Login

Promote Your Companyย  ย  ย  ย |ย  ย  ย Contact

Independent Cyber News.

The Voice of Cyberยฎ

KBKAST
Episode 288 Deep Dive: Venkat Balakrishnan | Platformisation And Solving The Real Problem
Identity & Access Management
First Aired: January 17, 2025
Click Here
Click Here
Click Here
Click Here
Click Here
Click Here
Click Here
Click Here
Click Here
Click Here

In this episode, we sit down with Venkat Balakrishnan, CISO from TAL Australia, as he discusses the evolving concept of platformization in cybersecurity. Venkat explores how consolidating various cyber functions and tools into single platforms can drive efficiencies, reduce costs, and simplify management efforts. He emphasizes the maturity of network security and endpoint security operations as key areas ready for platformization, while also discussing the fragmented nature of identity and access management.

Venkat is an experienced cyber security and technology risk executive with expertise in building cyber resilience, safely enabling business growth and inspiring customer trust. Adept in building relationships and influencing stakeholders at all levels across organisations with strong customer focus to deliver pragmatic and innovative solutions to derive business value. Passionate people leader with demonstrated success of developing diverse and high performing teams. Experienced in building security practices from grassroots with innovative approaches for modernisation and by accelerating into scalable and sustainable operations.

Help Us Improve

Please take two minutes to write a quick and honest review on your perception of KBKast, and what value it brings to you professionally. The button below will open a new tab, and allow you to add your thoughts to either (or both!) of the two podcast review aggregators, Apple Podcasts or Podchaser.

Rate KBKast

Other Recent Podcasts

Episode Transcription

These transcriptions are automatically generated. Please excuse any errors in the text.

Venkat Balakrishnan [00:00:00]:
If you’re a start up and you want your VCs to sort of bless you, definitely, you need to point out a problem. That’s so compelling for them to say, yes. That’s a problem that needs to be solved, and your solution rightly fits there, whether it’s a first mover advantage or, like, you know, second or third engine, but solving the limitations of the first mover advantage. So there is that compelling early stage that you need to pass, And when you do that, there is a clear possibility that you are addressing a problem that most of the big players are not addressing.

Venkat Balakrishnan [00:00:56]:
The opinions expressed are solely my own, and they do not express the views or opinions of my employer.

Karissa Breen [00:01:04]:
Joining me today is Venkat Belakrishnan, chief information security officer from TEL, and today we’re discussing platformization and solving the real problem. So, Venkat, thanks for joining, and welcome.

Venkat Balakrishnan [00:01:15]:
Thanks for having me, Carissa. Really honored to be here.

Karissa Breen [00:01:19]:
Okay. I wanna start with your version of platformization. Now this is important because, again, I think people have different views or versions in their mind. So let’s just maybe that we’re all on the same sort of footing. What does this mean to you?

Venkat Balakrishnan [00:01:33]:
I have to say, the concept of platformization is still evolving in the cyber industry. However, in my view, it’s about how you can bring a whole set of closely connected cyber functions into platform. To to give a view, there are several tools we run on our endpoint like a laptop. Is there an opportunity to bring them under one number lock and so it’s easier to manage? That’s a simple way of looking at platform. As I said, you can start to apply this concept in various places, and some areas are more mature. Some are still in early infant stages. So as an example to make it real, you take a endpoint and security operations area. There’s several things there.

Venkat Balakrishnan [00:02:26]:
You have endpoint to protect a laptop. You got a data loss prevention sitting in a laptop. You got a vulnerability discovery sitting in a laptop, and you got certain controls checking about the cyber compliance on a laptop. Is that a way to bring them under one umbrella? And and and and by doing that, what are the benefits we will be able to harness? And and that’s the key drivers for this platformization.

Karissa Breen [00:02:54]:
Some things are more mature than others. So what does that look like? What’s more mature, would you say, as an example?

Venkat Balakrishnan [00:03:00]:
Look. It’s a it’s a it’s a traditional concept where, like, you know, we’ve started 2 areas where, you know, the network was protected by firewall 25 years back, and the endpoints were protected by, you know, anti malware control. Those two areas have really evolved and and matured a lot. So, specifically, if I just anchor our network, and then we can put it as a network security platform. Take Secure Web Gateway. Say it’s a centralized cloud firewall. Say whether you have a zero trust access. Right? So all these could basically now combine as a single platform.

