“We need to be right all the time, whereas a hacker only needs to be right once,” says Neeti Rodrigues, Regional Director of Enterprise Security, Micro Focus, Middle East and Africa. Intelligent CISO sat down with Rodrigues earlier this month to discuss Micro Focus’ fundamental philosophies that keep their customers safe in the ever-changing world of Internet security.
When it comes to Digital Transformation, is the MENA region unique in terms of the adoption of new technology?
I have been in the industry for 20 years. Traditionally if I were to be asked this question, I would have said that MENA is at least three years behind the UK, but recently this has changed. Now, the region is perhaps a little bit behind, but we are almost in line with what the rest of the world is doing. One thing that is a bit different is that regulations such as GDPR are not as stringent here, which impacts the adoption of security solutions.
I think what makes Digital Transformation complex is that we used to view Digital Transformation as a change from the old to the new. Now customers are beginning to understand that there is no quick switch over. You have to work with the systems that have been working for so many years and create modern systems that build on top of and complement the old systems. Rather than going around legacy systems, we leverage the old systems in our transition to the new systems. You have to find a balance that can allow you to transition smoothly.
How does the implementation of emerging technology like AI/Machine Learning affect the threat landscape?
AI and Machine Learning can actually give a company a clearer vision of what is happening on the threat surface. It would be misleading of me to tell anyone that you can ever be 100% secure, or even that you can look to achieve 100% security in the future – that is just not possible. However, AI-powered security solutions can help you get visibility into what might be threatening your system that you didn’t know was happening until now. With that kind of visibility, you can assess your risk and make decisions based on a clearer view of what is happening.
However, the fact of the matter is that as a security vendor, we have to be right all of the time, but the hacker only has to be right once. That means that customers need a strong, always-on system and AI allows for that. AI and Machine Learning allows security solutions to continually improve.
But a strong system isn’t built on technology alone. A strong system is a combination of people, processes and technology. Technology isn’t useful without processes that make sense and neither are useful without people that are trained to use those processes and technologies.
Micro Focus has been in the MENA region for two years now. How have you seen customer demands change over the last two years?
Something that we at Micro Focus do very well is listen to customer input. Our recent event was held so that we can hear our customer impact. The things that we have been hearing a lot over the last two years are around AI and Machine learning. The thing about AI and Machine Learning is that, yes it is a technology, but more than that it is a journey. All of the intelligence comes from data, so the journey really starts with data.
Micro Focus recently acquired Interset which performs unsupervised Machine Learning, which is really the next step in the journey. Today, none of us tend to behave normally, routines are being disrupted.
I may be going to the office from nine to five, but now there are days that I have to work overtime, or work from home. In unsupervised learning, it learns your habits over a period of time, rather than simply setting parameters or rules. The system is collecting data and learning the users and then providing intelligence. We see the market is asking for this because it is very difficult now to put somebody into a framework.
How is Micro Focus helping your customers keep their data both safe and compliant within changing regulatory frameworks?
At Micro Focus we want to make it easy for our customers to stay compliant, no matter what governance they have to adhere to. We’ve done this by building packages that address particular regulatory frameworks. These are ready-made packages that are tailored to keep customers compliant within frameworks like NESA or GDPR – you simply need to choose which package applies to you. From there we can customise the solution for each customer depending on their needs, which enables them to stay compliant within the applicable governance laws.
Micro Focus provides a great deal of training in addition to your portfolio of solutions. Why does Micro Focus put an emphasis on training?
It comes down again to people, processes and technology. There needs to be a balance between those three and training addresses people directly. I am a big fan of doing customised workshops that address the needs of each customer. There is, of course, a place for package trainings, but when you listen to customer input like Micro Focus does, we can invest time to provide customised training and use-case based workshops.
We have this kind of insight in part because last year we brought in a few customers to actually be a part of Micro Focus. They were in customer facing roles and we took them on because we wanted to have a customer advocate inside the company who could explain to us how we can bring value to the customer from a first person point of view. This has been incredibly helpful.
We are also putting a lot of effort into bringing the partner community up to a certain level of expertise, which will then lead to our customers feeling more comfortable. We are doing this through our L 400 trainings. Of course these trainings are also available for customers to attend, but the fact is if we can bring the partner ecosystem up to the same level of expertise as us then they can act as an extension of us.
Now we are looking to localise both the L 400 and bootcamp trainings within the UAE and other parts of the region. We have been doing two or three training sessions per quarter which have been extremely successful. For us as Micro Focus, these aren’t about sales, it is about creating people with expertise that can make informed decisions. Of course we hope they would make informed decisions in our favour, but at the end of the day we are creating a community that everyone can appreciate and benefit from.
The threat landscape is constantly changing, with new threats emerging all of the time. How does Micro Focus help customers stay ahead of the game?
We have our fundamentals. We protect data, applications and identities and to do that we focus on people, processes and technology. All of our solutions are grounded in those fundamentals. At the end of the day these are the important aspects.
We weave security into the beginning of the development process. When developers write code they aren’t thinking of security, they are thinking of functionality. We give developers Fortify, our Application Security Software in the coding process, so rather than implementing security after the code is written, security is built into the code itself. We educate them and become part of their ecosystem.
We manage data when it is at rest, in transit and in use. For all three areas we have a solution called Voltage which can protect data throughout its journey.
Finally, there is identities management and governance. We need to know who are the users that are coming into your organisation and what access and permissions they might need. Whether you are a 50 man operation or a 5,000 man operation, managing identities is a complex and ongoing process. We try to make it as simple as possible by providing a suite of solutions that can give you proper visibility into your environment.