Exclusive Interview: Praveen Kulkarni, Country Manager, Micro Focus

Overview of Micro Focus. What are the recent developments?

Micro Focus is one of the largest pure-play enterprise software companies in the world with over $3.3 billion in revenues, spread across 50 countries. Our presence in India is vast as we have close to 4,800 developers worldwide and a large part of these developers are based out of India. We aim to convert our customer’s businesses into a seamless digital transformation journey with the help of the following core focus areas:

• Enterprise DevOps – it primarily tests quickly and releases the speed
• Hybrid IT Management - it aims at agility in managing on-prem and on the cloud together
• Security, Risk & Governance – it focuses on securing identity applications and data
• Predictive Analytics - it helps in insights, to feed into the applications as well as the businessX

Organisations will move towards better services and protection from cyberattacks, going forward, hence there will be a shift to cyber resiliency. We, at Micro Focus, are aiming to move our customers into a resilient and cyber-resilient environment. It is imperative for organisations to anticipate the attack while continuing operations at the same time. There is an immediate need to secure identity, applications, and data to ensure there is no financial loss. Having said that, organisations need to look at threats, identify and mitigate them on a real-time basis to survive and thrive.

How are the end customers adopting the latest technologies while transforming digitally? What are their thoughts in today's scenario?

Digital transformation (DX) focuses on enabling applications and adapting to the latest technologies. In developing these applications at speed, businesses are now looking for a key differentiator, and that is where a whole DevOps platform comes into play.

Digital transformation has changed the whole move to mobility and cloud. Earlier, it was on-prem, virtualization, and now there is an apparent move to the cloud. Previously, there were some primary testing applications, which were there on the cloud, but currently, direct production applications have moved to the cloud. Hence, there is a need to manage as customers to have a multi-cloud strategy.

In comparison to the past few years, DX has currently seen massive adoption within the organizations, facing limited disruption, in contrast to other organizations who implemented digital transformation at a later stage of their primary core processes have faced delays in the first two to three months during the pandemic. At the same time, every organization shifted to work from home and hybrid working model. It became critical to place security to secure primary business processes.

Companies and the employees are working from home. So, the primary concern of the companies is security. So how is Micro Focus helping those customers, what are the different solutions and the latest technologies you are bringing in to this change?

During the pandemic, we have reached out to a few of our customers, delivering key and slim set of software's that would help them in operation, and offered it at no cost. We helped our customers put this in place to sort the tide over this period.

Few things have changed from a Security perspective evolving our whole platform, from cybersecurity, into cyber resiliency. There are multiple frameworks present in the market, and one of them is NIST. It has been widely used in assessing the critical assets within the organisation to protect risks from single to multiple layers of protection. When the attack occurs, customers can identify within the attacks, what is the maximum risk, and can respond and recover. Cyber Security aims to assess, protect, detect, respond, and recover. While shifting towards cyber resiliency, the number of risks has increased, along with a requirement to continue to work without interruption. During the pandemic, there has been a quantum of attacks that have occurred, increasing the shift towards cyber resilient to protect the data from further attacks

Where do you see the maximum traction of digital transformation happen during this pandemic time? Which industry or vertical gained maximum traction and opportunities?

We have seen significant investments happening from BFSI and IT sector. Since the Digital India initiative, there has been a rise in investment from the government and public sectors. Therefore, we have seen primary investments coming from these four verticals.

What are your go-to-market strategies for the new normal?

Customers and enterprises have connected with our cyber resiliency strategy, which focuses on the critical matters of the organisation. These are enterprise applications, data, and it needs to have an overarching next-gen software around this. Most of the attacks that happen in an organisation are because of compromised credentials. And hence, it becomes critical to protect identities as attacks always occur on an application.

It has become vital for organisations to protect the application against attacks due to data.  Data is a crucial part for the organisations. Cyber Resiliency comes into play to protect data, irrespective of different levels of protection levels that have been placed to seek threats along with anomalies within the system. Next-gen SOC plays a crucial role in detecting both known and unknown threats, along with identifying threats in real-time and mitigate them.

