SAP Ariba’s President Barry Padgett on building the intelligent enterprise

The next BriefingsDirect digital business innovation interview explores how critical business functions provide unique vantage points from which to derive and act on enterprise intelligence.

These classic functions -- like procurement and supply chain management -- are proven catalysts for new value as businesses seek better ways to make sense of all of their data and to build more intelligent processes.

Listen to the podcast. Find it on iTunes. Get the mobile app. Read a full transcript or  download a copy.

Here to help us explore how businesses can best operate internally -- and across extended networks -- to extract insights and accelerate decision-making is Barry Padgett, President of SAP Ariba. The interview is conducted by BriefingsDirect's Dana Gardner, Principal Analyst at Interarbor Solutions.

Here are some excerpts:

Gardner: Businesses want to make more sense of the oceans of data they create and encounter, and even to automate more of what will make them increasingly intelligent. Why are traditional core processes -- like procurement, spend management, and supply chain management -- newly advantageous when it comes to allowing businesses to transform? 

Padgett: We have had a really great run over the last several years in terms of bringing intelligence and modernization to the front ends of our businesses. We have focused on customer experience, customer engagement, and linking our business activities directly to the customer. This has also created transparency. Now, we’re seeing a sea change in terms of putting the magnifying glass on some of the traditional back-end activities.

Padgett

In particular, when we think about an intelligent enterprise, better connecting to that front-end customer is super important. But we’re also seeing real demand for connected supply chains. Part of the reason is that when you look at the statistics -- depending on the industry and geography -- about 60 to 70 percent of the value of any company is in their supply chain. It’s in the stuff that they procure, to buy materials, to ultimately produce the goods that they sell. Or it’s in procuring the services and the people to deliver the end-customer services they provide.

There is an opportunity now to link that 60 to 70 percent of the value of the company back into the intelligent enterprise. That begins to drive lots of efficiency, lots of modernization, and to gain some huge business benefits.

Gardner: As we appreciate the potential for such end-to-end visibility, it offers the opportunity to act in new ways. And it seems like becoming such an intelligent enterprise – of gaining that holistic view -- must become a core competency for companies.

How does SAP Ariba specifically help companies gain this capability?

Padgett: When we think about connected supply chains and collaboration across our different business units at the companies that we all represent, it’s super important that we think about scale. One of the things that SAP Ariba has focused on over the last couple of decades is really building scale as relates to supply chain and the supplier networks.

To give you a sense of the size, we currently have about 3.5 million suppliers transacting on the Ariba Network, and the volume that they put across that network every year is about $2.1 trillion. To put that into context, if you add up all of the global volume going through Alibaba, eBay, and Amazon combined -- it’s a little over $800 billion. And so the Ariba Network generates almost three times the business of those other three platforms combined.

When we think about the sheer volume of the events, transactions, and insights available to us now on such a network of that size, we can then combine that with cloud-based applications -- combining it also with SAP’s capabilities and their new S/4HANA core -- and you can unlock some real value.

Delivering this intelligence around context and processes -- as it relates to everything from sourcing, to managing your vendors and their contracts, and to managing risk – ultimately drives a ton of cost savings, efficiency, and transparency through to all those buyers and suppliers.

Gardner: It's a new set of attributes that companies can't refuse to take advantage of. If their competitors do it better than they do, they could lose out on the new efficiency and innovation.

Let’s step back and take a look at some of the trends that are making this a unique time for the concept of an intelligent enterprise. What makes this the opportune time for companies to place the emphasis on being more intelligent?

The third wave 

Padgett: We are in the third wave of intelligence, insomuch as I think the first wave was when everyone recognized the analogies that were used, like data is the new currency, data is the new oil, and big data. We had this unbelievable excitement around being able to unlock and gain visibility into the massive repositories of data that sit around our businesses, and around the applications that we use in our businesses.

Then we had the second wave, which was the realization that this huge amount of data -- this vast set of attributes that we had to go and gain intelligence from -- was maybe a little bit more challenging than first met the eye in terms of how we get access to it. Some of it was structured, some of it was unstructured, some of it was in one database, another was in a different database, and so we began creating data lakes and data warehouses.

