Not all markets are created equal; and not every sales approach will resonate with certain audiences. This was something that CenturyLink kept in mind when introducing its Managed Security Services 2.0 offering into Asia Pacific (APAC) markets following its North American launch in 2016.
The newly enhanced cyber security suite enables enterprises to proactively monitor their IT infrastructure using advanced monitoring, threat detection and incident response capabilities. The service is being hosted and managed in Singapore. From there it will service customers in Hong Kong, Japan, Australia, and neighbouring nations to Singapore.
In developing the solution suite, the goal was to focus entirely on decision-driven analytics, which in turn drove the business model, said Nathan Shanks, director of Security Services at CenturyLink. “A lot of fundamental changes had to be made around architecture and data collection to achieve that. We had to engage in an SaaS model as it would be too large within a customer’s own environment. We used more of an Office 365 approach, where users can connect and use the service when needed.”
Specifically, Managed Security Service 2.0 integrates with existing security information and event management (SIEM) systems to deliver security log monitoring with trending and threat analysis, threat intelligence, incident management and response, and customizable dashboards. Typically pricing is based on two optional models: per use or per location. For Asia Pacific they added a third per seat basis option.
“Asia Pacific is an interesting market,” Shanks said. “While there are some similarities, there are also some pretty distinct discrepancies between North American and other markets.”
On the one hand, APAC is well along the path to digital maturity. According to a May 2017 report from 451 Research, APAC companies lead in digital maturity: 55 percent have a formal digitization strategy, and about 35 percent expressed concerns about their potential failure to secure sensitive data.
On the other hand, security challenges in the region are significant. The World Economic Forum Global Risks Report 2017 notes that the risk of cyber threats is growing in APAC, citing cyber attacks as one of the most significant risks of doing business in the region. Also, according to a September 2016 study entitled Cyber-attacks in Singapore to increase as CIOs face IT security talent shortage, 85 percent of CIOs in Singapore anticipate more cyber security threats in the next five years due to a shortage of skilled IT security professionals; and 72 percent said the number of detected security threats has increased as compared with 12 months ago.
One significant contributor to this is the escalating growth of infrastructure, Shanks said. “Their level of maturity [with cyber security] has more to do with rapid growth than anything else. When your infrastructure is growing threefold, you’re focused solely on operations, and a lot of fundamentals just get missed. Rewind to eight or nine years ago and the same was happening in the US.”
When addressing APAC markets, cultural hurdles can also present challenges on a number of fronts, he added. For example, there are discrepancies in how customers like to consume these services. “They are much more of a ‘try it before you buy it’ mindset so there is a lot more demand for proof of concept. In the US, you tend to provide a lot of explanation around value, and there’s a certain amount of trust that is managed through SLAs. In APAC, it’s more accepted to come in and say let’s start at the very bottom and buy an inexpensive solution to solve a fundamental IT problem. It’s back to basics: give me two or three IT projects to implement. There is a tremendous amount of attention and time spent on using analytics and information more effectively, and on creating access to decision making, versus typical IT discussions about awareness and risk reduction.”
Entry pricing is another point of differentiation that goes hand in hand with that cautionary mindset. “They prefer a lower entry price point so they can be sure about what they want,” Shanks explained.
That’s why adding a per seat pricing model is ideally suited for the APAC audience, he added. “We discovered that in most of the environments we went into, they had no idea of what their infrastructure looked like. If we asked CIOs how many servers they had for example, many couldn’t answer. Instead of spending months going back and forth and doing workshops, we realized it’s much easier for them to go into an HR system and payroll to get the numbers.”
Despite what appears to be a short-term focus, this tailored approach serves as an essential foundation for longer term investment success, he argued. “We didn’t expect to break even this year, but we are doing better than we thought due partly to lack of competition in the market. That’s because there is a tremendous amount of concern over whether you will be a fair weather friend, or doing recruitment and staffing for the longer term. They need to feel you are there to support their environment.”