How migration to Zero Trust Framework and software solution would redesign in 2021?

Zero Trust has become critical, as companies have moved towards the cloud and started working remotely.  The need for Zero Trust has become crucial to access a service; there would be the requirements to identify, authenticate, authorize, and ensure that customers have an audit in place because the rate at which entities are growing for bringing the necessary changes.

Zero Trust Framework has become critical for every industry. There is much focus coming from zero trusts, which is primarily to identity and access management, within that, there is much cyber resiliency, that has built. If identity is already compromised, there are ways for the company to mitigate that through multi-factor authentication. Micro Focus has a net IQ, called risk-based access control. If our access is risky, then organisations can ask for the next level of authentication. Identity governance becomes essential. To see the changes that have happened within the whole identity setup. If there are anomalies that can be stopped quickly, the social impact becomes significant, because, at the time of an attack, the privilege access management solution is going to see how to look at a solution and know what change customers are making to critical solutions. There are multiple ways one can look at zero trusts and make it resilient.

Tell us about your partnership with iValue for your distribution model for partner ecosystems.

We have a strong relation with iValue over the years. We have the top four solution areas on which we focus diligently are identity, access management and application security. In the market, we aim at data privacy and next-gen SecOps. iValue, as an organisation, build its GTM, which primarily mirrors ours. They have skilled resources, both from a pre-sales and solution perspective. And there are verticals where we go jointly with them and address, and it is pretty strategic.

What are the other security trends for 2020?

• Rise of DevSecOps: IDC has predicted about DevOps resources, close to 75% of them agree that security needs to be built into DevOps. Practically, only 40% have united DevOps in security, the need for this is becoming more strong as we go. Digital transformation has changed the companies completely and is focusing on developing software. Organisations are utilizing commercial code, custom code, and a lot of them are using open-source that exposes them to vulnerabilities. There is always a need to have continuous release. That is why companies are looking at DevOps, and they are looking at CI/CD which is what we do to help companies shift left in this whole CI/CD pipeline. We focus on embedding security at an early stage of the software development cycle.
• Modern secure access: Since the past few months, we have shifted to work from the home model which has augmented security requirements. The level of securities that enterprises put cannot be very straightforward but require layered security access, irrespective of users and application. There will be a need to have consolidated identity management across organisation and locations to ease and standardized access technologies like Single Sign-On bring on. And very importantly, the need to have various levels of access in control, whether it is role-based access control, or it is a risk-based access control so that at any given point of time, the company will be able to ensure that security is in place. Technologies like multi-factor authentication and privileged access management become critical in situations like this.
• Unified security frameworks: According to IDC, by 2023, there will be a shortage of qualified security resources due to limited staff, investments will be more towards unified platforms and frameworks. Companies will look at investing a unified framework, for example, a mixture in SOC, where there is a long management layer, a SIM layer, where they will have a user and entity behaviour analytics layer and have stored all integrated into a single platform. So that one platform can identify new threats, look at anomalies within an organisation, identify unknown threats and give a list of high-risk entities or behaviour, which the SOC analysts can identify, investigate, and integrate. One would be able to manage, maintain security posture, but can do that with fewer resources with video offload a lot of the investigation process to the systems at the back end.
• AI and ML become more resilient: In technologies, we focus on user and entity behaviour analytics as, the fastest way to identify a threat is through an assigned date. It can recognise the threat in real-time and quickly identify and mitigate. Companies are establishing self-learning system into place to detect the kinds of threats, or we have a solution called Intersect, which remains within the system and looks at all activities which happen within the organisation for its user, device, application, or service. It builds a base like 450 data models that use Machine Learning and Artificial Learning in making the base layer.

At every entity, it takes the next action, compared to the normal which is decided by the machine. And if it is anomalous, that event is then stacked up, compared to pure. When an organisation has thousands of entities to manage, it is spread across locations, becoming essential for them to treat AI / ML into analytics.