Now we are in a third wave, which is that -- even recognizing that we finally have the data together in some sort of consumable format -- we really need outcomes. And so we are looking to our vendors that we use and the application suites that we use at our companies to help us to drive new outcomes.

It’s less about, “Show me all the data!” And it’s less about, “Help me, I can’t get my arms around the data!” It’s now more around, “How can we use some of these latest technologies that we keep hearing about -- artificial intelligence (AI), neural networks, machine learning (ML), blockchain -- to start to actually drive business outcomes?”

How can we use some of these latest technologies that we keep hearing about -- AI, neural networks, ML, blockchain -- to start to actually drive business outcomes?

We are getting fatigued around the actual words themselves: big data, AI, ML. And now we are driving more toward the actual business outcomes.

I liken it to any kind of new technology that comes along. We get very excited about it, but then, ultimately, we begin talking about what impact it can have for our businesses. And so, whether that was the initial wave of moving to the cloud by taking advantage of things like HTML or .NET in the early days, we talked a lot about the technology. And now that cloud transformation is fairly mature and robust, we really don’t talk about the technology beneath it anymore. Now we talk about the advantages that cloud offers our business in terms of actionable insights, real-time data, and the cost benefits.

We are now seeing that same kind of maturation cycle now as relates to the intelligent enterprise, and certainly the data that powers it.

Gardner: Allowing more people to take advantage of this intelligence in their work processes, that seems to be where SAP Ariba is headed for the procurement professionals, and for those evaluating supply chains. It brings that intelligence right into their applications, into their workflow.

What is required for enterprises to better bring group intelligence into their business processes?

Collaboration time 

Padgett: You hit the nail on the head. It’s now less about integration, and more about collaboration. Where we see our customers collaborating across their businesses. It drives real benefits across their organizations. That’s certainly system-to-system, so both with other SAP assets as well as non-SAP assets, in a heterogeneous environment.

But it also means engaging the various business units and organizations. We are seeing a lot of companies move procurement and the chief procurement officer (CPO) to become much more of the hub of broad collaboration.

We like to say that our CPOs are now becoming our chief collaboration officers, because with the transformation we see across supply chains and procurement, we gain the opportunity to bring every component of our business together and begin to have a dialogue around where we can drive new value.

Whether that’s in the marketing team, or the sales team, or the operations team, or whatever it happens to be -- we end up procuring a lot of goods and services and adhering whatever it is that we’re procuring to the outcomes we are looking to drive. That can be customer adoption and retention, or innovation, or whatever core mission that we have at our company. It could be around purpose and ethical supply chains and business practices. It really all comes back to this central hub of how we are spending our money, who are we spending it with, and how can we leverage it better to do even more with it.

Gardner: In order to empower that CPO to become more the collaboration officer, an avalanche of data isn’t going to do it. Out-of-context intelligence isn’t going to do it.

What is it that SAP Ariba uniquely brings that allows for a contextual injection, if you will, of the right intelligence at the right time that empowers these people, but does not overwhelm them?

Deep transparency

Padgett: First and foremost, its transparency. There is a very good chance that a lot of our prospects -- and certainly a lot of your listeners -- won’t be able to put their finger on exactly what they spend, who they spend it with, and whether it's aligned to what outcomes they are trying to drive at.

Some of that is a first-line defense of, “Let's actually look at our suppliers. Are we completely and fully automated with those suppliers so that we can transact with them electronically and cut out a lot of the manual process and some of the errors and redundancy that exists at our organizations?” There are some cost savings there. For sure, there is some risk management.

And then, when we go a step deeper, it’s, “How do we make sure that the suppliers that we are doing business with are who they say they are? Do they support the kinds of attributes and characteristics that we want within our suppliers?”

Then we can go deeper, looking at the suppliers of those suppliers. As we go two, three, four, five rungs deep into the supply chain, we can make sure that we are marrying, if you like, the money that we are spending with the outcomes we are trying to drive at for our companies.

For the buy side and the supply side, SAP Ariba makes sure they get transparency into everything. Then they can take risk out of their businesses and link spend to core mission and purpose.