Venkat Balakrishnan [00:03:44]:
There are multiple vendors out there and and who are able to provide it, and they are continuously expanding. So the the benefit, if you really look at, as a consumer, especially in the in the size of the space, it’s a real simplification. I don’t have to go and then try to manage 4, 5, 6 different tools. Rather, I can actually, focus on one platform. What this consolidation allows us is a better management. It also create more efficiency within the team because you don’t have multiple security engineers or personnel looking at both. So you are consolidating that. And and in overall, there is direction towards lowering the total cost of ownership.

Venkat Balakrishnan [00:04:32]:
You know, I’ve just gone through about network security. So back to your questions, the endpoint and security operations platform. As an example, in the endpoint you look at, you got, EDR, end point detection and response platform. There’s a vulnerability discovery. There’s a data loss prevention. You can bring them together. Now the new term is XDR as a as a shift from SIEM, the SIEM Vault. What we are seeing is this endpoint and SecOps are combining together as a single platform.

Venkat Balakrishnan [00:05:05]:
It’s great. Like, if I apply a lens of what that means as a benefit to me, I didn’t have to run a lot of plumbing in bringing these data together and doing a homegrown integrations and engineering. Then I have, like, you know, potential single point of failures because I have dependencies on key personnel in supporting and name the homegrown plumbing. So all those goes away. And and as a side, so I’m focused on, you know, the understanding of the threats and how well we are managing the threats and the corresponding risk. So it helps me and my team to be much more laser focused in that space.

Karissa Breen [00:05:47]:
Okay. You raised a good point before around to consolidate. Now we’re hearing well, I’m personally hearing that word a lot in this space. Now that’s not it’s an easier said thing to do than than than done. So what would be your approach to doing this effectively and then to ensure that you’re still focusing on on the game? Right? Because these things are sort of administrative type of functions because at the end of the day, you’re there to, you know, protect the business, etcetera. What would be your how would you approach that?

Venkat Balakrishnan [00:06:16]:
Look. There is no CEO templates. If that’s the case, I’m sure the the industry would have now just taken the template and then repetitively applied it. As I am figuring out, my team is figuring out, and we are figuring out that our peers my peers in the industry are figuring this out. But there are some principles you can see emerging commonly as we sort of approach this. One, it is a conscious decision that you have to make to see where we have this opportunity for consolidation. Because one of the challenge for, cyber leaders is when they look at you you have emerging threat and and you really have an initial solution, and you step in and then procure that solution because you need to manage that that sort of emerging threat. And then that’s happened, you know, over the last 5 years, especially during COVID, like, how well your across of your attack surface management.

Venkat Balakrishnan [00:07:17]:
And there’s there’s prolific tools that’s now, but there were very few, like, in the early days, similarly API security. So so what I’m trying to say is, as cyber leaders, we have to come and then address the threat at that point in time. Then we have to step back and consciously look and see where the existing you know, the predominant vendors are expanding their footprint, and is there an opportunity to consolidate? So the third one is it becomes exercise to understand where that investment is gonna be. So you can look at it and say like, okay. I I have potentially 2 or 3 vendors in my space. They have a lot of hold laps, but you need to move on to 1. And that’s where you start to look at the challenges. How long would it take for me to move in? How easy it is for consolidation? What is that the vendor lock in looks like, and how well this, you know, specific vendor is progressing in their research and development? What is their investment? Because you want to be part of that innovation.

Venkat Balakrishnan [00:08:27]:
That’s why you are moving towards that consolidation and platformization. The most important is the cost of change. Sometimes you are locked in for a year, multiple years in an agreement, and as much you want to consolidate, you’re not in a position to consolidate. And that’s where you also look at if you are considering a specific vendor platform to move, what is that investment they are willing to make to help you to move? If not neutralizing, at least lowering the cost of change. So I’m sure I’ve sort of, like, touched multiple points. So as I start with the point, there is no given one template, but there are these aspects need to be taken in and looked at where the organization is at a point and what are the opportunities, you know, ahead, and then bring these factors in so that you can develop, you know, a informed road map and then make a conscious decision. So we, in my experience, I’ve seen it’s it’s not done like in 12 months. It is a journey.

Venkat Balakrishnan [00:09:32]:
It sometimes take multiple years, but that conscious decision also, like, driving towards that platformization is is necessary.

Karissa Breen [00:09:41]:
Okay. This is interesting what you’re what you’re saying here, Venkat. So I interviewed Jeetu Patel, who’s executive vice president and GM of security and collaboration from Cisco. He talks a lot about vendors are overlapping. Like, there is there’s so many now. At at some degree, there is an overlap. Right? So would you say, though, with what you’re doing, and you can speak more generally about this, but if you’re sort of saying to a vendor, well, you sort of overlap with this other vendor, so we’re gonna go more with them and less with you. How does that sort of conversation go? Do people start to get a little bit arced up about that, or what does that look like?

