Friday, April 21, 2017

SAP Ariba a First-Mover as Blockchain Comes to B2B Procurement

Transcript of a discussion on the major opportunity from bringing Blockchain technology to business-to-business procurement and supply chain management.

Listen to the podcast. Find it on iTunes. Get the mobile app. Download the transcript. Sponsor: SAP Ariba.

Dana Gardner: Hello, and welcome to a special BriefingsDirect podcast, coming to you from the 2017 SAP Ariba LIVE conference in Las Vegas.

I’m Dana Gardner, Principal Analyst at Interarbor Solutions, your host the week of March 20 as we explore the latest in collaborative commerce and learn how innovative companies are leveraging the networked economy.

Our next digital business thought leadership panel discussion examines the major opportunity from bringing Blockchain technology to business-to-business (B2B) procurement and supply chain management. We will explore how Blockchain’s unique capabilities can provide comprehensive visibility across global supply chains and drive simpler verification of authenticity, security, and ultimately control.

Fox
To learn more about how Blockchain is poised to impact and improve supply chain risk and management, please join our guests, Joe Fox, Senior Vice President for Business Development and Strategy at SAP Ariba. Welcome back, Joe.

Joe Fox: Thanks, Dana. It's good to be here.

Gardner: We’re also joined by Leanne Kemp, Founder and CEO of Everledger, based in London. Welcome, Leanne.

Kemp
Leanne Kemp: Thank you, great to be here.

Gardner: Joe, Blockchain has emerged as a network methodology, running crypto currency Bitcoin, as most people are aware of it. It's a digitally shared record of transactions maintained by a network of computers, not necessarily with centralized authority. What could this be used for powerfully when it comes to gaining supply chain integrity?

Fox: Blockchain did start in the Bitcoin area, as peer-to-peer consumer functionality. But a lot of the capabilities of Blockchain have been recognized as important for new areas of innovation in the enterprise software space.

Those areas of innovation are around “trusted commerce.” Trusted commerce allows buyers and sellers, and third parties, to gain more visibility into asset-tracking. Not just asset tracking in the context of the buyer receiving and the seller shipping -- but in the context of where is the good in transit? What do I need to do to protect that good? What is the transfer of funds associated with that important asset? There are even areas of other applications, such as an insurance aspect or some kind of ownership-proof.

Gardner: It sounds to me like we are adding lot of metadata to a business process. What's different when you apply that through Blockchain than if you were doing it through a platform?

Inherit the trust

Fox: That's a great question. Blockchain is like the cloud from the perspective of it’s an innovation at the platform layer. But the chain is only as valuable as the external trust that it inherits. That external trust that it inherits is the proof of what you have put on the chain digitally. And that includes that proof of who has taken it off and in what way they have control.

As we associate a chain transaction, or a posting to the ledger with its original transactions within the SAP Ariba Network, we are actually adding a lot of prominence to that single Blockchain record. That's the real key, marrying the transactional world and the B2B world with this new trusted commerce capability that comes with Blockchain.

Gardner: Leanne, we have you here as a prime example of where Blockchain is being used outside of its original adoption. Tell us first about Everledger, and then what it was you saw in Blockchain that made you think it was applicable to a much wider businesscapability.

Kemp: Everledger is a fast-moving startup using the best of emerging technology to assist in the reduction of risk and fraud. We began in April of 2015, so it's actually our birthday this week. We started in the world of diamonds where we apply blockchain technology to bring transparency to a once opaque market.

And what did I see in the technology? At the very core of cryptocurrency, they were solving the problem of double-spend. They were solving the problem of transfer of value, and we could translate those very two powerful concepts into the diamond industry.

At the heart of the diamond industry, beyond the physical object itself, is certification, and certificates in the diamond industry are the currency of trade. Diamonds are cited on web sites around the world, and they are mostly sold off the merit of the certification. We were able to see the potential of the cryptocurrency, but we could decouple the currency from the ledger and we were able to then use the synthesis of the currency as a way to transfer value, or transfer ownership or custody. And, of course, diamonds are a girl's best friend, so we might as well start there.

