Orange Cyberdefense, a France-based cybersecurity company, is capitalising on its home market strengths in an effort to expand its security portfolio but challenges remain.
The company’s expansion strategy is based on acquisitions, and its integration of recently bought SecureLink and SecureData will be crucial to its success.
The strategic growth plans laid out by Orange Cyberdefense at its recent Analyst Day in Paris were impressive. The cybersecurity business has grown since its inception, mainly because it has been able to capitalise on its strengths in the home market with a strong security offering addressing global multinationals with multi-country locations, as well as serving the midmarket.
Its scale may not be on par with some leading providers but it is still impressive. There are 1,300 professionals within Orange’s security business alone, 10 Cyber Security Operations Centres (SOCs), 16 Security Operations Centres (SOCs), 4 Computer Emergency Response Teams (CERTs), and presence across Europe, the Asia-Pacific, Africa, and the US.
The company has as its goal to become a EUR 1bn revenue-generating company by 2022, and it aims to do this by cross-selling through Orange Business Services (OBS), directly and delivering within its security offering high touch cloud-based security services and verticalised point-to-point solutions around operational technologies and Internet of Things (IoT).
The company acknowledges that its grassroots stem from networks, and even though Orange’s Cyberdefense business operates separately, its approach to addressing the security segment is tactical, where it hopes to capitalise on the ability to leverage its networking business and client base across OBS.
Overall, Orange Cyberdefense has a promising future on paper but there are a number of hurdles that it will need to overcome as it moves forward.
These include the acquired businesses being able to successfully integrate and operate within Orange Cyberdefense, the level of success Orange Cybersecurity will have with its rebranding and associated marketing, and the company’s ability to be a major global player in cybersecurity and compete successfully with leading providers in regions outside its home territory.
Orange itself put it nicely: “Security is not just a business; it’s about building trust in the company offering the service.” Security providers have common security software vendor alliances across similar portfolio areas. Therefore, how does a security provider partnering with a leading software vendor truly differentiate itself from its competitors and add value?
In our view, trust is not just about the coverage security providers have in terms of number of SOCs, endpoints managed, or threats detected. It’s about the ability to approach security from a service-centric perspective that adds true value to a given customer in a given segment. So, what does this mean in practice? Well, it means moving away from a product approach and looking at ways the security offering simplifies and addresses the business metrics of the security environment for the given client business.
As an example, in the oil & gas industry, this might involve working with the customer to establish the most critical assets within OT and how they all interlink and can be managed seamlessly with operational support. It might also include standardisation and development of frameworks, as well as delivering against those that link security to vertical industry OT environments. Lastly, it could mean defining an approach to governance for industrial security where governance is often left out.
Approaching the market from a service-centric perspective creates relevancy. But, it also requires a shift in mindset by the security provider; a greater understanding of operational, security and IT challenges in vertical segments and refinement of the product marketing strategy.