Venkat Balakrishnan [00:10:14]:
The the oil is a challenge. Even before specifically answering your question, I’ll give you a few scenarios, which is just a a painful aspect. You look at one platform and or or a vendor. Let’s use the word vendor because platforms, there’s very few there. So a vendor may say, like, look. I’m, you know, I’m specifically focused on a posture management, but we’re now expanding in. So we are helping you to discover the APIs. But that’s part of the license.

Venkat Balakrishnan [00:10:44]:
You don’t have to pay anything. Now you then look at it. Yes. That’s a discovery. It gives me visibility, but after that, you know, we need to do something about it. And it’s a detection tool. Can I have prevention capability in API security? Then you are looking at a specific vendor who can do that for you, and and they they are helping you to tell you what you want, protection. But the discovery, again, is part of that.

Venkat Balakrishnan [00:11:12]:
So now question is, there’s 2 overlapping capability in terms of API discovery providing you the visibility and observability. Both of them have overlap, but which one you’re gonna go? And simple answer is my requirement is detection is good, but I won’t also have prevention layer. So I am I’m gonna go with the API security vendor. And although the other portion management is giving that, there is no license cost as per se. And, hence, I’m just gonna use that as additional capability. The point it becomes a dollar value conversation for that capability in that vendor who runs the push share management. Now I think that’s where we’ll turn around and say, look. This is much more a long feature and expansion of your platform.

Venkat Balakrishnan [00:12:01]:
It’s not a core part of your platform, but we’ve gone into another one which is specifically designed for that. Now your question is not exactly that. I just went on to a sidetrack to say, like, you know, there there can be overlaps in in different scenarios and and how we would or I would sort of recommend people to consider, Specifically, if you have head on heads, like, you know, platform a, platform b, they both have, you know, almost like like for like, but you brought a platform a for, you know, part of that capability, platform b for a different set of capability. Now the natural part is I just I just need to move on to one so that I can displace this. That is definitely a sort of a assessment exercise, and and I think that’s where you need to go through and see what is you know, as I pointed out, right, what’s the road map of that each of them look like? What is their track record in the past? And and most of them are American based companies. And we also look at what is their local presence and their relationship. And and especially during, like, incidents and IT outage, how much they have the bandwidth to sort of support and help us. So we look at several factors.

Venkat Balakrishnan [00:13:17]:
Like, you know, personally, those are criterias, you know, I I encourage my team to bring in and say, it’s just purely not about technology. There’s a lot of components comes in, and and then consider that as a driver, and and then we start to shift from a to b. But we are at the risk, and that’s where that, cost of change comes in. Because as a so I say, if I look at it, yeah, if I have to choose 1 of the 2, the first one is there’s a threat that I need to mitigate and manage whereas I’m focused on, like, you know, switching off one vendor and then consolidating to another vendor. If I have to choose, more ways my head is gonna go towards the threat management inevitable. Right? And then you have a limited cost. You’re always gonna look for threat management, and all these sort of consolidation becomes, like, a nice to have, unfortunately, because they have cost associated with that. And and that’s where the vendors are also realizing that.

Venkat Balakrishnan [00:14:18]:
And and I’ve started seeing where there are vendors who are, like, turning around and say, you know, we will invest in year. We will invest that 1 year so that you can move from a to b, and then it helps you with the consolidation. It’s a partnership. Yeah. There is a risk there. Like, you know, you don’t know what’s in the future. Right? Definitely. After you move in 2 years, are they gonna just triple the price, triple the price because you are locked in? We don’t know.

Venkat Balakrishnan [00:14:44]:
But looking back, I haven’t seen that happening. So the cost of change and then the investment is also another factor need to be considered. So who can sort of help you to transition from a to b?

Karissa Breen [00:14:57]:
Yeah. That is really interesting because these are the things that I think about because people in the industry talk to me about things. And one of them was recently someone saying, like, they had all these vendors in there doing, like, the same function. And I was like, why why would you have 3 different vendors doing the same thing? Well, it could be one wasn’t even really utilized, probably. Someone had it from before. It was sort of like a a legacy product in there, and then someone else has come in. And they’re like, well, I’ve used this product before, so I prefer that one over this one. But we’re stuck in the contract anyway, but we need to start this one up.