Dealing with diamonds

Gardner: What was the problem in the diamond industry that you were solving? What was not possible that now is?

Kemp: The diamond industry boasts some pretty impressive numbers. First, it's been around for 130 years. Most of the relationships among buyers and sellers have survived generation upon generation based on a gentleman's handshake and trust.

The industry itself has been bound tightly with those relationships. As time has passed and generations have passed, what we are starting to see is a glacial melt. Some of the major players have sold off entities into other regions, and now that gentleman's handshake needs to be transposed into an electronic form.

Some of the major players in the market, of course, still reside today. But most of the data under their control sits in a siloed environment. Even the machines that are on the pipeline that help provide identity to the physical object are also black-boxed in terms of data.

We are able to bring a business network to an existing market. It's global. Some 81 countries around the world trade in rough diamonds. And, of course, the value of the diamonds increases as they pass through their evolutionary chain. We are able to bring an aggregated set of data. Not only that, we transpose the human element of trust -- the gentleman's handshake, the chit of paper and the promise to pay that's largely existed and has built has built 130 years of trade.

We are now able to transpose that into a set of electronic-form technologies -- 
Blockchain, smart contracts, cryptography, machine vision -- and we are able to take forward a technology platform that will see transactional trust being embedded well beyond my lifetime -- for generations to come.

Gardner: Joe, we have just heard how this is a problem-solution value in the diamond industry. But SAP Ariba has its eyes on many industries. What is it about the way things are done now in general business that isn't good enough but that Blockchain can help improve?

Fox: As we have spent years at Ariba solving procurement problems, we identified some of the toughest. When I saw Everledger, it occurred to me that they may have cracked the nut on one of the toughest areas of B2B trade -- and that is true understanding, visibility, and control of asset movement.

It dawned on me, too, that if you can track and trace diamonds, you can track and trace anything. I really felt like we could team up with this young company and leverage the unique way they figured out how to track and trace diamonds and apply that across a huge procurement problem. And that is, how do a supplier and a buyer manage the movement of any asset after they have purchased it? How do we actually associate that movement of the asset back to its original transactions that approved the commit-to-pay? How do you associate a digital purchase order (PO) with a digital movement of the asset, and then to the actual physical asset? That's what we really are teaming up to do.

That receipt of the asset has been a dark space in the B2B world for a long time. Sure, you can get a shipping notice, but most businesses don't do goods receipts. And as the asset flows through the supply chain -- especially the more expensive the item is -- that lack of visibility and control causes significant problems. Maybe the most important one is: overpaying for inventory to cover actual lost supply chain items in transit.

I talked to a really large UK-based telecom company and they told me that what we are going to do with Everledger, with just their fiber optics, they could cut their buying in half. Why? Because they overbuy their fiber optics to make sure they are never short on fiber optic inventory.

That precision of buying and delivery applies across the board to all merchants and all supply chains, even middle of the supply chain manufacturers. Whenever you have disruption to your inbound supply, that’s going to disrupt your profitability.

Gardner: It sounds as if what we are really doing here is getting a highly capable means -- that’s highly extensible -- to remove the margin of error from the tracking of goods, from cradle to grave.

Chain transactions

Fox: That’s exactly right. And the Internet is the enabler, because Blockchain is everywhere. Now, as the asset moves, you have the really cool stuff that Everledger has done, and other things we are going to do together – and that’s going to allow anybody from anywhere to post to the chain the asset receipt and asset movement.

For example, with a large container coming from overseas, you will have the chain record of every place that container has been. If it doesn't show up at a dock, you now have visibility as the buyer that there is a supply chain disruption. That chain being out on the Internet, at a layer that’s accessible by everyone, is one of the keys to this technology.

We are going to be focusing on connecting the fabric of the chain together with Hyperledger. Everledger builds on the Hyperledger platform. The fabric that we are going to tie into is going to directly connect those block posts back to the original transactions, like the purchase order, the invoice, the ship notice. Then the companies can see not only where their asset is, but also view it in context of the transactions that resulted in the shipment.

