The UAE leads global economic recovery with impressive 4.1% GDP growth forecasted by the World Bank in February, surpassing Western nations. The IMF’s latest report shows the UAE’s real GDP growth at 3.5%, outpacing most of the Americas and Europe and notably exceeding the G7 average of 1.1% and the Middle East and Central Asia average of 2.9%. Despite this success, global economic challenges have businesses worldwide reassessing budgets, impacting critical sectors like cybersecurity. Thus, Security leaders need to innovate by stretching resources, guiding customers to maximize investments. Channel leaders should engage customers to understand their security suite management.
By Hadi Jaafarawi, Managing Director – Middle East, Qualys
The United Arab Emirates (UAE) is outpacing economic recovery found elsewhere around the world. In February, when the World Bank predicted 4.1% GDP growth for the country, this was hailed as exceptional considering the performance of western nations. And in its latest heatmap of real GDP growth, the IMF put the UAE at 3.5%, greater than most of the Americas and Europe and sitting well above the G7 average of 1.1% with the Middle East and Central Asia average of 2.9%.
Despite this success, business leaders here are part of a global economy feeling yet another pinch. Bracing for tough times, businesses are reevaluating budgets and business leaders are looking around for in-house economies to leverage. This austerity is affecting an area of the business that needs financial commitment now more than ever — cybersecurity. A March 2023 study had 94% of UAE businesses reporting being the targets of emailed-based phishing attacks in the past year. This is just one example of a range of alarming trends that have led to calls for more security investment; some estimates predict as much as 16.4% compound annual growth in the UAE cybersecurity market over the next five years.
Leaders in the security space must now come up with ways to consolidate, not in the classic, budget-shrinking sense, but in the budget-stretching sense. We must show customers how to make their investments go further. Channel leaders should reach out to customers and understand how they manage their security suite. Which shelfware is being used, and which is just a coffer drain? Such audits are extremely helpful and represent many opportunities for the channel partner. Internal politics aside, a partner may discover that a tool is being underused or is insufficient for the task at hand. The partner may discover that the solution requires too much manual engagement for users to be effective when another more automated alternative is available in the market. It may even find that some tools are handling data in ways that are in breach of the customer’s regulatory obligations.
Political theater
When conversing with the customer about the findings, it will be important to let someone within the customer’s workforce take the lead. Convince that liaison of the business costs of the current setup and the business benefits of the alternatives and allow them to go forth as an advocate and make a case for change.
People, processes, and technology must all be part of the assessment. Once that holistic view of the security function is established, you can think about consolidation and where it might occur. Oftentimes, the centralized, single-pane model of cybersecurity will be achievable. Many customers today run a mashup of tools that crisscross disciplines and use cases, spanning security, risk management, identity-management, firewalls, local network monitoring, cloud, and more. While some of this may be pruned or even ripped out and replaced, it is critical not to lose sight of the main objective — better security processes and faster delivery. While bearing in mind what is critical to the customer, however, it should be possible in most cases to reduce vendor counts and pivot to more integrated services and away from point solutions and information silos.
Consolidation can be of the greatest use in cloud environments. Cloud customers must normally run multiple agents to cover all security use cases. Single-pane systems are, therefore, enormous cost-savers. Already, the cybersecurity audit has added value. Channel players can also advise customers on how to make the most of their consolidated suite. For example, an underused threat intelligence feed may have been discovered during the audit. This may have been retained because, while underused, with a few pointers, clients may reap great value from it. Or it may have been flagged by the channel partner for replacement with a service that combines multiple threat feeds for better coverage. This consultation process represents multiple opportunities for building rapport with a customer and ultimately cross-selling and upselling.
Automatic for your people
Today, part of the consolidation conversation with customers must include automation. Indeed, the channel partner’s cybersecurity auditors must be on the lookout for any opportunity to automate processes and allow customers to get the most out of their talent. Security teams work faster and more efficiently, and tend to stay in place longer, if tedious manual processes are taken off their plates. AI has become a natural conversation to have. Most teams are now aware that it has the potential to make their jobs easier and free them up to do the kinds of investigation and strategizing that lie outside the capabilities of narrow AI.
The opportunities found in security consolidation projects continue. Many security teams struggle to communicate their policies and procedures to internal leadership teams and to the C-suite and board. Channel partners can offer risk management support and communication support. Single-pane dashboards are undeniably useful, but security teams must explain what they find to line-of-business stakeholders. Partners can bring their expertise to the table and work with security leaders on how to present data in a way that draws a line between the security function and the balance sheet. This communication is made easier by the consolidation project itself, leading to easier querying and compilation of data through eliminating multi tool complexity. Channel partners can take this one stage further by showing security teams how to demonstrate to CEOs and CFOs the quality and importance of the security function, including any investments made and the people in place.
The underlying truth is that shrinking a cybersecurity budget in the current era is a mistake. The cybersecurity channel should become part of a narrative that shows the criticality of security and demonstrates that greater value can be gleaned through taking a step back before marching forward.