Karissa Breen [00:15:31]:
There’s a lot of those things I think more than people realize out there. And it’s not so easy as well because even with my role, for example, of speaking to people on the front line, it’s even hard for me to remember all the features and functions and capabilities and service lines that each of these vendors sort of do after a while. So I’m I’m just thinking putting myself in your shoes on how you you know, you’ve obviously got a job to do. Your job is to just analyze vendors all day. So it’s like, it’s even more than convoluted and confusing then for you. So would you sort of say then that there’s this trend now? Because originally it was like, okay, we’re gonna go all in with, like, one one company. And then we sort of saw this trend to do more sort of point solutions that was more hyper specific for for each function. And now we’re sort of seeing the consolidation again.

Karissa Breen [00:16:18]:
So what do you think sort of happens then from here?

Venkat Balakrishnan [00:16:22]:
Okay. And I and I think the the platformization will start to drive indefinitely in few areas as I believe, and I’m seeing that with my peers and and especially the ones where there is high level of maturity. And there are factors that’s enabling themselves. An example, they are going full on cloud, and and the data center needs to be, like, completely, migrated in a year or 2. So there is a great opportunity for that shift, and not everyone is in that journey. But back to your question, the endpoint and SecOps is becoming a solid platform. There’s a lot of vendors out there playing a dominant role. So what it means is they are combining the endpoint detection and response vulnerability discovery, host firewall.

Venkat Balakrishnan [00:17:14]:
Then you take the operating system hardening, data loss prevention. They’re also able to sort of bring in certain asset management centric view. And, interestingly, they are bringing the SIEM XDR and also the SOAR for orchestration and automation. So they are bringing all these needs into 1, and suddenly you realize, like, I used to run, like, 6 different tools for that. Now it’s in one place. And what you see as as a leader, then we need to not necessarily manage 6, but the bigger challenge is bringing that data, making sense of that data, and then getting insights and making decisions, whether it’s in multiple dashboards or multiple dashboards and multiple tools, all those things starts to disappear, and and your team can start to be laser focused and efficient. So so that is is becoming a strong driver, and people are looking at that benefits. Then you do start to see that in the second area in the network security, where there is this edge firewall, secure web gateways, then you got a centralized cloud firewall.

Venkat Balakrishnan [00:18:26]:
Now the VPNs are disappearing. They’re also expanding into, like, I can provide, you know, virtual desktop equal, and so you don’t have to run a separate part. You can take edge firewalls and directly connect into the cloud based SASE. So that is is a great driver there. So you then start to look at you have to manage all these cloudwares, and if I have embraced, you know, the software defined networking, and this is just, like, the next step taking me there. So I can see that becoming another driving factor. And and and, again, as I said in the previous one, I can hear there are 2 or 3 dominant vendors playing in this space. The third one, actually, I’m seeing is in the identity access management.

Venkat Balakrishnan [00:19:13]:
It’s been a much more fragmented an area if you look at it. Yeah. There’s a centralized identity management system. There’s a separate access governance. Then you see a separate privileged access management. So and it’s it’s been very fragmented. And and what I start to see is there is that sort of convolution and consolidation happening in that space. And and and naturally, it will we end up as a sort of a single platform of choice.

Venkat Balakrishnan [00:19:42]:
And and the the the first one, you know, I’ve just gone through 3 platform. The first one, endpoint and SecOps platform, if you really look at, it’s much more the backyard or cyber leader. And because it’s it’s consuming bias of a team, so they have a lot of freedom there. And, hence, that consolidation and adoption will be faster than anything else. If you look at network security, it will take its time because it’s just not completely a cyber centric. It has a great partnership with the infrastructure and other cloud platform teams. And, hence, it’s in the backyard of technology, no question about that, or IT, depending on how, it’s been labeled in an organization. It will take its time, but that is the next natural driver there.

Venkat Balakrishnan [00:20:32]:
Identity access management will take bit more of time. The reason is there is a touch point in product business. There’s there’s business applications sitting in there. There’s employees, you know, a ham or star across the organization. So that it has a heavy touch point. So that’s where I think that bigger partnership that needs to be done to understand what is the opportunity for the capitalization and looking at, you know, what’s out there in the ecosystem. So and then that will take time. Certain organization will be able to do it.

Venkat Balakrishnan [00:21:08]:
In my view, the once more mature but not, like, you know, massive scale, they will be able to use agility as a key factor to get there. So these are the 3 platforms definitely looking as, you know, as sort of discussion points over the years. I wish there are other things that just evolves in the same space. What I call this human centric platform, I don’t think it will take the same speed and shape like the others. To me, human centric platform really focuses on that various touch points like emails and Teams collaborations and and also a bit of insider threat and data loss angle. So, definitely, it addresses threats. It also addresses that sort of insider lens of data protection. And and there are there are vendors pitching in that, but, again, they tend to caught up in that already app with app platforms.

