Videos

The State of Secure Access Interview - Part Two

Presenters:
Sudhakar Ramakrishna, CEO Pulse Secure
Jeff Wilson, Senior Research Director Omdia
Read Transcript

Sudhakar Ramakrishna:

Jeff, the discussion and the events around phishing and ransomware is quite rampant in the world. And we also discussed the IOT security issues in the previous thread. Can customers simply rely on endpoint security detection tools for their evolving and emerging threats?

Jeff Wilson:

Yeah, that's a really good question. I mean, and if you listen to those endpoint vendors the message is very much like we solve every problem. But we all know that that's never really the case. And there has always been a bit of a bifurcation between identity and authentication and secure access and kind of the threat detection and mitigation space, whether it's in the endpoint, in the network, or in the cloud.

Jeff Wilson:

So I think the truth is you're going to need next gen endpoint. Some companies are still going to be buying traditional endpoint software EPP software and layered on top of that is going to have to be the secure access. And obviously the more you can tightly integrate when there are functions that you don't have that an organization needs, as long as you're working with the vendors in that space to integrate and to compliment each other, I think that's the way most folks are going to go. I think there is still a very strong requirement for secure access in the endpoint, distinct or unique from the next gen endpoint.

Sudhakar Ramakrishna:

Yeah, I agree completely with you that endpoint security has got a role in the ecosystem.

Jeff Wilson:

Yeah.

Sudhakar Ramakrishna:

But we look at secure access comprehensively across users, devices, networks, and applications. So it's a totally integrated perspective from that standpoint.

Jeff Wilson:

So given sort of the understanding that endpoint is going to be an ecosystem of different technologies and vendors. What ultimately is Pulse's role in that ecosystem? What do you do that you're not going to get out of a next gen endpoint solution?

Sudhakar Ramakrishna:

We complement and supplement the other endpoint security vendors. As in, in addition to looking at users and their identity, we are able to explain the security posture and the device posture of a device and establish it and assert it. For instance, does it have the right wireless protection? Is it compliant to the regulations and policies that have been established by the administrator from a secure access standpoint? So we look at the endpoint detection and protection in the context of an overall secure access strategy as opposed to the endpoint itself.

Jeff Wilson:

So then what do you do if you find something out of compliance? Or what can your solution do in the case where you discover something's not the way it's supposed to be?

Sudhakar Ramakrishna:

The solution is the keyword here because we do it in the context of the overall secure access policies. So it could be as simple as quarantine that device if it is not compliant. It could be re-rate or de-rate their service, such that they can only do a specific and small number of things and still be productive while remedial steps are being taken care of. So we work with the administrators on providing them flexible ways to categorize their policies, such that their users and devices and environments are always compliant.

Sudhakar Ramakrishna:

Jeff, obviously compliance is a very critical and broad topic. With CCPA and GDPR there's obviously a heightened recognition of this amongst our customer base. What are you seeing in the industry at large?

Jeff Wilson:

Yeah, I mean compliance is always kind of a driver that causes people to move. It's not often, and I would say in the case of secure access, it's not the number one thing forcing them to move. I think these architecture shifts, moving to the cloud, and IOT are kind of more significant day to day problems that they face. But certainly the speed at which they roll out and their vendor selection and how those vendors help them deal with compliance is definitely driven by compliance requirements. And certainly in situations where there could be possibly fines for being out of compliance that will force people to move a little bit faster than they would have before.

Jeff Wilson:

So lots of security vendors and solutions are going after kind of the compliance angle of spending and budgets. So what do you guys sort of offer? What's your value add offer from a compliance perspective?

Sudhakar Ramakrishna:

Jeff, as we discussed compliance is a very broad topic. We address it in the context of secure access. For instance, a number of our customers are in regulated industries, specifically like financial and healthcare, et cetera, have very specific and emerging requirements by the regulators. That for instance, say, if you are in a wifi hotspot or in a coffee shop, when you are an end user and you flip open your laptop, you have to be instantly on their corporate network. That requires tremendous innovation on user experience, encryption, connectivity, and understanding the device posture itself. Those are the compliance requirements that we are fulfilling right now, which are pragmatic and consistent with regulatory evolution. In addition to that, because we provide a unified policy, we are also able to give them better ways of staying compliant. Because oftentimes compliance is broken when you have to update multiple policy engines and you create mismatches that leads to security holes and then obviously bad things happen. So by simplifying the policy engines, by creating user experience, we are providing a better level of compliance to our customers.

Jeff Wilson:

So going back to the early days of remote access user experience, and I will say painful user experience, has always been an issue. Clients have been clunky, hard to use, work intermittently. So what have you guys done to really improve the user side? Because users are a big part of what you're doing. Many security solutions get installed in place and the users never know they exist, whether they're doing their job or not. But this is a case where you're really touching the user and their experience. So how do you improve their experience?

Sudhakar Ramakrishna:

Absolutely. At Pulse we have this belief system that security should be about access, not about control. Not just about control, I should say. The point being ultimately our job through improving user experience is to increase the productivity of the enterprise. So we've done a number of things that collectively add up to superior user experience. For instance, we have unified our clients in such a way that it does not matter whether you're outside the network or inside the network. You don't have to go through again, reauthentication, reconnect protocols, et cetera, which kills user experience.

Sudhakar Ramakrishna:

We have unified our policy engine such that the administrator's user experience is also simplified because as you know, IT needs are exploding, but the number of administrators sometimes is actually decreasing. So we need to take care of their user experience as well. And then there are examples, like the one that I gave you with regards to compliance for instance, where you want to be instantly connected without the user actually having to do something. So a lot of work actually goes on in the background by our software to deliver that superior user experience and access without compromising security needs and compliance needs of our customers.

Sudhakar Ramakrishna:

Jeff, how do you now see the evolution of secure access in the enterprise customer base and markets at large?

Jeff Wilson:

Yeah, I mean there is definitely a move to converge solutions, to converge vendors, technologies, to reduce the number of individual levers and components in an enterprise security infrastructure. And it's a good move because that's how we start to eliminate gaps and holes that are easily exploited. But if you look at sort of the primary platforms that we're converging around on the endpoint in the network, like the firewall in the network or in the Cloud, there is no comprehensive set of secure access functions in any of those devices. So there's still a requirement for a secure access piece that is aware of endpoint network and Cloud. So you're not going to get it from any one of those individual places, it has to come from a solution that has visibility and understanding of all three.

Jeff Wilson:

So given this move towards consolidation, simplification of infrastructure, reduction of vendors and solutions, how do you guys address that issue? And what's next for you?

Sudhakar Ramakrishna:

Today in the context of consolidation and simplification, we deliver entire secure access solutions as suites. Each of them provide expanding capabilities to customers. In providing integrated suites, we are able to simplify their operations and give them superior economics in addition to obviously providing them comprehensive and integrated secure access solutions. Now the next phase of our journey of secure access is to give them further options. For instance, they may want to consume this as a Cloud service. They may want to consume this from a Cloud service provider or an MSSP. Again, it's all about giving customers flexibility and optionality of the best in class secure access solutions. And that's what's in store for our customers as we evolve into 2020 and beyond.

Sudhakar Ramakrishna:

Jeff, it's been a pleasure talking to you today. I know you're super busy with various engagements, but I appreciate you spending a few minutes with us today.

Jeff Wilson:

Yeah, no problem. It was great talking with you and always an interesting topic that I had been following for more than 20 years at this point. So it's interesting to see how it continues to evolve as we move into the Cloud and beyond.

Sudhakar Ramakrishna:

Thank you. We are excited about our journey.