Gardner: So the old adage -- trust but verify -- we can now put that to work and truly verify. There's newstaking place here at SAP Ariba LIVE between Everledger and SAP Ariba. Tell us about that, and how the two companies -- one quite small, one very large -- are going to work together.

Fox: Ariba is all-in on transforming the procurement industry, the procurement space, the processes of procurement for our customers, buyers and sellers, and we are going to partner heavily with key players like Everledger.

Part of the announcement is this partnership with Everledger around track and trace, but it is not limited to track and trace. We will leverage what they have learned across our platform of $1 trillion a year in spend, with 2.5 million companies trading assets with each other. We are going to apply this partnership to many other capabilities within that.

Kemp: I am very excited. It’s a moment in time that I think I will remember for years to come. In March we also made an importantannouncement with IBM on some of the work that we have done beyond identifying objects. And that is to take the next step around ensuring that we have an ethical trade platform, meaning one that is grounded in cognitive compliance.

We will be able to identify the asset, but also know, for example in the diamond industry, that a diamond has passed through the right channels, paid the dutiful taxes that are due as a part of an international trade platform, and ensure all compliance is hardened within the chain.

I am hugely excited about the opportunity that sits before me. I am sincerely grateful that such a young company has been afforded the opportunity to really show how we are going to shine.
If you think about it, Blockchain is an evolution of the Internet.

Gardner: When it comes to open trade, removing friction from commerce, these have been goals for hundreds of years. But we really seem to be onto something that can make this highly scalable, very rich -- almost an unlimited amount of data applied to any asset, connected to a ledger that’s a fluid, movable, yet tangible resource.

Fox: That’s right.

Gardner: So where do we go next, Joe? If the sky is the limit, describe the sky for me? How big is this, and where can you take it beyond individual industries? It sounds like there is more potential here.

Reduced friction costs

Fox: There is a lot of potential. If you think about it, Blockchain is an evolution of the Internet; we are going to be able to take advantage of that.

The new evolution is that it's a structured capability across the Internet itself. It’s going to be open, and it’s going to be able to allow companies to ledger their interactions with each other. They are going to be able, in an immutable way, to track who owns which asset, where the assets are, and be able to then use that as an audit capability.

That's all very important to businesses, and until now the Internet itself has not really had a structure for business. It's been open, the Wild West. This structure for business is going to help with what I call trusted commerce because in the end businesses establish relationships because they want to do business with each other, not based on what technology they have.

Another key fact about Blockchain is that it’s going to reduce friction in global B2B. I always like to say if you just accelerated B2B payments by a few days globally, you would open up Gross Domestic Product (GDP), and economies would start growing dramatically. This friction around assets has a direct tie to how slowly money moves around the globe, and the overall cost and friction from that.

So how big could it go? Well, I think that we are going to innovate together with Everledger and other partners using the Hyperledger framework. We are going to add every buyer and seller on the Ariba Network onto the chain. They are just going to get it as part of our platform.

Then we are going to begin ledgering all the transactions that they think make sense between themselves. We are going to release a couple of key functions, such as smart contracts, so their contract business rules can be applicable in the flow of commerce -- at the time commerce is happening, not locked up in some contract, or in some drawer or Portable Document Format (PDF) file. We are going to start with those things.

I don't know what applications we are going to build beyond that, but that's the excitement of it. I think the fact that we don't know is the big play.

Gardner: From a business person’s perspective, they don’t probably care too much that it’s Blockchain that’s enabling this, just like a lot of people didn't care 20 years ago that it was the Internet that was allowing them to shop online or send emails to anybody anywhere. What is it that we would tease out of this, rather than what the technology is, what's the business benefit that people should be thinking about?

Fox: Everybody wants digital trust, right? Leanne, why don’t you share some of the things you guys have been exploring?

Making the opaque transparent

Kemp: In the diamond industry, there is fraud related to document tampering. Typically paper certificates exist across the backbone, so it’s very easy to be able to transpose those into a PDF and make appropriate changes for self-gain.

Double-financing of the pipeline is a very real problem; invoicing, of course accounts receivable, they have the ability to have banks finance those invoices two, three, four times.

