So would you say though with what you're doing and you can speak more generally about this, but if you're sort of saying to a vendor, well, you sort of overlap with this other vendor, so we're going to go more with them and less with you, how does that sort of conversation go? Do people start to get a little bit arced up about that or what does that look like?
[00:10:14] Speaker A: The old is a challenge. Even before specifically answering your question, I'll give you scenarios which is just a painful aspect. You look at one platform and, or a vendor, let's use the word vendor because platforms there's very few there. So a vendor may say like look, I'm, you know, I'm specifically focused on a posture management but we've now expanding in. So we are helping you to discover the APIs. But that's part of the license. You don't have to pay anything. Now you then look at it. Yes, that's a discovery. It gives me visibility. But after that, you know, we need to do something about it. And it's a detection tool. Can I have prevention capability in API security? Then you're looking at a specific vendor who can do that for you. And, and they, they are helping you to deliver what you want protection. But the discovery again is part of that. So now the question is there's two overlapping capability in terms of API discovery providing you the visibility and observability.
Both of them have overlap. But which one you're going to go? And simple answer is my requirement is detection is good but I want also have prevention layer. So I'm going to go with the API security vendor and also although the other posture management is giving that there is no license cost as per se and hence I'm just going to use that as additional capability. The point it becomes a dollar value conversation for that capability in that vendor who runs the posture management. Now I think that's where we will turn around and say look this is much more an add on feature and expansion of your platform. It's not a core part of your platform but, but we've gone into another one which is specifically designed for that. Now your question is not exactly that. I just went onto a sidetrack to say like you know there can be overlaps in, in different scenarios and how we would or I would sort of recommend people to consider specifically if you have head on head like you know, platform A, platform B, they both have you know, almost like, like for like. But you brought a platform A for you know, part of that capability, platform B for a different set of capability. Now the natural part is I just, I just need to move on to one so that I can displace this. That is definitely sort of a assessment exercise and, and I think that's where you need to go through and see what is you know, as I pointed out like what's a roadmap of that. Each of them look like what is their track record in the past and most of them are American based companies and we also look at what is their local presence and the relationship and especially during like incidents and IT outage, how much they have the bandwidth to sort of support and help us. So we look at several factors like you know, personally those are criteria, you know, I encourage my team to bring in and say is just purely not about technology. There's a lot of components comes in and then consider that as a driver and then we start to shift from A to B. But we are at the risk and that's where that cost of change comes in. Because as a sizer if I look at it, if I have to choose one of the two, the first one is there's a threat that I need to mitigate and manage. Whereas I'm focused on like you know, switching off one vendor and then consolidating to another vendor. If I have to choose more ways my head is going to go towards the threat management inevitable right? And when you have a limited cost you always going to go for threat management. And all these sort of consolidation becomes like a nice to have unfortunately because they have cost associated with that and that's where the vendors are also realizing that. And, and I've Started seeing where there are vendors who are like, turning around and say, you know, we will invest in you. We will invest that one year so that you can move from A to B. And then it helps you with the consolidation. It's a partnership. Yeah. There is a risk there. Like, you know, you don't know what's in the future. Right. Definitely after you move in two years, are they going to just double the price, triple the price because you're locked in? We don't know. But looking back, I haven't seen that happening. So the cost of change and then the investment is also another factor need to be considered. So who can sort of help you to transition from A to B? Yeah.
[00:14:57] Speaker B: That is really interesting because these are the things that I think about, because people in the industry talk to me about things, and one of them was recently someone saying, like, they had all these vendors in there doing like the same function. And I was like, well, why? Why would you have three different vendors doing the same thing? Well, it could be one wasn't even really utilized. Probably someone had it from before. It was sort of like a legacy product in there. And then someone else has come in and they're like, well, I've used this product before, so I prefer that one over this one. But we're stuck in the contract anyway. But we need to start this one up. There's a lot of those things, I think, more than people realize out there. It's not so easy as well, because even with my role, for example, of speaking to people on the front line, it's even hard for me to remember all the features and functions and capabilities and service lines that each of these vendors sort of do after a while. So I'm just thinking, putting myself in your shoes on how, you know, you've obviously got a job to do. Your job isn't to analyze vendors all day. So it's like, it's even more than convoluted and confusing then for you.