Venkat Balakrishnan [00:22:03]:
So it’s still not very well defined, I have to say. The other one that I’m keen to see is yeah. There’s different words floated on that, whether you call it as a posture management platforms or, like, it’s, insurance platforms or, like, you know, it’s, continuous control monitoring forms. It’s so fragmented because they’re all addressing a niche problem there. You have a posture management for you have a posture management for your external facing day short services. You then run get different attacks in relations. I think that will be the 1st one in this whole rank, and we’ll we’ll we’ll see years to see a great consolidation in that space. So, hopefully, you know, that should’ve gives a view of, like, you know, what are the ones definitely there’s out there to adopt and the ones that slowly moving forward, and the ones still, like, in a in a very infant stage.

Karissa Breen [00:23:01]:
So just following this track for a moment, you said before and you you gave an example around, oh, well, I’ve got 6 different tools. Obviously, I wanna consolidate with them, which makes sense. It’s easier. You can focus on other things. Totally understand. Would you say then just say it’s like, well, okay, I’ve got these 6 different vendors, different tools. Now I’m consolidating into the one. Would you then say that, well, it’s gonna be hard then for companies and the move, it’s all gonna be too hard then.

Karissa Breen [00:23:26]:
Now I asked this question because I’m obviously a big believer of, you know, startups and innovation to sort of, you know, come in. Is it gonna be hard, would you say, if you’re running this huge platform, it’s like, okay. We we don’t need anyone. Is it gonna be hard now for new players to come into the market perhaps?

Venkat Balakrishnan [00:23:43]:
I don’t believe so. I’ll I’ll tell you there’s there’s 2 sides of Lens, right, from from a, customer lens and then from the other side of, like, you know, the startup lens. Let’s better off take the startup lens. If you’re a startup and and and you want your VCs to sort of bless you, definitely, you need to point out a problem. That’s a compelling for them to say, yes. That’s a problem that needs to be solved, and your solution rightly fits there. Whether it’s a first mover advantage or, like, you know, you’re a second or third engine, but solving the limitations of the first mover advantage. So there is that compelling early stage that you need to pass.

Venkat Balakrishnan [00:24:25]:
And when you do that, there is clear possibility that you are addressing a problem that most of the big players are not addressing, or they are not thinking that it’s big enough for them to address, or they’re probably thinking that is a distraction for me. Let someone build it and through it, and then we’ll just go and acquire. You see that a lot in this space. Without naming, there was a potential acquisition that was called out couple of weeks back, and then it fell through. So it happens in this in this space. So my belief is the start ups and innovation will continue to happen. And most likely, they’ll be absorbed into one of the big players and and become a sort of a naturally integrated product. In a way, what we would have done is what’s gonna come out of these platforms.

Venkat Balakrishnan [00:25:16]:
We would have got that, like, okay, this is a niche product, and and we need to address the specific threat, and let’s get that and solve it. And they are okay. That’s, that’s, like, you know, fragmented. How can we bring that with the existing data to get a better holistic view to make better decisions? And what that means is, you know, you end up using your in house, you know, expertise to build a plumbing and do the engineering to get that. If that’s gonna be done by a vendor, fantastic. Right? That just takes one thing out of my, you know, visibility, and I’m just gonna be laser focused on what I need to do as a CEO of, you know, manage the threats and mitigate the rest. So so that that’s my lens around the start question you had. From a consumer angle, again, this is this is where it becomes really, really interesting.

Venkat Balakrishnan [00:26:06]:
I I don’t have a silver bill of hands, if I have to say. But however, we can manage by constantly having so I have a quarterly briefing review with all my major vendors. And one of the topic in lab is tell me about your 12 months roadmap. Tell me about the things that you are going to announce without naming and giving the details about the capability. Right? Inform me why you guys are betting on this. Inform me why you are interested in solving this problem. It’s not about what they are trying to acquire. That’s not I’m interested in.

Venkat Balakrishnan [00:26:43]:
I’m interested in why they are heading. What is their solid road map tolerance? What’s their big bets for 2 years 3 years? And and as a society, it helps me to take back and then reflect. Have I thought about it or not? And is it a real problem? And if it’s a problem, is it a problem next? You know, in my front yard, should I need to be worried about that? So that starts to inform the way we would shut off, evolve, and then move forward. And then we turn it on and say, look. We bought this niche product, and and this is a constant conversation. Are you considering this as part of yours, you know, future road map? Because that would be a neat thing. And then it’s a two way. There are certain things we have influenced.