That’s what the Ariba does, not only on the supply side -- to make it easy for suppliers to do business with their customers -- but also for our buy-side customers, the procurement customers, to make sure that they are getting transparency into everything. And that extends from their contracts, to making sure that they are administering and managing those contracts effectively, to also ensuring that they performance-manage those suppliers. They are then able to take risk out of their businesses, and ultimately link the dollars or the Euros they spend as a company with the core mission and purpose that they have.

Those missions can be ensuring that they have the right kinds of environmental sustainability and impact or looking to drive forced labor and slave labor out of their supply chains. Or they simply could be trying to ensure a diverse supplier base, including empowering minority and female-owned businesses or LGBT businesses. There's really an opportunity there, but it all comes back to that very first point I made around first creating the transparency. Then you can go unleash the opportunities and innovation that you seek, once you have the transparency.

Gardner: Let's go to some examples or use cases as we define the outcomes that are possible when you combine these cultural changes, attributes, the powerful tools and insights from an organization like SAP Ariba.

I recently saw some information about a digital manufacturing capability, using both the Ariba Network as well as SAP services. Is this a good example of bringing more intelligence and showing collaboration across an entire manufacturing ecosystem?

Share creativity, innovation 

Padgett: One of the best manufacturing networks out there is the SAP Manufacturing Network. It’s connected to the Ariba Network. There are about 30,000 discrete suppliers connected to that network, specifically focused on manufacturing. And again, when you open up this kind of collaborative community on a network, we can start to do really neat things.

Let’s say you’re trying to create a new product, or you want a new part manufactured. With this kind of collaborative network, you can throw up a 3-D drawing, collaborate in real-time with whatever subset of those 30,000 discrete suppliers you want, and start to drive innovations that you wouldn’t have been able to do on your own.

It’s about how to harness the creative genius that exists outside of the four walls of your business when you are embarking on new projects. It means having a network available to you that operates in real-time to change the paradigm and the way you think about innovation at your company.

You can find vendors very quickly. You get to manage those vendors in completely new ways. You can collaborate in real-time, which allows you to do more in less time. It provides an edge in terms of when you think about competitive differentiation. This is no longer, “How do we make our back-end more efficient?” It’s more about how to drive competitive differentiation across an industry, to be agile, and to do things -- particularly in the manufacturing network -- that you haven’t been able to do before. That means such things as linking the operations centers on a factory floor to the supply chain in real-time, as well as to your warehouses, across the globe.

There are a lot of really great examples in all industries, but manufacturing has some particular opportunities given that we are making such a quantum leap from how we used to do things. It’s a new paradigm, an intelligent enterprise.

Gardner: Manufacturing capabilities and efficiencies also shine light on why having a mission-critical network is important. Because you are dealing with intellectual property -- such as designs of new products and sharing of secrets -- if you don’t do that in a secure way, with compliance built-in, then you could certainly run into trouble.

Why is having this in the right network – one built for compliance and security -- so important?

Mission-critical manufacturing

Padgett: Yes, you mentioned the idea of mission critical. A lot of what we think of traditionally as back-of-the-house process around procurement may have been looked at as business critical.

But we need it to think about them, too, as mission critical. We need to think differently because of things like manufacturing networks, using the intelligence available to us via the Internet of things (IoT) on our factory floors, and when there is an urgent requirement for parts when there is a failure. We need to be ready when it happens or about to happen.

We need to link immediately in real-time to our supply chains, our suppliers, and our warehouses around the world. We can now keep those machines up and running much more efficiently without downtime, which drives competitive differentiation and top-line revenue growth for the company. This is a really good example of the difference between business critical and mission critical.

Gardner: How does the intelligent enterprise help engender a richer ecosystem of partners and alliances? How do third-parties now become an accelerant or a force-multiplier to how businesses react in their markets?

Padgett: The whole paradigm around a network fundamentally has a requirement that all the parties are participating. There has to be value for all parties, otherwise it falls apart and it doesn’t work. If it’s too heavily buy-side focused, you don’t have suppliers there. If it’s too heavily supply-side then you don’t attract the buyers. So it’s like a flywheel -- and all aspects have to be in balance, meaning that everybody is winning.

You are a better supplier by being able to work with your buyers and get fundamentally more visibility and transparency into their planning and buy cycles. Ultimately you can anticipate the demand your customers will have.