So would you sort of say then that there's this trend now? Because originally it was like, okay, we're going to go all in with like one. One company. And then we sort of saw this trend to do more sort of point solutions that was more hyperspecific for. For each function, and now we're sort of seeing the consolidation again. So what do you think sort of happens then from here?
[00:16:22] Speaker A: Okay. And I think the. The platformization will start to drive indefinitely in Pew areas, as I believe. And I'm seeing that with my peers and especially the ones where there is high level of maturity and there are factors that's enabling them. So as an example they are going full on cloud and the data center needs to be like completely migrated in a year or two. So there is a great opportunity for that shift and not everyone is in that journey. But back to your question. The Endpoint and Tecops is becoming a solid platform. There's a couple of vendors out there playing a dominant role. So what it means is they are combining the endpoint detection and response vulnerability, discovery, host firewall. Then you take the operating system hardening, data loss prevention. They're also able to sort of bring in certain asset management centric view. And interestingly they are bringing the SIEM XDR and also the SOAR for orchestration and automation. So they are bringing all these things into one. And suddenly you realize like I used to run like six different tools for that, now it's in one place. And what you see as, as a leader I need to not necessarily manage six. But the bigger challenge is bringing that data, making sense of that data and then getting insights and making decisions. Whether it's multiple dashboards or multiple dashboards in multiple tools, all those things starts to disappear and your team can start to be laser focused and efficient. So that is becoming a strong driver and people are looking at that benefits. Then you do start to see that in the second area in the network security where there is this edge firewall, secure web gateways, then you got a centralized cloud firewall. Now the VPNs are disappearing. They're also expanding into like I can provide, you know, virtual desktop equivalence so you don't have to run a separate part. You can take edge firewalls and directly connect into the cloud based sase.
So that is a great driver there. So you then start to look at client, have to manage all these hardware. And if I've embraced you know, software defined networking and this is just like the next step taking me there. So I can see that becoming another driving factor. And again as I said in the previous one, I can hear there are two or three dominant vendors playing in this space. The third one naturally I'm seeing is in the identity access management. It's been a much more fragmented and area if you look at it. Yeah, there's a centralized identity management system, there's a separate access governance, then you see a separate privilege access management. So and it's, it's been very fragmented and, and what I start to see is there is that sort of convolution and consolidation happening in that space and and, and naturally it will end up as a sort of a single platform of choice. And, and the first one, you know, I've just gone through three platform, the first one, endpoint and SecOps platform. If you really look at it's much more the backyard of cyber leader because it's consumed by the team. So they have a lot of freedom there and hence that consolidation and adoption will be faster than anything else. If you look at network security, it will take its toil because it's just not completely as cyber centric. It has a great partnership with the infrastructure and other cloud platform teams and hence it's in the backyard of technology, no question about that. Or it, depending on how it's been labeled in an organization. It will take time, but that is the next natural driver there. Identity access management will take a bit more of time. The reason is there is a touch point in broader business. There's business applications sitting in there, there's employees, you know, staff across organizations. So it has a heavy touch point. So that's where I think that bigger partnership that needs to be done to understand what is the opportunity for that platformization and looking at, you know, what's out there in the ecosystem. So and that will take time. Certain organization will be able to do it in my view the ones more mature but not like in a massive scale, they will be able to use agility as a key factor to get there. So these are the three platforms definitely looking as, you know, sort of discussion points over the years. I wish there were other things that just evolves in the same space. One I call it as human centric platform. I don't think it will take the same speed and shape like the others. To me human centric platforms really focuses on that various touch points like emails and teams, collaborations and also a bit of insider threat and data loss angle. So definitely that resist threats. It also addresses that sort of insider lens of data protection. And look, there are vendors pitching in that but again they tend to caught up in that overlap with other platforms. So it's still not very well defined if I have to say. The other one that I'm keen to see is, you know, there's different words floated on that whether you call it as a posture management platforms or like it's assurance platforms or like, you know, it's continuous control monitoring forms. It's so fragmented because they're all addressing a niche problem there. You have a posture management for cad, you have a posture management for your external facing digital services. You then run yet different attack simulations. I Think that will be the first one in this whole rank and we'll see years to see a great consolidation in that space. So hopefully, you know, that sort of gives a view of like, you know, what are the ones definitely there is out there to adopt and the ones that slowly moving forward and the ones still like in a very infant stage.