We have issues with round-tripping of diamonds through countries, where transfer pricing isn't declared correctly, along with the avoidance of tax and duties.

All of these issues are the dark side of the market. But, now we have the ability to bring transparency around any object, particularly in diamonds -- the one commodity that’s yet to have true financial products wrapped around it. Now, what do I mean by that? It doesn’t have a futures market yet. It doesn’t have exchange traded funds (ETFs), but the performance of diamonds has outperformed gold, platinum and palladium.
This platform shift is like going from the 
World Wide Web to the 
World Wide Ledger.

Now, what does this mean? It means we can bring transparency to the once opaque, have the ability to know if an object has gone through an ethical chain, and then realize the true value of that asset. This process allows us to start and think about how new financial products can be formed around these assets.

We are hugely interested in rising asset classes beyond just the commodity section of the market. This platform shift is like going from the World Wide Web to the World Wide Ledger. Joe was absolutely correct when he mentioned that the Internet hasn't been woven for transactional trust -- but we have the ability to do this now.

So from a business perspective, you can begin to really innovate on top of this exponential set of technology stacks. A lot of companies quote Everledger as a Blockchain company. I have to correct them and I say that we are an emerging technology company. We use the very best of Blockchain and smart contracts, machine vision, sensorial data points, for us to be able to form the identity of objects.

Now, why is that important? Most financial services companies have really been focused on Know Your Customer (KYC), but we believe that it's Know Your Object (KYO) that really creates an entirely new context around it.

Now, that transformation and the relationship of the object have already started to move. When you think about Internet of Things (IoT), mobile phones, and autonomous cars -- these are largely devices to the fabric of the web. But are they connected to the fabric of the transactions and the identity around those objects?

Insurance companies have begun to understand this. My work in the last 10 years has been deeply involved in insurance. As you begin to build and understand the chain of trust and the chain of risk, then tectonic plate shifts in financial services begin to unfold.

Apps and assets, on and off the chain

Fox: It’s not just about the chain, it's about the apps we build on top, and it's really about what is the value to the buyer and the seller as we build those apps on top.

To Leanne’s point, it’s first going to be about the object. The funny thing is we have struggled to be able to, in a digital way, provide visibility and control of an object and this is going to fix that. In the end, B2B, which is where SAP Ariba is, is about somebody getting something and paying for it. And that physical asset that they are getting is being paid for with another asset. They are just two different forms. By digitizing both and keeping that in a ledger that really cannot be altered -- it will be the truth, but it's open to everyone, buyers and sellers.

Businesses will have to invent ways to control how frictionless this is going to be. I will give you a perfect example. In the past if I told you I could do an international payment of $1 million to somebody in two minutes, you would have told me I was crazy. With Blockchain, one corporation can pay another corporation $1 million in two minutes, internationally. And on the chain companies like Everledger can build capabilities that do the currency translation on the fly, as it’s passing through, and that doesn’t dis-remediate the banks because how did the $1 million get onto the chain in the first place? Someone put it on the chain through a bank. The bank is backing that digital version. How does it get off the chain so you can actually do something with it? It goes through another bank. It’s actually going to make the banks more important. Again, Blockchain is only as good as the external trust that it inherits.

I really think we have to focus on getting the chain out there and really building these applications on top.

Gardner: It’s very exciting, and has certainly opened my eyes to more opportunity and potential. We will be talking about this quite a bit more, I’m sure. But I’m afraid we will have to leave it here today. We’ve been talking about the major opportunity from bringing Blockchain technology to B2B procurement and supply chain management.

And we've learned how Blockchain’s unique capabilities can provide comprehensive visibility across global supply chains for far simpler verification of authenticity, security, and ultimately control.

So, a huge thanks to our guests, Joe Fox, Senior Vice President for Business Development and Strategy at SAP Ariba, and Leanne Kemp, Founder and CEO of Everledger.

And a thanks as well to our audience for joining this special podcast, coming to you from the 2017 SAP Ariba LIVE conference in Las Vegas. I’m Dana Gardner, Principal Analyst at Interarbor Solutions, your host throughout this series of SAP Ariba-sponsored BriefingsDirect Digital Business Insights Discussions. Thanks again for listening, and please come back next time.