When you look at the intelligent enterprise, it has to extend to both sellers as well as buyers. The cool thing is that in these networks, sellers can use the same technologies. They get to analyze data from millions of sources, they get a 360-degree-view of buyers, and of their health. They get to get embedded into their demand chains, and not just the supply chain.

You are a far better supplier by being able to work with your buyers and get fundamentally more visibility and transparency into their planning and buy cycles, and ultimately be able to anticipate in real-time the kinds of demand your customer is having or will have.

This allows you to plan and ensure that you can meet their requirements, and hopefully exceed them. And that’s new. That’s not the kind of collaboration that existed in the past. This is an evenly weighted, balanced scorecard in terms of making sure buyers and sellers all see value and a reason to participate.

Other examples would be a seller quickly and easily getting simple information like a change-in-payment status, updates on a decline in sales, changes in leadership, pricing fluctuations around commodities or supply, and being able to look at those in real-time and cross-reference them. They can analyze that, not only with things they’ve done in the past, but also what’s happening in the marketplace overall.

There is a lot of value here. Being able to tap into these opportunities is super important. So, suppliers should also want to participate. Would they see this as a tax, or just something else that we are asking suppliers to do in order to get more business?

The 3.5 million suppliers active on the Ariba Network see the opportunity for new business and for discovery. They join these networks because it’s not only an opportunity to service their existing customers in a better and more modern way, but because there’s an opportunity to attract new customers.

It speaks to collaboration and it speaks to the discovery process available to buyers so they source a really diverse and rich set of suppliers for their community.

Gardner: As procurement professionals elevate themselves to a more strategic level and add value via collaboration and intelligence, they are clearly less of a cost center. Are we at a pivot point where the notion of procurement as a cost center needs to be reevaluated?

Profitable procurement goals

Padgett: That’s certainly the ambition, the goal, and the aspiration. The best business case an organization has for driving savings within their organization is through the procurement business case.

We’re finding that a ton of the digital transformation projects happening right now around the world are led via a procurement project. You start with modernizing and creating intelligence in your supply chain and in your procurement processes. The savings that come out of those projects, which are materially in the 4 to 8 percent of what a company spends in total, forms the driving force that then helps fund the rest of the digital transformation.

Certainly there is an opportunity for the CPO between being a cost and value center. But the thing that gets this off the ground and funded is the fact that there are a ton of efficiency and process opportunities in cost savings that exist within procurement. That’s kind of table stakes, and the blocking and tackling of getting started.

But once you get started, your observation is right on. Once we’ve saved a huge amount money and optimized the process and transparency in our businesses, we can extend that and create more value and differentiation for our organizations on the basis that we now have a ton of new tools and transparency available to us.

Gardner: There is still more to come, of course, in terms of what new technologies can provide. What should people be thinking about in terms of products that will soon enable this intelligence to become more practical?

Insightful intelligence evaluates risk

Padgett: We recently launched products like the Ariba Supplier Risk capability, which allows our customers to go in and evaluate their supply chain and look for areas where they have risk or exposure. That can use our data, the customer’s data, or third parties connected to the Ariba Network, such as Verisk Maplecroft or EcoVadis.

They basically deliver insights into environmental and sustainability risk factors. Another third-party connected to the network is Made in a Free World, and they score and detect forced labor in your supply chains. There are really interesting opportunities in terms of managing risk.

Then there are more meat-and-potatoes kinds of opportunities. We’re partnering with IBM and utilizing their Watson capabilities as well as the SAP Leonardo intelligence suite to do things like drive smarter contracts and build out more powerful intelligence capabilities within the ecosystem.

We're partnering with IBM and using Watson as well as SAP Leonardo to do things like drive smarter contracts and build more powerful intelligence into the ecosystem.

That could be simple things like making sure we don’t have duplicate payments across our businesses or looking at the hundreds or potentially thousands of contracts that we manage in our organizations and ensure that we apply intelligence so we’re being notified proactively if there are risk factors. Maybe there is an exchange-rate clause, for example, in some of the contracts that we manage; whether some action that’s required or a threshold that activates a different clause in our contract.

