ALKHOBAR, 30 March 2004 — Last week Kevin Isaac, regional director, Symantec Middle East and Africa, was in the Kingdom to conclude a groundbreaking agreement with the company’s new Saudi partner, Information Management Technologies (IMT), a subsidiary of Al-Suwaidi Holding Co.
“Today we are announcing the formation of a managed services partnership between Symantec and IMT,” said Isaac. “Symantec is the world’s largest security company and the most holistic, or end-to-end security company. One of the spaces that we lead in is managed security services. We have six secure operation centers around the world where we physically monitor and manage people’s security needs from an IT perspective. If you look at managed services as a whole there’s monitoring, fault management, reaction services, remediation, change management — lots of different types of management. Some of them require physical monitoring and some of them require people physically on the ground.
“Symantec’s capability and our core strength is network monitoring. For the companies we monitor we can tell any one of them anywhere in the world, within a 10-minute window, whether they are being hacked or not. We’ve got active data interpretation of what’s happening. What we don’t have in Saudi Arabia is the ability to react or respond to such attacks. So what we have created is a new partnership in Saudi Arabia with IMT to provide the front-end to our monitoring capability. IMT is the first partner in Saudi Arabia to have this certification.”
According to Isaac, IMT will offer Symantec’s managed services and do the response, remediation, management, forensics and whatever else is required from a security perspective on the ground in the Kingdom. As IMT’s partner, Symantec will do the network monitoring and provide the technology.
This partnership has resulted in the establishment of a secure operating center (SOC) located in a strategic area in the Kingdom. For security reasons the location could not be revealed. The SOC is controlled and monitored using trained Saudi and expatriate technicians. By the end of March, Al-Suwaidi Holding Company will sign on as the Symantec Saudi SOC’s first customer.
Symantec is already operating six international SOCs located in the UK, in Germany, Australia, Japan, just outside New York and in Texas, United States. If any SOC goes down the others immediately step in as replicates, not as redundant capacity. Through these SOCs, Symantec is already physically managing over 600 clients around the world and crunching over 47 terabytes (47 trillion bytes) of data in real time. The company also has 20,000 probes around the world that deliver information in real time about network traffic and network activity. By analyzing that information, Symantec can spot trends in global network traffic. This information is used to proactively protect Symantec’s clients.
“In terms of our managed services we believe that mid-sized companies will be more open to this concept immediately because they will quickly understand that they don’t have the resources to do this themselves,” explained Isaac. “Large enterprises will come onboard later. Historically large enterprises have had to do things themselves. They’ve built their own infrastructure and capability, but eventually they will realize that this is one area they need to outsource. The bottom line here is that our capability comes from a lot of pain and a lot of experience. Symantec has spent hundreds of millions of dollars and has a core focus on managed security services, whereas for other companies this is not their core business.”
Discussing the new partnership, Khaled M. Al-Suwaidi, managing director, IMT, was optimistic that once the market became aware of the value of managed security services the demand for those services would quickly rise.
“For me as a person, I try to be more of a visionary than the normal businessman,” Al-Suwaidi said. “I believe that IT will play a major role in business, government and all organizations everywhere — even in the developing world. Things have already started changing. Actually within our group I was the executive sponsor for IT as a concept and I have investigated its potential thoroughly. If you look at the future, especially in business, we have to understand that the gateway will be the Internet. The minute you start using the Internet and communicating with others and doing transactions it means you are vulnerable. This is because you are not open to just Ras Tanura or Alkhobar, you are open to the world. So now the door to my house is open. I want to know who is getting in and what he is taking out of my house. What did he see in my house? Did he go into my bedroom or did he stay in my living room?”
Al-Suwaidi continued: “Here in the Kingdom lately there is the trend of companies spending enormous amounts on IT. This is wonderful. But a company’s IT infrastructure will not pay off if the community they work with, their suppliers and contractors don’t communicate electronically. They have to do their business together, electronically. Now enterprises are creating awareness that electronic is the way to go. But the more companies open up the more companies will become vulnerable. Once they realize they are vulnerable, they will move to protect themselves. Some companies will try to do this by purchasing products. That won’t be effective. Products have to be monitored and managed. To do this 24 hours a day, seven days a week, looking at the current resources available in this market, this is simply impossible for companies to do on their own. Some large companies might try, but managing information security is a specialty job and it’s easy for the inexperienced to make mistakes. So the opportunity for managed security services is huge.”
Al-Suwaidi emphasized that network security is a growing concern even for companies that have had sophisticated networks for years.
“As a businessman when I think of our own corporate security, believe me I start worrying,” Al-Suwaidi said. “Traditionally businessmen are used to seeing the instruments of business. We used to physically sign purchase orders and contracts. We are used to holding such documents and filing them away. Now we electronically sign a document and it disappears. Where does it go? I have to trust that the system is handling the documents and information properly.”
“At Al-Suwaidi Holding Company we are committed 100 percent from our side to this new partnership and I am certain that Symantec is committed as well for the long term,” he added. “This kind of service is not something that you start on a whim. This partnership requires vision. You have to see where business is moving five to ten years down the line and you position yourself to meet those market realities. You target your market and educate them and make them aware so they can appreciate the service being offered. Security is no longer an issue for the IT department. Security is an issue that is reported to a company’s board of directors. In our company we have an IT committee that takes care of everything and they are empowered to make all decisions except those on security issues. Security issues must be considered by our board of directors because this is our information, our know-how, our bread and butter that could be destroyed.”
But how can Symantec and Al-Suwaidi Holding convince the Saudi market of their vision?
“Symantec has done a lot of work on return on investment because we believe that when you buy security it seems almost intangible,” Isaac remarked. “With ideal security, the less that happens to your network and data, the better. But then its value is hard to quantify. What Symantec has done over the years is to create analyses of what it costs companies to recover from threats. If you value the costs of basic IT security equipment and software as ‘X,’ then the input costs of monitoring, managing, training, implementing and configuring will be 3X. The cost of system recovery, actually going through and repairing a system after an attack, can be as much as 10X. If you can avoid even one critical attack, then you can justify the entire cost of the IT security by more than a factor of 2. This is before even discussing things such as brand equity, corporate confidence, shareholder value, business impairment, trust and reputation. What is the worth of these intangibles? All you need is one critical event to happen in the area of network security during the life of a company. That critical event can affect the profitability, the trust and the value of a company over time.”
Isaac pointed out that managed services spread out the costs of certain aspects of IT security among many companies as they all share the provider’s information and knowledge base. Additionally, managed services allows network security to become a monthly fee rather than a huge investment. This improves corporate cash flow and builds in a service level agreement to guarantee satisfaction.
Isaac also hoped the local community would be satisfied with Symantec’s attempt to add value to the Saudi business environment.
“The vision for Saudization is something that Symantec supports,” said Isaac. “Localizing our managed services capability is part not only of that initiative but it builds trust. Our environment is tightly auditable from start to finish. By bringing in Saudis and localizing the capability through our partner, we are bringing in a certain amount of recourse and transparency. We are empowering a local company, transferring knowledge to a local company and building skills with local people. The bottom line is that our technology is needed. Our capability is needed. We aren’t arrogant about that. At Symantec what we want to do is work with local people to prove our value and to show that we have integrity.”
* * *
(Comments to [email protected])