[00:23:00] Speaker B: So just following this track for a moment. You said before and you gave an example around. Oh well, I've got six different tools. Obviously I want to consolidate with them, which makes sense. It's easier, you can focus on other things. Totally understand. Would you say then just say it's like, well okay, I've got these six different vendors, different tools now I'm consolidating into the one. Would you then say that, well, it's going to be hard then for companies then to move. It's all going to be too hard then. Now I asked this question because I'm obviously a big believer of, you know, startups and innovation to sort of, you know, come in. Is it going to be hard? Would you say if you're running this huge platform, it's like, okay, we don't need anyone. Is it going to be hard now for new players to come into the market? Perhaps?
[00:23:43] Speaker A: I don't believe so. I'll, I'll tell you, there's, there's two sides of lens right from, from a customer lens and then from the other side of like you know, the startup lens. Let's better off take the startup lens. If you're a startup and, and, and you want your VCs to sort of bless you. Definitely you need to point out a problem that's so compelling for them to say yes, that's a problem that needs to be solved and your solution rightly fits there. Whether it's a first mover advantage or like, you know, you're a second or third entrant but solving the limitations of the first mover advantage. So there is that compelling early stage that you need to pass and when you do that there is clear possibility that you are addressing a problem that most of the players are not addressing or they are not thinking that it's big enough for them to address or they probably thinking that is a distraction for me. Let someone build it and prove it and then we'll just go and acquire. You see that a lot in this space without naming there was a potential acquisition was called out a couple of weeks back and then it fell through. So it happens in this, in this space. So my belief is the startups and innovation will continue to happen and most likely they'll be absorbed into one of the big players and become a sort of a naturally integrated product in a way. What we would have done is what's going to come out of these platforms. We would have got that like, okay, there's a niche product and we need to address the specific threat and let's get that and solve it. And now, okay, that's, that's like you know, fragmented. How can we bring that with the existing data to get a better holistic view to make better decisions. And what that means is, you know, you end up using your in house, you know, expertise to build a plumbing and do the engineering to get that. If that's going to be done by a vendor, fantastic. Right? That just takes one, one thing out of my, you know, visibility and I'm just going to be laser focused on what I need to do as a C. So you know, manage the threats and mitigate the risks. So, so that, that's my lens around that startup question you had from a consumer angle. Again this is, this is where it becomes really, really interesting. I, I don't have silver bullet answer if I have to say but however we can manage by constantly having. So I have a quarterly briefing review with all my major vendors and one of the topic in that is tell me about your 12 months roadmap. Tell me about the things that you are going to announce without naming and giving the details but the capability, right? Inform me why you guys are betting on this. Inform me why you are interested in solving this problem is not about what they are trying to acquire. That's not I'm interested in, I'm interested in why they are heading what is their solid roadmap, 12 months, what's their big bets for two years and three years. And as a sizer it helps me to take back and then reflect have I thought about it or not and is it a real problem and if it's a problem, is it a problem that's in my front yard? Should I need to be worried about that? So that starts to inform the, the way we would sort of evolve and then move forward and then we turn around and say look, we bought this niche product and this is a constant conversation. Are you considering this as part of your future roadmap? Because that would be a neat thing. And then it's a two way. There are certain things we have influenced. It's not just I'm the only one who's influencing it. They've heard it from other cyber leaders across the globe. And that has defined, you know, deviant from what they would have normally done. They would have said like okay, there's a big call out there from cyber leaders. Let's look at building this capability. Sometimes they acquire, sometimes they build it in. So, so these are the changes really happening in the industry.
