- Orange Cyberdefense has an aggressive strategy to drive its cybersecurity business by capitalizing on its strengths in its home market and expanding its security portfolio.
- Acquisition is part of its expansion strategy, with the purchase of SecureLink and SecureData. The seamless integration of these businesses will be important to its success.
The strategic growth plans laid out by Orange Cyberdefense at its recent Analyst Day in Paris were impressive and tactical. The cybersecurity business has grown since its inception, mainly because it has been able to capitalize on its strengths in the home market with a strong security offering addressing global multinationals with multi-country locations, as well as serving the midmarket.
Its scale and proximity may not be in par with some of the leading providers, but is still impressive. It consists of 1,300 professionals within Orange’s security business alone, 10 cyber SOCs, 16 SOCs, 4 CERTs, and presence across Europe, APAC, Africa, and the US. The goal with all of this is to become a EUR 1 billion revenue-generating company by 2022, and it aims to do this by cross-selling through Orange Business Services (OBS), Directly, and delivering within its security offering high touch cloud-based security services and verticalized point to point solutions around OT and IIoT.
The company acknowledges that its grassroots stem from networks, and even though Orange’s Cyberdefense business operates separately, its approach to addressing the security segment is tactical, where it will capitalize on the ability to leverage its networking business and client base across OBS.
There are some clear unique selling points in its core security platform offering. These include: i) a credible managed threat defense based on proprietary threat intelligence encompassing a third-generation sandbox for efficient analysis and better actionable insight; ii) Cortex – advanced malware analysis; and iii) DNS visibility proprietary sources, providing early attack visibility and richer signal intelligence.
So, overall, Orange Cyberdefense has a promising future on paper as it moves forward with its strategy. However, there are a number of hurdles that it needs to overcome as it moves forward. These include the acquired businesses being able to successfully integrate and operate within Orange Cyberdefense, the level of success Orange Cybersecurity will have with its rebranding and associated marketing, and the ability for the company to truly be a major global player in cybersecurity and compete successfully with leading providers in regions outside its home territory.
Orange itself put it nicely: “Security is not just a business; it’s about building trust in the company offering the service.” Providers usually have common security software vendor alliances across similar portfolio areas. Therefore, how does a provider partnering with a leading software vendor, with which several other competitors also partner with truly differentiate itself and add value? Or, does a provider actually need to differentiate?
In our view, trust is not just about the coverage MSSPs have in terms of number of SOCs, endpoints managed, or threats detected. It’s about the ability to approach security from a service-centric perspective that adds true value to a given customer in a given segment. So, what does this mean in practice? Well, it means moving away from a productized approach and looking at ways the security offering simplifies and addresses the business metrics of the security environment for the given client business. As an example, for the oil & gas industry, this might involve working with the customer to establish the most critical assets within OT and how they all interlink and can be managed seamlessly with operational support from SOCs. It might also include standardization and development of frameworks, as well as delivering against those that link security to vertical industry OT environments. Lastly, it could mean defining an approach to governance for industrial security where governance is often left out.
Approaching the market from a service-centric perspective creates relevancy. But, it also requires a shift in mind set for an MSSP; a greater understanding of operational, security, and IT challenges in vertical segments; and a refinement to the product marketing strategy.