Venkat Balakrishnan [00:27:25]:
It’s not just I’m the only one who’s influencing it. They have heard it from other side leaders across the globe, and and that has defined, you know, deviance from what they would have normally done. They’ve said, like, okay. There there’s a big call out there from cyber leaders. Let’s look at building this capability. Sometimes they acquire. Sometimes they build it in. So so these are the changes really happening in the industry.

Karissa Breen [00:27:49]:
Okay. This is I wanna get into this a bit more. This is really important because as you were talking, it was something I was gonna ask you anyway, and then you started talking. What I’m potentially worried about, and you sort of answered in in your statement before, is you remove all 6 different tools. You’ve got 1 player, big player. How do you avoid the complacency? Now I think you’ve answered, like, what you said around, you know, the quarterly catch ups and your roadmap improved to me that you’re actually moving forward, etcetera. But that’s the part that I think gets to me because I do hear it from customers saying, well, this vendor’s got a bit complacent because, yeah, they’ve got a great product, but, hey, we only hear from the, you know, once every 12 months when the, you know, the renewals up or, you know, whatever it is. So this is what I think is important for for customers to make sure they’re getting the best value from their vendors, but then also for vendors to not feel like, well, I’ve sold the deal now.

Karissa Breen [00:28:41]:
I don’t have to do anything. I don’t put my feet up. I don’t have to worry about it because I’m I’m obviously an agent for both sides. So I wanna get into this a little bit more.

Venkat Balakrishnan [00:28:49]:
Look. It’s a it’s a two sides problem. Right? Like, you know, let me run through the scenarios. So assume that it’s a good product product. You know? It’s a platform now. Let’s like, you know, someone has taken a platform, as an example, endpoint and SecOps platform or a network security. To get there itself, there’s there’s a right level of due diligence. It’s a journey.

Venkat Balakrishnan [00:29:10]:
Right? And to get there, someone has gone through the journey. So now fast forward, consumer as a platform, and then you’re realizing that it’s it’s not shaping up. And it’s important, to look at, is it the platform itself is not evolving, or is it the face of the platform and and the local geography is not able to provide, or is it something in your backyard where, like, you don’t have the right people having that right relationship? I think that’s you know, I’m sure these are very basic points I’m raising and but sometimes these simple questions need to be addressed to understand before we including anything. So that’s definitely one scenario. The other scenario is is definitely a risk. It’s a it’s a concentration risk. It’s a single point of failure risk. It’s a vendor lock in risk, and, you know, you could be off the call of, like, you know, moving away from limited innovation, you know, without naming.

Venkat Balakrishnan [00:30:13]:
I’ve seen that in, like, last 24 years. Certain vendors have just gone through the curve and then much more stagnant in terms of their innovation, and they’ve lost the market share. And and those things are inevitable. They they’re gonna happen, and and this is where you have to be, like, close to it. And then it’s important, like, you know, I I normally when we go through this, we call it out these risk benefits, and it’s ultimately a risk benefit equation. If we if we put the numbers and see the benefits outweigh the risk with a view that, you know, we’re gonna have this tech debt for, like, 3 years or 4 years and and and then assuming after 3, 4 years or even 5 years, what what will it tell? And we would have to transform. Because here, everything else, it’s, you know, end of life, end of support, sort of a date. If we take that view and start to look at, are we okay to move ahead for this defined period, and then we consciously say we need to reevaluate? And by the time the business could have evolved and then footprint of the organization could have evolved, Many organization which were, like, completely data centric 5 years ago, they are almost cloud centric now.

Venkat Balakrishnan [00:31:30]:
And and what they would have had 5 years back is not necessarily applicable now. So I think those are the lenses that needs to be applied. So it can’t be just like a very cyber centric view. It has to be coupled with the technology strategy and then be connected with where the business wants to go. And and and, anyway, that’s the expectation of a cyber leader. And so that will help the the cyber teams to make a very well informed decision, with also calling me out the sort of risks or limitations or the unknown aspects that they need to embrace as part of the journey.

Karissa Breen [00:32:07]:
So then I’m curious to know, going back to the example again, having 1 dominant player as opposed to 6, for example, does that then become a risk in terms of single point of failure? You sort of touched on that before, but what are your thoughts then on that?

Venkat Balakrishnan [00:32:21]:
Yes. I I have to say there is a single point of failure there. The question is, you know, this is, like, once in 100 years flat. And and are you okay to live with that? Like, we see COVID. It’s, like, once in a 100 years. Question is, when is that gonna hit you? It’s a tricky answer. I don’t have a right answer, but the the way you see is the probability. Mostly, you look at a tractor card, and big names go through it, like, we’ve seen in the last 12 months, not necessarily, like, in last 2, 3 weeks.