[00:27:49] Speaker B: Okay, this is, I want to get into this a bit more. This is really important because as you were talking, it was something I was going to ask you anyway and then you started talking. What I'm potentially worried about and you sort of answered in, in your statement before is you remove all six different tools. You've got one player, big player. How do you avoid the complacency? Now I think you've answered by what you said around, you know, the quarterly catch ups in your roadmap and prove to me that you're actually moving forward, etc. But that's the part that I think gets to me because I do hear it from customers saying well this vendor's got a bit complacent because yeah, they've got a great product but hey, we only hear from you know, once every 12 months when the, you know, the renewals, Apple, you know, whatever it is. So this is what I think is important for, for customers to make sure they're getting the best value from their vendors but then also for vendors to not feel like well, I've sold the deal now and I have to do anything. I don't put my feet up and have to worry about it because I'm, I'm obviously an agent for both sides. So I want to get into this a little bit more.
[00:28:49] Speaker A: Look, it's a, it's a two sides problem, right? Like, you know, let me run through the scenarios. So assume that it's a good product. Product, you know, it's a platform. Now let's say like, you know, someone has taken a platform as an example endpoint and cops platform or a network security to get there itself. There's, there's a right level of due diligence. It's a journey, right? And to get there, someone has gone through the journey. So now fast forward consumer of the platform and then you're realizing that it's, it's not shaping out and it's important to look at. Is it the platform itself is not evolving or is it the face of the platform and in the local geography is not able to provide or is it something in your backyard where like you don't have the right people having that right relationship? I think that's, you know, I'm sure these are very basic points I'm raising and, but sometimes these simple questions need to be addressed to understand before we concluding anything. So then that's definitely one scenario. The other scenario is definitely a risk. It's a concentration risk. It's a single point of failure. Risk is a vendor lock in risk. And you could be off the curve of moving away from limited innovation without naming. I've seen that in last 24 years certain vendors have just gone through the curve and then much more stagnant in terms of their innovation and they've lost their market share and, and those things are inevitable, they they gonna happen and, and this is where you have to be like close to it and, and it's important like you know I, I normally when we go through this we call it out these risk benefits and it's ultimately a risk benefit equation.
If we put the numbers and see the benefits outweigh the risk with a view that we're going to have this tech debt for like three years or four years and then assuming after three, four years or even five years, whatever the term and we would have to transform because everything else it's end of life, end of support, sort of a date. If we take that view and start to look at are we okay to move ahead for this defined period and then we consciously say we need to reevaluate and by the time the business could have evolved and then footprint of the organization could have evolved. Many organization which were like completely data centric five years ago, they are almost cloud centric now and, and what they would have had five years back is not necessarily applicable now. So I think those are the lenses that needs to be applied. So it can't be just like a very cyber centric view. It has to be coupled with the technology strategy and then be connected with where the business wants to go. And anyway that's the expectation of a cyber leader. And so that will help the cyber teams to make a very well informed decision with also calling out the sort of risks or limitations or the unknown aspects that they need to embrace as part of the change.
[00:32:07] Speaker B: So then I'm curious to know, going back to the example again, having one dominant player as opposed to six, for example, does that then become a risk in terms of single point of failure? You sort of touched on that before, but what are your thoughts then on that?