We can’t expect across the thousands of contracts that we manage for a contract manager to remember all of those. And since they’re all usually in different formats and archived in different locations, we can use intelligence to drive efficiency, manage risk, and ultimately contribute to the bottom-line, which helps us to then reinvest those bottom-line savings into some top-line initiatives.

Listen to the podcast. Find it on iTunes. Get the mobile app. Read a full transcript or  download a copy. Sponsor: SAP Ariba.

You may also be interested in:

• GDPR forces rekindling of people-centric approach to marketing and business
• Balancing costs with conscience--How new tools help any business build ethical and sustainable supply chains
• Envisioning procurement technology and techniques in 2025: The future looks bright
• Bridging the educational divide - How business networks level the playing field for those most in need
• Diversity spend: When doing good leads to doing well
• SAP Ariba and MercadoLibre to consumerize business commerce in Latin America
• How SAP Ariba became a first-mover as Blockchain comes to B2B procurement 
• Awesome Procurement —Survey shows how business networks fuel innovation and business transformation

How one MSP picked Bitdefender’s layered security approach for cloud-to-client protection

Solving security concerns has risen to the top of the requirements list for just about everyone, yet service providers in particular have had to step up their game.

Just as cloud models and outsourcing of more data center functions have become more popular, the security needs, too, across cloud models have grown even more fast-paced and pressing.

And as small- to medium-sized businesses (SMBs) have turned to such managed service providers (MSPs) to be in effect their IT departments, they are also seeking those MSPs to serve as their best defenses against myriad and changing security risks.

The latest BriefingsDirect security insights discussion examines how MSPs in particular are building better security postures for their networks, data centers, and clients' operations.

Listen to the podcast. Find it on iTunes. Get the mobile app. Read a full transcript or download a copy.

Here to discuss the role of the latest security technology in making MSPs more like security services providers are Brian Luckey, Director of Managed Services, and Jeremy Wiginton, Applications Administrator, both at All Covered, IT Services from Konica Minolta, in Ramsey, New Jersey. The discussion is moderated by Dana Gardner, Principal Analyst at Interarbor Solutions.

Here are some excerpts:

Gardner: What are some of the trends that have been driving the need for MSPs like yourselves to provide even more and better security solutions? 

Luckey: As MSPs, we are expected, especially for SMBs, to cover the entire gamut when it comes to managing or overseeing an organization’s IT function. And with IT functions come those security services.

It’s just an expectation at this point when you are managing the IT services for our clients. They are also expecting that we are overseeing the security part of that function as well.

Gardner: How has this changed from three to five years ago? What has changed that makes you more of a security services provider?

Luckey

Luckey: A major driver has been the awareness of needing heightened security. So all of the news, the different security breach events -- especially over the last 12 months, let alone the last couple of years -- with WannaCry and Petya.

Now, not only companies but the owners and executives are more in tune with the risks. This has sparked more interest in making sure that they are protected and feel like they are protected. This has all definitely increased the need for MPSs to provide these IT services.

Gardner: As we have had more awareness, more concerns, and more publicity, then the expectations are higher.

Jeremy, what are some of the technical advances that you feel are most responsible for allowing you as an MSP to react better to these risks?

Wiginton: The capability for the fast analytics, the fast reporting, and the fast responses that we can get out of the products and solutions that we use helps tremendously in making sure that our clients are well-protected and that security -- any security issues that might pop up -- are mitigated very, very quickly.

Gardner: The role of compliance requirements has also risen. Are your clients also seeking more security and privacy control around such things as the Health Insurance Portability and Accountability Act (HIPAA) or Payment Card Industry Data Security Standard (PCI DSS) and nowadays the General Data Protection Regulation (GDPR)?

Tools and regulations

Luckey: Oh, absolutely. We provide IT services to a variety of different industries like the financial industry, insurance, and health care. In those industries, they have high regulations and compliance needs, which are growing more and more. But there are also companies that might not fall into those typical industries yet have compliance needs, too -- like PCI and GDPR, as you mentioned.

Gardner: As Jeremy mentioned, speed is critical here. What’s been a challenge for organizations like yours to react to some of these issues -- be it security or compliance?

Luckey: That’s a great question. There are a couple of things. One is technology; having the right technology that fits not only our business needs, but also our clients' needs. That’s a huge impact for us -- being able to provide the right service and the right fit.

