RSA speaks out on security market

As one of the oldest names in data protection, RSA Security is synonymous with encryption, Public Key Infrastructure, and authentication.Network Middle East asked Zane Ryan, RSA Security's channel operations manager for Southern Europe and the Middle East, about the company's plans for expansion in the region.

  • E-Mail
By  Jon Tullett Published  December 7, 2000

Introduction|~||~||~|NME: What is RSA's focus of interest in the Middle East at present?

Ryan: We do have a few partners in the Middle East, and we're looking to recruit more, we're really looking for two types of partners, or actually three types; distributor partners, reseller partners I distinguish between a distributor and a reseller; a distributor is someone that can go out and create demand from end users and resellers for our products. Normally they're someone that works with the reseller channel.

Resellers for us are someone who would buy from distributors and sell to end users. The reseller could be an SI, a whole hosts of types of companies that offer our services.

The third type we're looking for is consulting partners, specifically in security and Public Key Infrastructure (PKI). We have a number of worldwide consulting partners like Price-WaterhouseCoopers, KPMG, Deloitte Touche Tohmatsu, Anderson Consulting - most of the big six are consulting partners for our products, but we're also looking for local consultant partners in the countries in the Middle East.

NME: How many partners do you have in the Middle East at the moment?

Ryan: We've got eight at the moment. Three are distributors, the others are resellers.

NME: How many do you anticipate growing that channel?

Ryan: As many as needed! Particularly on the reseller side, usually the markets are big enough that you can have more than a few resellers, it really depends on the country and the market size - I don't have a specific size in my head that once it gets to that size we'll limit it.

If resellers have the ability to create business, then we're happy to talk to them, but on the basis that they will become certified partners; we have a very strong certification process for resellers, in that they have to take training - sales and technical training on our products. They have to pay for this, and in the technical training they have to pass an exam.

NME: So they would have to have a minimum number of certified engineers available in the field?

Ryan: Absolutely. It varies from two to four engineers, depending on the products they want certification on. They have to make an investment and they have to be committed to supporting and promoting our products.
||**||Low demand|~||~||~|
NME: Is there a strong demand for encryption products in the Middle East?

Ryan: I personally haven't seen a strong demand for it; our encryption products are toolkits for developers to incorporate our encryption as part of their products.

Now, our toolkits are incorporated in over 1000 products such as web browsers; so a lot of our technologies are already incorporated in a lot of the major applications.

The question is, how many software developers are there in the middle east that would want to incorporate our encryption technology? I don't think there are that many compared to what you would find in the west.

But we think there will be some potential for individual companies or organisations that would want to include encryption as part of their in-house or custom-made application. But we don't see a big demand for the encryption toolkits in the Middle East.

NME: There's a fair bit of e-commerce development happening in the Middle East, with a lot of local development. Is that a key market?

Ryan: Absolutely yes, because one of the key things about e-commerce is that in order for it to scale you need to be thinking about a PKI, and all PKI systems are based on RSA encryption and cryptography, and if you want to have applications that are PKI enabled from when they come out the door, then you need to use the RSA BSAFE encryption toolkit. Certainly that would be a very good market for us.

NME: Are there any plans to open an RSA office in the Middle East?

Ryan: Certainly we do plan to open an office, although I haven't got any specifics now on when and where, but that is part of our medium-term plan, and we are looking next year to dedicate more resources in terms of head-count, specifically aimed at the Middle East.

What we haven't determined yet is who those people will be and where they will be located.

NME: What did you want to achieve at Gitex?

Ryan: Two things. This is the first time that RSA, as opposed to a partner of ours, exhibited at a Middle East tradeshow, and the key thing we wanted to achieve there is to make the market aware of the kind of security solutions RSA can offer the marketplace.

The key area we focus on is e-commerce applications to help people put e-trust into e-business; our view is that if you do business, normally there's some level of trust and if you don't have trust there's no business.

Well, you need the same thing in e-business; there needs to be an electronic trust system and that's what RSA can provide.

We'll be showing two solutions that address that. One is our authentication solution, the a-service SecurID products. A lot of people tend to think that with e-commerce we need authentication and they tend to think that therefore we need digital certificates, and that's true to some extent, but again we believe that you should only use digital certificates with strong authentication, by using smart-cards or by using tokens, so you strongly identify without a doubt who the person that you're dealing with is.

Just because someone has a certificate doesn't verify that that is who's holding the certificate. You have to be sure that somehow strongly protecting that certificate and you have some strong two-factor authentication system for identifying who's using the certificate.

The second thing we showed there was our PKI solutions base on our Keon products.
||**||Market needs education|~||~||~|
NME: Do you have any specific goals for the Middle East, or you just taking it as it comes?

Ryan: I would say at the moment that it's the latter. Next year that will change because as we start to dedicate head-count and resources specifically aimed at the Middle East, then obviously we'll be setting specific targets in terms of what we want to achieve. But at the moment I haven't got a figure for "here's what I want to do for 2001 in the Middle East".

NME: Do you face a challenge in terms of educating the market about the need for your products and the availability of skills?

Ryan: Yes, I think both are certainly true. Education in terms of awareness. My territory is Middle East and Southern Europe, and even in Southern Europe we have to do quite a bit of education about the need for security and what we see as the need for security is not so much the need because people should be scared, and therefore they should protect themselves, it's more of you need security because if you want to do e-business people have to be able to trust your e-business, and if they don't trust this they won't do a lot of business with you, even if you set up an e-business environment the chances of it succeeding could well depend on how much people trust you and how confident they feel in doing e-business with you, and therefore if you want to make sure it succeeds and you get the most out of your e-business you need to make sure you've got a good e-security system and that your clients or your users trust it and have confidence it in.

You have to persuade them as well, because users aren't stupid! They know when something is safe or isn't. So you need to show and demonstrate that you've got a good system of security, and if you can do that it's going to help you grow your e-business.

What we're seeing right now in the market is a lot of people are rushing - it's like a gold-rush - "let's get onto the Internet and start selling and providing services and products through the Internet", and not worrying too much about the security.

Maybe they put a firewall in, and anti-virus, but only the kind of barrier-type security. Where we come in is what I call the second wave of security which is the enabling wave of security; allowing people to open the doors up to their fortress and let people come in and to do business with them in a secure way.

And that's the kind of education we're having to do in the market; they're pretty much convinced about the barrier part of it, but really that's not enough.

You need to go to the next level. It's a bit like building a house and having fantastic security but it's so good you can't even get out of the house.

What use is that sort of house? You need to have the enabling part of the security. That's where we come in, and that's the kind of education we're trying to do to the market.

Also specific things like explaining to people the weakness of passwords, and that we have a strong authentication solution with SecurID and ACE/Server that replaces passwords.

Not only does it replace passwords that are unsafe, but also gives you advantages in terms of extra confidence, trust, also lower cost because using passwords have a lot of hidden costs in terms of support that by using tokens a lot of those hidden costs go away.||**||

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code