There is more focus on cloud and networking: Trend Micro CFO

Trend Micro has become a significant player in the global security market and gone past its traditional competitors with its range of security solutions. Interestingly, the company has constantly changed its business strategy to counter the market challenges and tough competition. In order to know more, Dataquest spoke to Mahendra Negi, Group CFO, Trend Micro  during his India visit. Excerpts:

Is Trend Micro a US company?

We have presence across different geographies. Our biggest location today is in Taipei, with around 1200 people. The others include Philippines (Manila) and the US, with equal manpower of around 1000 people. This is followed by Japan, with 800 people and then China (Nanjing), with around 600 people. We also have 300 people working in Europe.

Do elaborate if all of these are development centers?

Among the development centers, the biggest center is at Taipei, which is followed by Nanjing. There is one center in Ottawa, Canada with around 120 people. We have another center in Austin US, which we got through the Tipping Point acquisition, and we have 200 Engineers there. We also have a big operation center in Manila. All of them are non-sale centers. Everywhere else, we have sales and sales support functions (pre-sales, back office etc).

Could you please elaborate on the key focus areas for the company currently, and also tell us about the investments which the company is making?

For us, the underlying philosophy has been that the customer has chosen Trend Micro to help solve a particular problem. In a layman’s term - if the customer doesn’t have a problem, they don’t require us. To give you a simple analogy, it’s similar to a person buying medicine. For instance, a person will buy medicine only when they don’t feel well, not because they like the taste. Our responsibility is to solve the customer’s problem such that they are satisfied.

There are three factors which I would like to highlight. They include:

1) Change in technology

2) Change in user behavior

3) Change in threat landscape

Every time a new technology is introduced, there are risks associated. New technology drives new usability. The change in usability along with the change in technology triggers a change in the threat landscape. The hackers will try to discover new techniques to exploit any vulnerability, either in the new technology, the technology change or the usability change.

So, from the customer’s point of view, the onus is on Trend Micro to address the issue and solve the problem. We have to preempt certain factors like the technology might have changed, and hence the usability has also changed, resulting in a change in the threat landscape.

Our investments today on the users’ side, is on the deployment of cloud technology.  Also, network functions are being virtualized. These are the technology changes and we have to be in sync with these changes because hackers can exploit the new threats. These are our main areas of investment. Since you mentioned consumer, they are also affected by this, however they may not be aware of this.

Notwithstanding, there is a whole new market for IoT which has created a new ecosystem and a new threat landscape. Because there is a device and there is data and in most cases, the data is residing in cloud. We have to provide protection there as well. There may be device-based protection, but it is too early. We have our own R&D team working on these platforms. There is a lot more focus on cloud and networking.

How aligned is India to this?

India has two distinct markets. One is at par with global standards - it is very sophisticated and most of the IT companies, major manufacturing companies and banks come under this category. India has another market, which either because of lack of infrastructure or certain other factors, is lagging behind.

Most of our business happens in the former market which is as sophisticated a market as markets abroad. But, the future potential for India is huge in the area which would currently be seen as a laggard. It is seen as a laggard because of the infrastructure that has not yet evolved. However, it is only a matter of time before the scenario changes.

While Digital India and Smart Cities are drawing a lot of attention, hackers are expected to have a field day. What role can Trend Micro play in ensuring security to digital ecosystem?

I think essentially security has two different aspects, first one is disruption. The disruption risk becomes much bigger if everything is digitally linked. The monetary incentive for the hacker is dependent on the sophistication of the economy. I think India is already reaching that threshold; like I said there are two different parts of India, one which is already very sophisticated and the other which is lagging behind. In my opinion, the government is already cognizant of the fact that cyber security is a very essential requirement for good governance. There is an increased sensitivity to the fact that the government infrastructure needs to be protected from cyber-attacks.

The second would be - the way security is designed or awareness about need for security. Many-a-times, the users are not aware of the requirement of security policy. The third would be that - people have some specific threat scenarios in mind, which they need to = protect against. For the first two, in my opinion it’s just the base level security that you must have. A simple analogy would be - it is always better to design the building in a way that it is hard for it to catch fire.

As far as cloud is concerned, it is believed that once it is matured, there would be trusted cloud providers on whom most of the companies would rely in the coming days. Do you agree to this?

Yes, that would be a function that the big cloud providers will absorb. They themselves would have the scale and you don’t really need to go through a broker. So, I think some basic security will definitely be built into the cloud.

Recently, RBI mandated that the banks need to report any attacks within six hours of discovery. How can banks, if they collaborate well and report these incidents at the earliest, help the overall ecosystem?

I think the information sharing is always good because if our first reaction is to hide, hackers would have an upper-hand. In my opinion, RBI is very right in having that kind of directive. This would be an important learning for others. Quick sharing of such critical information will surely result in a better security reaction from the financial institutions.