But also integration points are important. Disparate systems that don’t integrate well or work well together can be a difficulty for us to service our clients inappropriately. If we have internal chaos, how can we provide a great service to our clients?

The proper progression and adoption of services and solutions is also key. We are in a technological world, for sure, and as technology progresses it only gets better, faster, cheaper, and smarter. We need to be able to use those solutions and then pass along the benefits to our clients.

Gardner: Jeremy, we have been speaking generally about data center services, IT services, but what about the applications themselves? Is there something specific to applications hosting that helps you react more quickly when it comes to security?

Quick reactions

Wiginton: Most assuredly. A lot of things have been getting bloated. And when things get bloated, they get slowed down, and clients don’t want them on their machines -- regardless of how it impacts their security.

So being able to deliver a modern security product that is lightweight, and so fast that the clients don’t even notice it, is essential. These solutions have come a long way compared to when you were constantly doing multiple things just to keep the client happy and having to compromise things that you may not have wanted to compromise.

Gardner: It wasn't that long ago that we had to make some tough trade-offs between getting security, but without degrading the performance. How far do you think we have come on that? Is that something that's essentially solved nowadays?

Being able to deliver a modern security product that is lightweight, and so fast that the clients don't even notice it, is essential. These solutions have come a long way.

Wiginton: For the most part, yes. We have a comprehensive solution, where one product is doing the job of many, and the clients still don't notice.

Gardner: Tell us more, Brian, about All Covered. You have 1,200 employees and have been doing this since 1997. What makes you differentiated in the MSP market?

Longevity makes a difference 

Luckey: We have been around a long time. I think our partnership and acquisition by Konica Minolta many years ago has definitely been a huge differentiator for us. Being focused on the office workplace of the future and being able to have multiple different technologies that serve an organization’s needs is definitely critical for us and the differentiating factor.

We have been providing computing and networking services, and fulfilling different application needs across multiple vertical industries for a long time, so it makes us one of the major MSP and IT players.

Gardner: But, of course Konica Minolta is a global company. So you have sister properties, if you will, around the globe?

Luckey: That is correct, yes.

Gardner: Let's find out what you did to solve your security and performance issues and take advantage of the latest technology.

Luckey: We set out to find a new endpoint security vendor that would meet the high demands of not only our clients, but also our internal needs as well to service those clients appropriately.

We looked at more than a dozen different solutions covering the endpoint security marketplace. Over about six months we narrowed it down to the final three and began initial testing and discussions around what these three endpoint security vendors would do for us and what the success factors would look like as we tested them.

We eventually choose Bitdefender Cloud Security for MSPs.

Gardner: As an MSP, you are concerned not only with passing along great security services, but you have to operate on a margin basis, and take into consideration how to cut your total cost over time. Was there anything about the Bitdefender approach that's allowed you to reduce man hours or incidents? What has been impactful from an economic standpoint, not just a security posture standpoint?

A streamlined security solution 

Luckey: Bitdefender definitely helped us with that. Our original endpoint security solution involved three different solutions, including an anti-malware solution. And so just being able to condense those into one -- but still providing the best protection that we could find -- was important to us. That’s what we found with Bitdefender. That definitely saved us some costs from the reduction of overall number of solutions.

But we did recognize other things in choosing Bitdefender, like the reduction of incidents; I think we reduced them by about 70 percent. That translated into a reduction of people and manpower needed to address issues. That, too, was a big win for us. And having such a wide diversity of clients -- and also a large endpoint base -- those were big wins for us when it came down to choosing Bitdefender.

Gardner: Jeremy, we’re talking about endpoint security, and so that means the movement of software. It means delivery of patches and updates. It means management of those processes. What was it about Bitdefender along the logistical elements of getting and keeping the security in place.

Bitdefender definitely helped us. It saved us costs due to the reduction of the overall number of solutions. We had a reduction of incidents, a 70 percent reduction.

Wiginton: Having everything managed, a single pane of glass interface for the endpoint security side, that has saved a ton of time. We are not having to go look in three different places. We are not having to deal with some of our automated things that are going on. We are not having to deal with two or three different APIs to try and get the same information or to try and populate the same information.

