What do you get when a bunch of former IBM and Cisco security specialists get together? Sydney-based security services outfit, earthwave. The company was founded seven years ago by managing director, Carlo Minassian, who has also worked for IBM. He recently spoke with ARN about how the company survived its first three tumultuous years and what it had in store for the next 12 months. Minassian also discussed how earthwave fits into the security landscape and how the industry has evolved in recent years.
What was the motivation behind the formation of earthwave?
There was a big gap in what we thought the market needed in terms of security and what was being delivered by existing organisations or service providers. With that in mind, we conducted about nine months of research in the industry and as part of that, we went to the US for a three month period and evaluated a lot of the technologies.
The reason we did that was because we really wanted to differentiate ourselves and we found that, at the time, one of the key items of differentiation was the ability to provide real-time threat analysis and instant response.
We focused a good nine months of our efforts into developing intellectual property in terms of technology, people, infrastructure and the know-how for building and delivering real-time threat analysis in an instant response. Once that was in place, we built our remaining services on the back of that. It doesn't matter if it was a firewall or an intrusion prevention system or what it was we were managing or monitoring, we were able to offer a real-time service around that.
The first three years were really hard for our business in terms of being a self funded and privately owned company. Building a business organically and making sure that it is sustainable and profitable, with a service model that was difficult to replicate by our competitors, was also hard.
Once we got past that three year period, we grew threefold in terms of our revenue. It has really helped our cause to educate the customers and help generate demand for managed security services.
How did you get over that three year hurdle?
We got through it with a lot of difficulty but received a lot of support from our families. The four of us that initially started the business didn't pay ourselves for three years. We depended on our families in terms for our day-to-day financials but once we got over that hurdle and gained some notice in the market, we grew quite quickly. One thing we didn't do was hire a lot of sales people and spend a lot of money on marketing.
We built a business that was based on a channel strategy. That meant we had to build earthwave in a way that was quickly used by existing brands, trusted companies and service providers to take security to market. All of our back-end collateral, intellectual property, reporting and everything else is branded for our partners to take to market. We've got just over 40 channel partners. Some are large ISPs, integrators and security companies that resell earthwave services. We have broken these partners out into three categories - associate, premium and elite - which really helps us to scale. We are focused on growing our number of elite partners.
Who do you perceive as your main competitors in the market?
Those who have chosen to build their own security services and pure play managed security service providers. Some of those are carriers and most of them have a business outside of pure managed security services. When you look at a handful of competitors, none of them are Australian or pure-play security service providers because they do all sorts of things and security is only a part of their business.
Where does earthwave fit into the whole security landscape?
We cover the entire space apart from writing our own technology because we use best of breed tools. We offer security consulting, managed security services, secure hosting, secure Internet gateways and security solutions. The reason we can do all of that is because all we do is security and we can focus on almost all aspects of it.
Since the company was set up in 2000, how have you seen the security landscape change?
Customers are becoming more educated and are realising that point solutions are not the answer anymore. A lot of them used to believe that point solutions were the answer to all of their questions instead of treating security as a process and building it as a part of their network. A lot of them will buy one firewall and believe that they are secure enough or buy the latest hype in the market and believe that's it. Customers are treating security as a process and building technology around it to have a more holistic approach. In terms of managed security, I'm finding customers are also becoming more educated and are going to market with specific requirements in terms of service levels, reporting, threat analysis and instant response. New technology is hitting the market as well. You didn't have such a broad area if you looked at the market about five or six years ago - things such as identity management, wireless intrusion prevention and detection, security information and event management didn't exist or there wasn't enough demand. As the type and complexity of attacks and vulnerabilities change, a need has been created for new technology to counteract that.
How has earthwave adjusted to meet these changes?
CM: We have led in many areas and have continued to invest into the business to ensure we are one step ahead. We are always looking at building new services and processes to make sure we are ahead of the curve.
What markets do you currently focus on?
All of our customers are in the medium to large enterprise space. We've got more than 200 customers now and I find that ones that have something to protect will invest in and recognise the value of security. It is mainly government, healthcare and finance industries with a national level of security data to protect or even a critical infrastructure like gas, energy, and those kinds of organisations.
Within the security space there has been a lot of consolidation. Will earthwave be part of that?
No. What we have done is considered our options in terms of growing the business. The rate of growth we have experienced to date has been more than fast enough for us. If we weren't growing as fast as we wanted to then most certainly we would look at other means of growing the business either by acquiring a company or gaining more venture capital to build it but we haven't needed to do that. We are reinvesting our profits into the business and growing organically, which has proved sufficient. We don't have plans of selling or buying companies as such. We're having too much fun growing the business.
More security is also being built in other technologies such as networking equipment. Have you considered partnering with a vendor to tackle that side of the market?
We have partnered with Cisco and support their entire security portfolio. We find that a lot of integrators, outsourcers and service providers are building networks without security in mind. This has been a challenge for us when we go in at a later stage and recognize that the customer's budget has already been spent on their network and they have got a limited budget on security or no budget in many cases. At times, it has been challenging for us to go in and educate integrators and service providers to build security as part of their initial design. We have gone in at the last minute and there are many occasions where we have had to do exactly that and tell them that they have missed the boat, even though the network has been built and they now have to rebuild it so they have to bolt on security instead of building it as a part of their network.
What are earthwave's plans over the next 12 months?
We will be looking to focus on growing each of our service portfolios. Some of them are growing faster than others so we need to make sure that we are giving enough attention across the board. Our focus is to double the number of staff that we have and we would like to try and at least double our revenue like we did last year. If all goes to plan we are looking at bringing on another 14 staff in the next 12 months. We are recruiting five staff right now, because of the growth that we are experiencing and most of them are in the security operations centre, senior security analysts and engineers.
What do you expect to see happening in the security market over the next five years?
I think more consolidation will happen and we will see more acquisitions from vendors. I believe vendors will start getting into the managed security services market. Al the carriers will also be in it, if they are not already. I think, as a result of that, prices for managed security like managed firewall services will drop considerably. Areas such as security information, event and identity management as well as wireless security will get a much bigger focus as more customers look at investing in those areas.