Venkat Balakrishnan [00:32:53]:
Big names go through it, and and and that is what we need to understand. So, okay, if that single point failure is gonna happen, what is that contingency plan like? How are we gonna, like, you know, recover from that? Have we thought about it? Every organization has a, you know, PCP plan and and the the relevant plans underneath. I think that’s where the focus has to be. Right? We and and this is a conscious conversation. It should happen. We are going through this to harness these benefits, and there’s a possibility of, like, you know, I’m using once in 100 years in technology. It’s, like, 1 in 10 years. If that happens, how will we be able to come back? Couple of things to note there is, mostly if that happens, you’re not alone.

Venkat Balakrishnan [00:33:37]:
It’s it’s global or a regional event, and you’re just not by yourself. There is a great pressure at that point in time and urgency for bringing these customers back into into the state, where they were. So it’s it’s it’s not you’re left alone to sort of deal with that. There there’ll be support. It’s a tough situation where there’s gonna be support. That’s definitely one thing that will happen. The other lens is is I can have 6 tools, and each of the 6 tool has that potential depending on how they have permeated across the organization. Right? If if I take, like, say, endpoints, I’ve got 6 tools running across all the endpoint.

Venkat Balakrishnan [00:34:16]:
That means I have 6 different I can be shut down. And so that means 6 different vendors can have, like, once in 10 years sort of a probability. And if I consolidate them into 1, 2, then at least, just dependent on one vendor. So mathematically, the the the ratio reduces there. So I’m not saying it’s not there. The possibility of managing that is having a wide plans of dealing with that scenario. And it’s not specific to cyber, though. If you look at it, this is this is common across technology.

Venkat Balakrishnan [00:34:52]:
Right? We we run on cloud. And if, if someone is on a single cloud, if that cloud fails, you know, what could we do? Say, yes, you run a multi cloud. Are you just replicating everything between 2 clouds? We’re not sure. So so those are the questions, like, what we asked as a business have to continue and and if it’s technology led. It’s the same template applies here. It’s not very cyber centric, though.

Karissa Breen [00:35:16]:
So what I’m hearing from what you’re saying, Venkat, is, yes, 6 different tools is spreading the risk to look at it like that. But, however, there’s 6 different ways to exploit it, for example. But then the other side of that is, yes, if you consolidate and you got one, yes, it’s still a risk. It’s a single point of failure, perhaps, but it is a rare case to your point of flooded in 100 years, but you’re sort of saying, yes, there’s a risk. If you had to pick 1 or the other, you’re sort of saying that the platformization, just having 1, for example, over 6 is still gotta give you, a better outcome and more benefit as opposed to, like, yes, distributing the risk over the 6, but then you’ve got other problems. So it’s a double edged sword, but from what I’m hearing what you’re saying is one platform is is ultimately better.

Venkat Balakrishnan [00:36:01]:
Yeah. I would say it’s better as the word, and and it’s no different from any technology platforms. And as we build it right contingency plan and resiliency plan, I think you can manage the risk. There’s definitely gonna be that point where it’s gonna hit if there’s an outage because it’s failed. But having that sort of a right plans to get back will help you. And and and in that time, you’re not gonna be alone. It’s it’s a global outage, so there’s gonna be much more acceleration to get people with the right support and etcetera.

Karissa Breen [00:36:37]:
So then do you sort of envision that as we progress now, like, more players are just gonna quit acquiring them? So if you got 6 different point solution, one just absorbs the rest. Do you are we gonna see more of that then sort of I mean, we we’re starting to see it, or do you think there’s gonna be more of that? So there might only be a few dominant players in the market in the next 5 or 10 years. I mean, probably not because you’re gonna have start ups and that, but I’m just I’m just thinking more about your sort of thoughts here.

Venkat Balakrishnan [00:37:03]:
Look. It’s inevitable there’s gonna be few dominant players. Like, look look at our country. Like, I’ll just give an example. How many different airlines we have? How many different telcos we have? How many different, you know, retail groceries we have? Okay? Not spoiled with the choices. That’s the it’s like 10, 15 that you just go around, and and that’s a theme that will start happening here. That’s my belief. So there’s gonna be dominant player, and and the way it will evolve was the one that’s already in in some form of shape, and then I have a greater relationship in a greater innovation road map and willing to support that cost of change by investing in this all these factors will start to drive that of that adoption happens, but the real entry point is, are they already in? If someone is not already in and out of that success just as a discussion point, you’re not gonna bring the 7th one and say, like, I’ll throw the 6 out and 7th because it’s unknown.