We have one consistent product to work with, a product that, as Brian said, has cut down on the number of things that come across our desks by at least 70 percent. The incidents still occur, but they are getting resolved faster and on a more automated basis with Bitdefender than they were in the past with our other products.

Gardner: Brian, where you are in your journey of this adoption? Are you well into production?

Luckey: We are well into the journey. We chose Bitdefender in mid-2016, and we were deployed in January 2017. It's been about a year-and-a-half now, and still growing.

We have grown our endpoints by about 30 percent from the time that we originally went live. Our business is growing, and Bitdefender is growing with us. We have continued to have success and we feel like we have very good protection for our clients when it comes to endpoint security.

Gardner: And now that you have had that opportunity to really evaluate and measure this in business terms, what about things like help desk, remote patch management, reporting? Are these things that have changed your culture and your business around security?

Reporting reaps rewards

Luckey: Yes, absolutely. We have been able to reduce our incidents, and that’s obviously been a positive reflection on the service desk and help desk on taking calls and those type of issues.

For patching, we have a low patch remediation rate, which is great. I’m sure that Bitdefender has been a strong reflection on that.

And for reporting, it's big for us. Not only do we have more in-depth and detailed reporting for our clients, but we also have the capability to give access to our clients to manage their own endpoints, as well as to gain reports on their own endpoints.

Gardner: You’re able to provide a hybrid approach, let them customize -- slice and dice it the way they want for those larger enterprise clients. Tell us how Bitdefender has helped you to be a total solution provider to your SMB clients?

Luckey: Endpoint security has become a commodity business. It’s one of those things you just have to do. It’s like a standard requirement. And not having to worry about our standard offerings, like endpoint security -- we just know it works, we know how it works, we are very comfortable on how it works, and we know it inside and out. All of that makes life easier for us to focus on the other things, such as the non-commodity businesses or the more advanced items like security information management (SIM) and manage unified threat management (UTM).

Gardner: What now can you do now with such value-added services that you could not do before?

Luckey: We can focus more on providing the advanced types of services. For example, we recently acquired a [managed security services and compliance consulting] company, VioPoint, that focuses solely on security offerings. Being able to focus on those is definitely key for us.

Gardner: Jeremy, looking at this through the applications lens again, what do you see as the new level of value-added services that you can provide?

Fewer fires to extinguish 

Wiginton: We are bringing in and evaluating Bitdefender technologies such as Full Disk Encryption. It has been a nice little product. I have done some testing with it, they let me in on their beta of it, which was really nice. It’s really easy to use.

Also, [with Bitdefender], because there's a lot less remediation needed on security incidents, we have seen a great drop in things like ransomware. As a result, I am able to focus more on making sure that our clients are well protected and making sure that the applications are working as intended -- as opposed to having to put out a fire because the old solution let something in that it shouldn’t have.

Gardner: It’s been great to talk about this in the abstract, but it's very powerful too if we can get more concrete examples.

Do you have any use cases for your MSP endpoint security and management capabilities that you can point to?

When we rolled out Bitdefender to replace older security systems for a client, their business stopped. Malware was newly discovered. The previous solutions did not catch that.

Luckey: The one that comes to mind, and always sticks with me, is a legal client of ours. When we rolled out Bitdefender to replace the older security solutions they had, their business stopped. And the reason their business stopped is there was malware being detected, and we couldn’t find out where it was coming from.

After additional research, we found that their main application to manage their clients and to manage billing -- basically to run their business -- the executable file that they would take and copy and actually install that application on every desktop, that had malware in it.

The previous solutions didn’t catch that. Every time they were deploying this application to new users, or if they had to redeploy it, they were putting malware on every machine, every time. We weren't able to detect it until we had Bitdefender deployed. Once Bitdefender detected it, it stopped the business, which is not good. The better part was that we were able to detect the malware that was being spread across the different machines.

That’s one example that I always remember because that was a big deal, obviously by stopping the business. But the most important part was that we were able to detect malware and protect that company better than they had been protected before.

Gardner: The worst kind of problem is not knowing what you don’t know.