[00:32:21] Speaker A: Yes, I, I have to say there is a single point of failure there. The question is, you know, this is like once in a hundred years flat and, and are you okay to live with that like we see covert. It's like once in a hundred years. The question is when is that gonna hit you? It's a tricky answer. I don't have the right answer. But the, the way you see is the probability. Mostly you look at the track record and big names go through it. Like we've seen in last 12 months, not necessarily like in last two, three weeks, big names go through it. And, and, and that is what we need to understand. Okay, if that single point failure is gonna happen, what is our contingency plan? Like how we are like, you know, recover from that? Have we thought about it? Every organization has a, you know, BCP plan and the relevant plans underneath. I think that's where the focus has to be. Right. We, and this is a conscious conversation should happen. We are going through this to harness these benefits and there's a possibility of like, you know, I'm using once in 100 years in technology. It's like one in 10 years. If that happens, how we'll be able to come back. Couple of things to note. There is mostly if that happens, you're not alone. It's, it's global or a regional event and you're just not by yourself. There is a great pressure at that point in time and urgency for bringing these customers back into, into the state where they were. So it's, it's, it's not, you're left alone to sort of deal with that. There'll be support. It's a tough situation, but there's going to be support. That's definitely one thing that will happen. The other lens is yes, I can have six tools and each of the six tools has that potential depending on how they have permeated across the organization. Right. If, if I take like say endpoints, I've got six tools running across all the endpoint that means I have six different, I can be shot down. And so that means six different vendors can have like once in 10 years sort of a probability. And if I consolidate them into one tool, then at least I'm just dependent on one vendor. So mathematically the ratio reduces there. So I'm not saying it's not there. The possibility of managing that is having a right plans of dealing with that scenario. And it's not specific to cyber though if you look at it, this is common across technology. Right. We run on cloud and if someone is on a single cloud, if that cloud fails, you know, what could we do? So yes, you run a multi cloud. Are you just replicating everything between two clouds? I'm not sure. So those are the questions like what we ask as a business have to continue and if it's technology led, it's the same template applies here. It's not very cyber centric though.
[00:35:16] Speaker B: So what I'm hearing from what you're saying Venkat, is yes, six different tools is spreading the risk to look at it like that, but however there's six different ways to exploit it, for example. But then the other side of that is yes, if you consolidate and you got one, yes, it's still a risk, it's a single point of failure perhaps, but it is a rare case to your point of flooded in 100 years. But you're sort of saying yes there's a risk if you had to pick one or the other. You're sort of saying that the platformization, just having one for example over six is still going to give you a better outcome and more benefit as opposed to like yes, distributing the risk over the six, but then you've got other problems. So it's a double edged sword. But from what I'm hearing what you're saying is one platform is, is ultimately better.
[00:36:01] Speaker A: Yeah, I would say it's better as the world and, and it's no different from any technology platforms. And as we build a right contingency plan and resiliency plan, I think you can manage the risk. There's definitely gonna be that point where it's gonna hit if there's an outage because it's failed. But having that sort of a right plans to get back will help you and, and, and in that time you're not gonna be alone. It's, it's a global outage so there's gonna be much more acceleration to get people with the right support and etc.
[00:36:37] Speaker B: So then do you sort of envision that as we progress now like more players are just going to keep acquiring them? So if you got six different point solution one just absorbs the rest. Do you got to see more of that then? Sort of. I mean we're starting to see it. Do you think there's going to be more of that? So there might only be a few dominant players in the market the next five to 10 years? I mean probably not because you can have startups and that, but I'm just, I'm just thinking more about your sort of thoughts here.
[00:37:03] Speaker A: Look, it's inevitable there's going to be few dominant players. Like look, look at our country, like I'll just give an example how many different airlines we have, how many different telcos we have how many different, you know, retail groceries we have, okay, not spoiled with the choices. That's, there's like 10, 15 that you just go around. And, and that's a theme that will start to happen here. That's my belief. So there's going to be dominant tire and, and the way it will evolve is the one that's already in, in some form or shape and then have a greater relationship in a greater innovation roadmap and willing to support that cost of change by investing in this. All these factors will start to drive that of that adoption happens. But the real entry point is are they already in if someone is not already in out of that success just as a discussion point, you're not going to bring the seventh one and say like I'll throw the six out and seven because it's unknown. Right. And, and, and that is just the starting point. And, and so yeah, back to your topic. There's, there's going to be certain that's going to emerge. I also believe that we'll start to move into like tiering as an example. There are some players will be very well accepted and adopted in small medium enterprises. Some will be in tier three, tier two, Some will be focused on tier one because the ask and needs are different. You know, can your solution scale or the platform can scale for an enterprise of like, you know, 8,000 endpoints and how is the performance? So it's, yes, it's, it's a cyber platform, it's focused on managing the threads but the other aspects comes into play. So all those things starts to come in and in a way I believe they will organize themselves as a dominant one in their own space of like in a segment of customers.