Venkat Balakrishnan [00:38:05]:
Right? And and and that is just the starting point. And and so, yeah, back to your topic, there’s there’s gonna be certain that’s gonna emerge. I also believe that we’ll start to move into, like, tiering as an example. There are some players will be very well accepted and adopted in small and medium enterprises. Some will be in tier 3, tier 2. Some will be focused on tier 1 because the ask and needs are different. Can can your solution scale or the platform can scale for a enterprise of, like, you know, a 8000 endpoints? And how is the performance? So it’s yes. It’s it’s a cyber platform.

Venkat Balakrishnan [00:38:46]:
It’s focused on managing the threats, but the other aspects comes into play. So all those things starts to come in, and and in in a way, I believe they will organize themselves as a dominant one in their in their own space of, like, in a segment of customers.

Karissa Breen [00:39:04]:
Now you’re right going back to dominant telcos and airlines and all that. My reservation towards that would be people seem disgruntled by these players. They’re resting on their laurels. They know they’ve got the market share. They know while, you know, if you don’t buy from certain amount of people like supermarkets, like, you can’t really buy food and stuff. Right? So are we gonna get to that point where people are just disgruntled and these companies like, well, we’ve already got market share. Who cares? We’re not gonna innovate. People need us to survive.

Karissa Breen [00:39:32]:
I don’t wanna see that happen because I I’ve seen some of it. I’m hearing some of it. That’s the part where the if the arrogance sets in and there’s too much reliance then on these big players, it’s gonna be harder potentially if there if there is an issue. That’s my only concern.

Venkat Balakrishnan [00:39:49]:
Things has its own way of balancing themselves. I’m a strong believer of that. Will that happen? Yes, Clarissa Labs. Possibility, that could happen. But we’ve also seen who was a dominant player before. You know, everyone used iPhone as a as a enterprise one, Barry. I was knocking out a point. Market has shifted now.

Venkat Balakrishnan [00:40:12]:
I remember Webex was the tool, but COVID shot. Zoom is the tool. So the point is that any dominant player not understanding this is beyond cyber. Just you always have to be connected with your customer. Right? If you’re not connected with your customer, you’re not hearing your customer, you’re not delivering what your customer is, there’s always someone who’s gonna come and sweep it. And and, yes, it’s not gonna happen overnight. Time will take. It’s a way of course correcting that.

Venkat Balakrishnan [00:40:43]:
That’s to me, it’s inevitable, unfortunately, that that period where we go through is a pain point if that happens. So, yeah, in in a long run, that will shift. And we’ve seen, like, we’ve seen, few big names still out there, and and they have their own moments. You know, this is not in cyber. Like, I’m just talking about the whole technology industry. There are a few big names that’s have gone through their own cycles, and and they have come back because they they realized they are so disconnected from their customers. They were not hearing that, and and they just actually they were reborn in in a way, and they’ve changed what they’ve been delivering. The ones that did not disappear are like, it’s just have gone so small.

Karissa Breen [00:41:27]:
Yeah. And I think you’re right. And I think time will tell. I still think that just because players are at that level, doesn’t, they’ve got to maintain that level. People are overturned. Like I said before, Blackberry, that was the predominant phone. Now I’ve never seen one for years. So let let’s see.

Karissa Breen [00:41:42]:
But I think like even trading people say is interesting, especially from like, from your point of view. Kat, is there anything specific you’d like to leave our audience with today? Any closing comments or final thoughts?

Venkat Balakrishnan [00:41:52]:
Thanks for having me. Thought that drives me into this as, you know, people may say, like, okay. I think it is like talking about this. What what was the ultimate driver for them? I think I didn’t land very well at the start. As a cyber leader, when you look at you end up collecting toys. It sometimes it happens just because of the cause. You you hear a particular threat. There is a niche product.

Venkat Balakrishnan [00:42:14]:
You just have to, you know, put off the fire or, like, a small or, like, even a wide that. So you end up doing that, and you just just take a break and then look at what you collected. There’s there’s a whole list of toys. And then you start to look from the lens of efficiency and how will your team’s productivity and and have you created your cottage industry of engineering. And those are the drivers that got me to think, why should I spend time on this? Why can’t I be, like, laser sharp in just managing these threats? And and and that is what got me to start thinking and exploring into that area. And I don’t care as sort of a well accomplished in the space. I’m in the journey, and and this is just a early stage of sharing the insights and how we’ve taken this approach. And and equally, like, you know, I’m sure Clarissa, you’re gonna speak to multiple other cyber leaders like myself, and I’m keen to hear, like, what others have thoughts in this space.

Share This