Listen to the podcast. Find it on iTunes. Get the mobile app. Download the transcript. Sponsor: SAP Ariba.

Thursday, April 20, 2017

Inside Story of Building a Global Security Operations Center for Cyber Defense

Transcript of a discussion on the planning and execution of building a state-of-the-art global Security Operations Center.

Listen to the podcast. Find it on iTunes. Get the mobile app. Download the transcript. Sponsor: Hewlett Packard Enterprise.

Dana Gardner: Hello, and welcome to the next edition of the BriefingsDirect Voice of the Customer podcast series. I’m Dana Gardner, Principal Analyst at Interarbor Solutions, your host for this ongoing discussion on IT innovation and how it’s making an impact on people’s lives.

Our next inside story examination of security best practices focuses on the building of a security operations center (SOC) for cyber defense. We’ll learn now how Zayo Group in Boulder, Colorado built a state-of-the-art SOC as it expanded its international managed security service provider practice.

Vamvakaris
Join us now as we hear directly from Mike Vamvakaris, Vice President of Managed Cyber Security at Zayo Group, on the build-out, best practices, and end-results from this impressive project.

With that, please join me now in welcoming our moderator, Serge Bertini, Vice President of Sales and General Manager of the Canada Security Division at Hewlett Packard Enterprise (HPE). I hand it over to you, Serge, to delve into this use-case.

Serge Bertini: Thanks, Dana. Good morning, Mike, how are you today?

Mike Vamvakaris: Good morning, Serge. Great. Thanks for asking.

Bertini
Bertini: Mike, this has been a continuous discussion, on a weekly basis, and lately when we meet at the airport. You and I have talked many times about the importance of managed security service providers (MSSPs), global SOCs, but for our listeners, I want to take them back on the journey that you and I went through to get into the SOC business, and what it took from you to build this up.

So if you could, please describe Zayo’s business and what made you decide to jump into the MSSP field.

Vamvakaris: Thanks for the opportunity. I love our chats and I look forward to letting you know how we got started.

Zayo Group is a global communications and infrastructure provider. We serve more than 365 markets. We have 61 international data centers on-net, off-net, and more than 3,000 employees.

Zayo Canada required a SOC to serve a large government client that required really strict compliance, encryption, and correlational analysis.

Upon further expansion, the SOC we built in Canada became a global SOC, and now it can serve international customers as well. Inside the SOC, you will find things such as US Federal Information Processing Standard (FIPS) 140-2 security standards compliance. We do threat hunting, threat intelligence. We are also doing machine learning, all in a protected facility via five-zone SOC.

This facility was not easy to build; it was a journey, as we have talked about many times in person, Serge.

Holistic Security

Bertini: What you guys have built is a state-of-the-art facility. I am seeing how it helps you attract more customers, because not only do you have critical infrastructure in your MSSP, but also you can attract customers whose stringent security and privacy concerns can be met.

Vamvakaris: Zayo is in a unique position now. We have grown the brand aggressively through organic and inorganic activities, and we are able to offer holistic and end-to-end security services to our customers, both via connectivity and non-connectivity.

For example, within our facility, we will have multiple firewalling and distributed denial-of-service (DDoS) technologies -- now all being protected and correlated by our state-of-the-art SOC, as you described. So this is a really exciting and new opportunity that began more than two years ago with what you at HPE have done for us. Now we have the opportunity to turn and pivot what we built here and take that out globally.

Bertini: What made you decide on HPE ArcSight, and what did you see in ArcSight that was able to meet your long-term vision and requirements?

Turnkey Solutions


Vamvakaris: That’s a good question. It wasn’t an easy decision. We have talked about this openly and candidly. We did a lot of benchmarking exercises, and obviously selected HPE ArcSight in the end. We looked at everyone, without going into detail. Your listeners will know who they are.