[00:39:04] Speaker B: Now you're right. Going back to dominant telcos and airlines and all that, my reservation towards that would be people seem disgruntled by these players. They're resting on their laurels. They know they've got the market share. They know. Well, you know, if you don't buy from certain amount of people like supermarkets, like you can't really buy food and stuff. Right. So are we going to get to that point where people are just disgruntled and these companies like, well, we've already got market share, who cares? We're not going to innovate. People need us to survive. I don't want to see that happen because I've seen some of it, I'm hearing some of it. That's the part where the arrogance sets in and there's too much reliance in on these big Players, it's going to be harder potentially if there, if there is an issue. That's my only concern.
[00:39:49] Speaker A: Things has its own way of balancing themselves. I'm a strong believer of that. Will that happen? Yes, Karisa, that's possibility that could happen. But we've also seen who was a dominant player before. You know everyone used iPhone as a, as an enterprise run. There was Nokia at a point. Market has shifted now. I remember Lubex was the tool but Covid short Zoom is the 2. So the point is that any dominant player not understanding this is beyond cyber just you always have to be connected with your customer. Right. If you're not connected with your customer, you're not hearing your customer, you're not delivering what your customer is. There's always someone who's going to come and sweep it and yes, it's not going to happen overnight. Time will take, it's a way of course correcting that. That's to me it's inevitable. Unfortunately that that period where we go through is the pain point if that happens. So yeah, in a long run that will shift. And we've seen like, we've seen a few big names still out there and they have their own moments. You know this is not in cyber. Like I'm just talking about the whole technology industry. There are a few big names that's, that's gone through their own cycles and they have come back because they, they, they realize they are so disconnected from their customers. They were not hearing that and, and they just actually they were reborn in, in a way and they've changed what they've been delivering. The ones they did not disappeared are like it's just have gone so small.
[00:41:27] Speaker B: Yeah. And I think you're right and I think time will tell. I still think that just because players are at that level doesn't. They've got to maintain that level. People are overturned. Like you said before BlackBerry that was the predominant phone. Now I've never seen one for years, so let's see. But I think like even sharing your thoughts today is interesting especially from like from your point of view. Kat, is there anything specific you'd like to leave our audience with today? Any closing comments or final thoughts?
[00:41:52] Speaker A: Thanks for having me.
Part that drives me into this is, you know, people may say like okay, Venkat is like talking about this. What, what was the ultimate driver for him? I think I didn't land very well at the start as a cyber leader. When you look at you end up collecting toys. It sometimes it happens just because of the cause you have a particular thread, there is a mixed product. You just have to you know, put off the fire or like the smoke or like even avoid that. So you end up doing that and you just, just take a break and then look at what you've collected. There's, there's a whole list of toys and then you start to look from the lens of efficiency and how well your team's productivity and have you created your cottage industry of engineering. And those are the drivers that got me to think why should I spend time on this? Why can't I be like laser sharp and just managing these threats? And that is what got me to start thinking and exploring into that area. And I didn't care a sort of a well accomplished in the space I'm in the journey and this is just a early stage of sharing the insights and how we've taken this approach. And equally like you know, I'm sure Clarissa, you're gonna speak to multiple other cyber leaders like myself and I'm keen to hear like what others have thoughts in this space.
This is KBCast, the voice of cyber.
[00:43:28] Speaker B: Thanks for tuning in. For more industry leading news and thought provoking articles, visit KBI Media to get access today.
[00:43:37] Speaker A: This episode is brought to you by MercSec.
[00:43:39] Speaker B: Your smarter route to security talent Mercset's.
[00:43:43] Speaker A: Executive search has helped enterprise organizations find.
[00:43:46] Speaker B: The right people from around the world since 2012.
[00:43:50] Speaker A: Their on demand talent acquisition team helps.
[00:43:52] Speaker B: Startups and mid sized businesses scale faster and more efficiently. Find out
[email protected] today.
