Aruba Leader Keerti Melkote: Building Security From The Inside 'Still An Untapped Opportunity'
Despite the seemingly never-ending stream of threats and the ever-growing number of solutions to confront them, Keerti Melkote, co-founder and general manager of Aruba, an HPE company, argues that IT vendors and solution providers have not yet realized the opportunity available to them in security.
"We've been making investments in how you build security from the inside," Melkote said. "The products need to be secure, but more importantly, the processes, the ability to know who's on the network, know what's on the network, know what they're doing and then doing continuous monitoring to ensure that bad things are not happening is an equally important priority, and it's still an untapped opportunity,” he said.
"While you still need the defense on the perimeter, the modern threat is coming from the inside," Melkote said in an interview with The Channel Company Executive Chairman Robert Faletra and CRN News Editor Steve Burke at the 2018 Best of Breed Conference in Philadelphia Tuesday.
[Related: HPE Aruba President Melkote On The 'Urgent Need' For Partners To Respond To Digital Transformation]
Aruba's efforts to shift to a focus on securing the network from the inside have become increasingly important as more and more IT functions move to the edge of the network, Melkote said.
Melkote, who founded Sunnyvale, Calif.-based wireless networking pioneer Aruba Networks in 2002, said the company's focus on securing the network from the inside gives it the opportunity to disrupt a market that remains committed to combating threats on the perimeter.
"The security market for the most part is an outside-in security market," Melkote said, but threats from the inside, gaining access through email and other means, "is probably the No. 1 threat in the market."
To combat those threats, Aruba is focused on delivering security as a service, but solution providers need to develop those skills if they're going to realize the opportunity that comes with the inside-out approach, Melkote said.
"One of the skill sets that is sorely missing is the ability to operate a Security Operations Center," Melkote said. "I think machines are going to help in a big way to reduce the number of false positives. AI, machine learning is going to be a big trend to help in that area."
Barry Shevlin, CEO of Vology, a Tampa, Fla., solution provider that works with Aruba, said Melkote's vision for security matches with what he's seeing in the market: The IT operations of all but the largest enterprises are understaffed and hungry for next-generation security solutions delivered as a service.
"Security is top of mind for everybody, and budget is shifting there, and security on the edge is just as important as anywhere else in the infrastructure," Shevlin said. Vology has invested in the capabilities necessary to deliver security as a service in response to demand from customers, he added.
"Unless you're a Fortune 500 company, you're going to have to consume security as a service because you're not going to be able to afford to build that team and retain that skill set," Shevlin said. "We've been talking about the talent shortage for solution providers but not customers -- and that's probably the most difficult skill set to find today, so customers want to consume [security] as a service."
The transition also requires solution providers to adopt a recurring revenue sales strategy, which is both a challenge and an opportunity, Shevlin said.
"It's helping us grow our recurring revenue stream, which is a focus for us, but in many cases we're sacrificing some hardware sales and some margin at the same time," Shevlin said. "It's monetizing the customer for a longer period of time as opposed to large, one-time up-front sales."
The move to the edge, and the delivery of major IT functions like security to an API-driven, as-a-service model means the end for the vast, proprietary stacks vendors often try to lock customers and partner into, Melkote said.
"Lock-in is a massive issue in the infrastructure space," Melkote said. "The market is moving way too fast. Agility is the name of the game and a single vendor cannot do everything … if you embrace that world, multivendor has to be in the DNA. … You have to think about what is best for the situation and make that choice. Anyone who is trying to lock a customer in, there's an allergic reaction to that from the customer. The rise of the API economy breaks that single vendor proprietary lock-in."
Shevlin said Aruba is a leader when it comes to open ecosystems.
"It's great that they take an open approach to things," Shevlin said. "They're not going to put you in a position where you have to deal with vendor lock-in, and I think that's smart. It's an API-driven world. No infrastructure is going to rely on just one vendor. You need to have the parts and pieces work together and monitor them together as one. Keeping them open is really important. Having proprietary tools that only work on your stuff is not a good idea."