But we needed something that supported multi-tenancy, so the single pane of window view. We are serving multiple customers all over the world, and ArcSight allowed us to scale without applying tremendous amount of capital expenditure (CAPEX) investment and ongoing operational expenditure (OPEX) to support infrastructure and the resources inside the SOC. It was key for me on the business side that the business-case was well supported.

We had a very strict industry regulation in working with a large government customer, to be FIPS-compliant. So out of the box, a lot of the vendors that we were looking at didn’t even meet those requirements.

Another thing I really liked about ArcSight, when we did our benchmarking, is the event log filtration. There really wasn’t anyone else that could actually do the filtration at the throughput and the capacity we needed. So that really lent itself very well. Just making sure that you are getting the salient events and kind of filtering out the noncritical alerts that we still need to be looking at was key for us.

Something that you and I have talked about is the strategic information and operations center (SIOC) service. As a company that knew we needed to build around SOC, to protect our own backbone, and offer those services to our extended connectivity customers, we enlisted SIOC services very early to help us with everything from instant response management, building up the Wiki, even hiring and helping us retain critical skill sets in the SOC.

From an end-to-end perspective, this is why we went with ArcSight and HPE. They offered us a turnkey solution, to really get us something that was running.

The Trifecta: People, Process, Technology

Bertini: In this market, what a lot of our customers see is that their biggest challenge is people. There are a lot of people when it comes to setting up MSSPs. The investment that you made is the big differentiator, because it’s not just the technology, it’s the people and process. When I look at the market and the need in this market, there is a lack of talented people.

How did you build your process and the people? What did you have to do yourself to build the strength of your bench? Later on we can talk a little bit more about Zayo and how HPE can help put all of this together.

Vamvakaris: We were the single tenant, if you will. Ultimately we needed to go international very quickly. So we went from humble beginnings to an international capability. It’s a great story.

For us, you nailed it on the head. SOC, the technology obviously is pertinent, you have to understand your use cases, your policies that you are trying to use and protect your customers with those. We needed something very modular and ArcSight worked for that.

But within the SOC, our customers require things like customized reporting and even customized instant-response plans that are tailored to meet their unique audits or industry regulations. It’s people, process and tools or technology, as they say. I mean, that is the lifeline of your SOC.

One of the things we realized early on, you have to focus on everything from your triage, to instant response, to your kill-chain processes. This is something we have invested significantly in, and this is where we believe we actually add a lot of value to our customers.

Bertini: So it’s not just a logging capability, you guys went way beyond providing just the eyes on the glass to the red team and the tiger team and everything else in between.

Vamvakaris: Let me give you an example. Within the SOC, we have SOC Level 1, all the way to Level 3, and then we have threat hunting. So inside we do threat intelligence. We are now using machine-learning technologies. We have threat hunting, predictive analytics, and we are moving into user behavior analysis.

Remember the way I talked about SOC Level 1, Level 2, Level 3, this is a 24x7, 365-day facility. This is a five-zone SOC for enhanced access control, mantraps inside to factor biometric access control. It’s a facility that we are very proud of and that we love showcasing.  

Bertini: You are a very modest person, but in the span of two years you have done a lot. You started with probably one of the largest mammoth customers, but one thing that you didn’t really talk about is, you are also drinking your own champagne.

Tell us a little bit more about, Zayo. It’s a large corporation, diverse and global. Tell us about the integration of Zayo into your own SOC, too.

Drinking your own Champagne

Vamvakaris: Customers always ask us about this. We have all kinds of fiber or Ethernet, large super highway customers I call them, massive data connectivity, and Zayo is well-known in the industry for that; obviously one of the leaders.
The interesting part is that we are able to turn and pivot, not only to our customers, but we are also now securing our own assets -- not just the enterprise, but on the backbone.

So you are right, we sip our own champagne. We protect our customers from threats and unauthorized data exfiltration, and we also do that for ourselves. So we are talking about a global multinational backbone environment.

Bertini: That’s pretty neat. What sort of threats are you starting to see in the market and how are you preventing those attacks, or at least how can you be aware in advance of what is coming down the pipe?

Vamvakaris: It’s a perpetual problem. We are invested in what’s called an ethical hacking team, which is the whole white hat/black hat piece.