Luckey: Exactly! Another example is a large client that has many remote offices for its dental services, all across the US. Some offices had spotty Internet access, so deploying Bitdefender was challenging until we used Bitdefender Relay. And Relay allowed us to deploy it once to the company and then deploy most of the devices with one deployment, instead of having to deploy one agent at a time.

And so that was a big benefit that we didn’t have in the past. Being able to deploy it once and then have all the other machines utilize that Relay for the deployments made it a lot easier and a lot faster due to the low bandwidth that was available in those locations.

Wiginton: We had a similar issue at a company where they would not allow their servers to have any Internet access whatsoever. We were able to set up a desktop as the Relay and get the servers connected to the Relay on the desktop to be able to make sure that their security software was up-to-date and checking in. It was still able to do what it was supposed to, as opposed to just sitting there and then alerting whenever its definitions became out of date because it didn't have Internet access.

Gardner: Let’s look to the future and what comes next. We have heard a lot about encryption, as you mentioned, Jeremy. There's also a of research and development being done into things like machine learning (ML) to help reduce the time to remediation and allow the security technology to become more prescriptive, to head things off before they become a problem.

Brian, what are you looking for next when it comes to what suppliers like Bitdefender can do to help you do your job?

Future flexibility and functionality 

Luckey: We have already begun testing some of the newer functionality being released to the Bitdfender MSP Cloud Security suite this month. We are looking into the advanced security and ML features, and some new functionality they are releasing. That’s definitely our next approach when it comes to the next generation of the Bitdefender agent and console.

And in addition to that, outside of Bitdefender, we are also expanding the services from our new security acquisition, VioPoint, and consolidating those to provide best-in-class security offerings to our clients.

Gardner: Jeremy, what entices you about what's coming down the pike when it comes to helping to do your job better?

Wiginton: I’m really looking forward to Bitdefender’s Cloud, which allows us a lot more flexibility because we are not having to allocate our own internal resources to try and do the analytics. So their Sandbox Analyzer and things that are coming soon really do interest me a lot. I am hoping that that will further chop down the number of security incidents that come across our desk.

Gardner: What would you suggest in hindsight, now that you have made a big transition from multiple security providers to more of a consolidated comprehensive approach? What have you learned that you could share with others who are maybe not quite as far along in the journey as you?

Testing, testing

Luckey: Number one is testing. We did a pretty good job of testing. We took a three-pronged approach of internal, external, and then semi-internal, so our help desk folks. Make sure that you have a comprehensive test plan to test out how many bad guys are being protected, what kind of malware is being blocked, and the functionality. That's the big one … test, test, and test some more.

Choosing the right partner and the right vendor, if you will, is key. I believe in having partners instead of just vendors; vendors just supply products, but partners work together to be successful.

It’s kind of like dating, date the right partner until you find the right one -- and Bitdefender has definitely been a great partner for us.

It's kind of like dating. Date the partners until you find the right one -- and Bitdefender has definitely been a great partner for us. Once we knew what we wanted, the rest fell into place.

Otherwise, have your requirements set up for what success looks like, those are all important. But the testing -- and making sure you find the right partner – those were key for us. Once we knew what we wanted, the rest of it fell into place.

Gardner: Jeremy, from your perspective, what advice could you give others who are just starting out?

Wiginton: Make sure that you are as thorough as possible in your testing, and get it done sooner rather later. The longer you wait, the more advanced threats are going to be out there and the less likely you are going to catch them on an older solution. Do your homework and you have to be on the ball with it.

Listen to the podcast. Find it on iTunes. Get the mobile app. Read a full transcript or download a copy. Sponsor: Bitdefender.

You may also be interested in:

• How a large Missouri medical center developed an agile healthcare infrastructure security strategy
• Kansas Development Finance Authority gains peace of mind, end-points virtual shield using Hypervisor-level security
• How IT innovators turn digital disruption into a business productivity force multiplier
• How a Florida school district tames the Wild West of education security at scale and on budget
• The next line of defense—How new security leverages virtualization to counter sophisticated threats
• Cybersecurity standards: The Open Group explores security and safer supply chains
• How the Citrix Technology Professional Program Produces User Experience Benefits from Greater Ecosystem Collaboration
• DevOps and Security, a Match Made in Heaven