In a world in which a whole range of IT products are being turned into as-a-Service offerings, it is no surprise that the security industry is preparing to follow suit.
Cisco is just one of the major tech firms now offering their customers access to people and solutions, not just selling pieces of technology.
Its UKI Security director Terry Greer-King told CBR: "The [security] industry prattled on for years trying to sow seeds of fear, uncertainty and doubt in customers minds, that’s what it was all fuelled upon, it was fuelled upon people operating security. People bought some bits of something then they bought some more bits of technology."
That’ no longer appropriate, he says, as "The world’s moving on at such a fantastic rate."
The former Checkpoint boss also disagrees with the consensus often put out by the industry that boards and C-Suites do not understand the cyber threats their firms are currently facing.
"I believe now boards to get it", he said. "They may not understand the technology but they understand risk, and they understand governance."
This transformation, he believes, has occurred recently – over the last year, but now boards are have increased their awareness about security, and are starting to inquire about it more: "I think there’s huge frustration when they speak to their people responsible for security operations who say "it’s all ok" because they know it isn’t, because they know they’re being breached."
Greer-King thinks that "there is this increasing dissatisfaction I think with security operations being handled by bits of technology that their own organisations are putting in."
Ultimately, no top exec wants to be the next Dido Harding, and find themselves being grilled live on News at 10 because their firm has suffered a massive data breach. None of them wants to be fired for it either (although in many cases that is less painful than a televised beating.)
As a result, they are reaching out to a variety of firms who offer both people and technology that can help avoid that, but Cisco’s gamble is that they want this done in a much more consolidated manner than has been the case in past.
"It’s not appropriate for an individual customer to have 50 plus different vendors in there. It just doesn’t do the job anymore," says Greer-King.
Cisco has recently joined forces with BT, who already had a large stake in cyber security for many years as part of building this consolidated offer. Greer-King believes that the two firms’ strategies and outlook are very much in alignment.
Greer-King says BT is "getting in on this conversation piece which says it is not appropriate to keep delivering what the market something thinks it wants which is another piece of technology."
He says that the firms will be operating at board level to improve client cyber security.
"We want them to start understanding what risk is, as far as cyber is concerned. We want them to start understanding and working out what that process is about evaluating risk. So if they’ve got an annual process which says let’s evaluate risk from an IT perspective…an annual review of cyber security risk just won’t cut it."
Another of the key parts of the services play in the UK that he cites was the purchase of Portcullis. Announcing the deal, Rob Salvagno, the Head of Cisco’s M&A and venture investment team wrote:
"Through this acquisition, we increase our ability to offer robust security, risk and compliance services to help clients overcome operational and technical security challenges, anticipate and respond to new threats, and drive new business."
Greer-King shares the corporate view, that this acquisitions help pull together Cisco’s security offering: "The more we can pull all this together the better off we are in helping customers transform their approach to security with technology but also services. It’s that services layer on the top that makes the fundamental difference because we need to think about people and their behaviour patterns etc."
The move seems to be paying off, for the firm that has traditionally been associated with switch and router technology. "Our biggest area of growth is actually services. Advanced services. Consultancy. Advisory. Managed services," says Greer-King.
Other areas in which Cisco has been acquiring to help boost its security offer is advance analytics, for example with the purchase of ThreatGRID.
That’s not to say that Greer-King does not recognise the challenge his firm has in moving on from the being the switch and router company.
"To stretch your brand and then become the security specialists is challenge."
One of the security services that Cisco offer is Red Teaming – penetration testing by having people break into the system. It is a human offering, not a technology based one, that means customers have to rethink how they approach Cisco.
"When you send them a picture of a Cisco professional sat in their security operations centre between locked doors, air seals behind the admin console…maybe not smiling, and that happens in 24 hours, who needed technology? What did they do? Mostly they might have tailgated someone through reception just like a bad guy would, which people don’t necessarily expect from Cisco."
"Security is much more than technology."