In practice, we’re trying to -- I won’t say break into networks, but certainly testing the policies, the cyber frameworks that companies think they have, and we go out of our way to make sure that that is actually the case, and we will go back and do an analysis for them.
If you don’t know who is knocking at the door, how are you going to protect yourself, right?

So where do I see the market going? Well, we see a lot of ransomware; we see a lot of targeted spear phishing. Things are just getting worse, and I always talk about how this is no longer an IT issue, but it’s a business problem.
 

People now are using very crafty organizational and behavior-style tactics of acquiring identities and mapping them back to individuals in a company. They can have targeted data exfiltration by fooling or tricking users into giving up passwords or access and sign all types of waivers. You hear about this everyday somewhere that someone accidentally clicked on something, and the next thing you know they have wired money across the world to someone.

So we actually see things like that. Obviously we’re very private in terms of where we see them and how we see them, but we protect against those types of scenarios.

Gone are the days where companies are just worried about their customer provided equipment or even cloud firewalls. The analogy I say, Serge, is if you don’t know who is knocking at the door, how are you going to protect yourself, right?

You need to be able to understand who is out there, what they are trying to do, to be able to mitigate that. That’s why I talk about threat hunting and threat intelligence.

Partners in Avoiding Crime

Bertini: I couldn’t agree more with you. To me, what I see is the partnership that we built between Zayo and HPE and that’s a testament of how the business needs to evolve. What we have done is pretty unique in this market, and we truly act as a partner, it’s not a vendor-relationship type of situation.

Can you describe how our SIOC was able to help you get to the next level, because it’s about time-to-market, at the end of the day. Talk about best practices that you have learned, and what you have implemented.

Vamvakaris: We grew out to be an international SOC, and that practice began with one large request for proposal (RFP) customer. So we had a time-to-market issue compressed. We needed to be up and running, and that’s fully turnkey, everything.

When we began this journey, we knew we couldn’t do it ourselves. We selected the technology, we benchmarked that, and we went for the Gartner Magic Quadrant. We were always impressed at HPE ArcSight, over the years, if not a decade, that it’s been in that magic quadrant. That was very impressive for us.

But what really stood out is the HPE SIOC.

We enlisted the SIOC services, essentially the consulting arm of HPE, to help us build out our world-class multizone SOC. That really did help us get to market. In this case, we would have been paying penalties if we weren’t up and running. That did not happen.

The SIOC came in and assessed everything that we talked about earlier, they stress-tested our triage model and instant response plan. They helped us on the kill chain; they helped us with the Wiki. What was really nice and refreshing was that they helped us find talent where our SOC is located. That for me was critical. Frankly, that was a differentiator. No one else was offering those types of services.

Bertini: How is all of this benefitting you at the end of the day? And where do you see the growth in your business coming for the next few years?

Ahead in the Cloud

Vamvakaris: We could not have done this on our own. We are fortunate enough that we have learned so much now in-house.

But we are living in an interconnected world. Like it or not, we are about to automate that world with the Internet of things (IoT), and always-on mobile technologies, and everyone talks about pushing things to the cloud.

The opportunity for us is exciting. I believe in a complete, free, open digital world, which means we are going to need -- for a long time -- to protect the companies as they move their assets to the cloud, and as they continue to do mobile workforce strategies -- and we are excited about that. We get to be a partner in this ecosystem of a new digital era. I think we are just getting started.

The timing then is perfect, it’s exciting, and I think that we are going to see a lot of explosive growth. We have already started to see that, and now I think it’s just going to get even more-and-more exciting as we go on.
It’s not just about having the human capabilities, but it's also augmenting them with the right technologies and tools so they can respond faster, they can get to the issues.

Bertini: You have talked about automation, artificial intelligence (AI), and machine learning. How are those helping you to optimize your operations and then ultimately benefitting you financially?

Vamvakaris: As anyone out there who has built a SOC knows, you’re only as good as your people, processes, and tools. So we have our tools, we have our processes -- but the people, that cyber security talent is not cheap. The SOC analysts have a tough job. So the more we can automate, and the more we can give them help, the better. A big push now is for AI, which really is machine learning, and automating and creating a baseline of things from which you can create a pattern, if you will, of repeatable incidents, and then understanding that all ahead of time.

We are working with that technology. Obviously HPE ArcSight is the engine to the SOC, for correlational analysis, experience-sampling methods specifically, but outside there are peripherals that tie into that.

It’s not just about having the human capabilities, but it's also augmenting them with the right technologies and tools so they can respond faster, they can get to the issues; they can do a kill chain process quickly. From an OPEX perspective, we can free up the Level 1 and Level 2 talent and move them into the forensic space. That’s really the vision of Zayo.

We are working with technologies including HPE ArcSight to plug into that engine that actually helps us free up the incident-response and move that into forensics. The proactive threat hunting and threat intelligence -- that’s where I see the future for us, and that’s where we’re going.

Bertini: Amazing. Mike, with what you have learned over the last few years, if you had to do this all over again, what would you do differently?

Practice makes perfect

Vamvakaris: I would beg for more time, but I can’t do that. It was tough, it was tough. There were days when we didn’t think we were going to make it. We are very proud and we love showcasing what we built -- it’s an amazing, world-class facility.

But what would I do differently? We probably spent too much time second-guessing ourselves, trying to get everything perfect. Yet it’s never going to be perfect. A SOC is a living, breathing thing -- it's all about the people inside and the processes they use. The technologies work, and getting the right technology, and understanding your use cases and what you are trying to achieve, is key. Not trying to make it perfect and just getting it out there and then being more flexible in making corrections, [that would have been better].

In our case, because it was a large government customer, the regulations that we had to meet, we built that capability the first time, we built this from the ground up properly -- as painful as that was, we can now learn from that.

In hindsight, did we have to have everything perfect? Probably not. Looking back at the compressed schedule, being audited every quarter, that capability has nonetheless put us in a better place for the future.

Bertini: Mike, kudos to you and your team. I have worked with your team for the last two to three years, and what you have done has showed us a miracle. What you built is a top-class MSSP, with some of the most stringent requirements from the government, and it shows.

Now, when you guys talk, when you present to a customer, and when we do joint-calls with the customers -- we are an extension of each other. We at HPE are just feeding you the technology, but how you have implemented it and built it together with your people, process, and technology -- it’s fantastic.

So with that, I really thank you. I'm looking forward to the next few years together, to being successful, and bringing all our customers under your roof.

Vamvakaris: This is the partnership that we talked about. I think that’s probably the most important thing. If you do endeavor to do this, you really do need to bring a partner to the table. HPE helped us scale globally, with cost savings and an accelerated launch. That actually can happen with a world-class partnership. So I also look forward to working with you, and serving both of our customer bases, and bringing this great capability out into the market.

Bertini: Thank you, Mike, hope you have a great day and talk to you very soon together.

Vamvakaris: You bet. Thank you, Serge.

Gardner: I’m afraid we’ll have to leave it there. You have been listening to an inside story examination of security best practices focused on building a SOC for international cyber defense. We have learned how Zayo Group in Boulder, Colorado has built a state-of-the-art global SOC as it expanded its managed security service provider practice.

So please join me now in thanking our moderator, Serge Bertini, Vice President of Sales and General Manager of the Canada Security Division at HPE. And also thanks to our special guest, Mike Vamvakaris, Vice President of Managed Cyber Security at Zayo Group.

And a big thank you as well to our audience for joining this BriefingsDirect Voice of the Customer digital business transformation discussion. I'm Dana Gardner, Principal Analyst at Interarbor Solutions, your host for this ongoing series of HPE-sponsored discussions. Thanks again for listening, and do come back next time.

Listen to the podcast. Find it on iTunes. Get the mobile app. Download the transcript. Sponsor: Hewlett Packard Enterprise.

Transcript of a discussion on the planning and execution of building a state-of-the-art global Security Operations Center. Copyright Interarbor Solutions, LLC, 2005-2017. All rights reserved.

You may also be interested in: