Flexibility key for DXC’s security partners

DXC Technology focuses on flexible solutions to determine which security vendors are worth partnering with and which are worth monitoring.

The global service provider typically has around 20 deep security partner alliances at any given time, noted DXC head of security for Australia and New Zealand (A/NZ) and head of cyber security for Asia Pacific Japan (APJ) and the Middle East and Africa (MEA) Kylie Watson.

“Although [we’re] tech agnostic, you can’t be a jack of all trades. You’ve got to go deep in a few,” she explained to ARN in an interview.

“So, we’ve been out there looking at their roadmaps and having conversations and looking at our strategy and we’ve been looking at where are they in automation and AI and how can we place that with our customers for the best value for them. We’ve actively been finding some interesting things.

“Everyone’s saying, ‘Hey, I’m a platform play,’ and ‘Hey, I have automation and AI’; you lift under the hood and you ask some really deep, intense questions – and a lot of them aren’t where they say they’re going to be.”

DXC’s A/NZ security strategic growth lead Craig Griffiths agreed with Watson’s sentiments, adding the provider’s current security strategy is to focus on its strategic partners.

“There’s a lot of them out there. So, we need to make some really educated bets on which companies we’re working with. We’re doubling down there, to be honest. We’re looking to lean in more with our existing and strategic partners.”

A number of these vendors include CyberArk, SailPoint, Check Point Software Technologies, Fortinet, Palo Alto Networks, SentinelOne, One Identity, Edge Computing and Trend Micro, although this isn’t a rigid list.

Watson said DXC reviews its technology partners every year as “you just can’t use the ones that have been around forever”.

SentinelOne, One Identity and Trend in particular are vendors for DXC that are on the rise, among other emerging vendors that the provider wants to tap into.

In addition to the yearly review, Watson said DXC also keeps an eye on vendors’ product roadmaps every six months, which comes in part from its cyber security chief technology officer (CTO), TM Ching.

“He looks at the detail across everything and then we workshop it, talk to them and then work out [whether] are they actually still going up into our quadrant, or are they staying where they are, or are they going backwards?” she said. “Are they more transactional rather than a strategic partner?

“We have to review that every six months, because the market’s moving so fast. I’d like to review it every month, but you’ve got to give people time to actually get your runs on the board.”

Keep up to date with Trend

Griffiths noted that Trend in particular has a “very good local team that is accessible”, with research and development taking place locally.

“They’re very easy to work with. If we have any sort of issues, the escalation path with Trend is very clear and the relationships are established all the way up,” he said.

That relationship extends to the two companies working side by side in customer engagements, with Trend sharing their platform approach and DXC coming in to talk about services and capabilities.

“They’re not the only partner we work like that with, but not all partners are like that,” Griffiths added. “We’re not competing with Trend and that’s one of the most important things. There’s no competition with the vendor.

“Even with the wider relationship, Trend have other partners. We also have other partners and I need to be agnostic to a certain degree. It has to be about the customer.”

DXC’s agnostic approach means that, using Trend as an example, there will be some instances where a vendor won’t be the right fit. As such, Griffiths said there has been a need to have “really honest conversations” with these partners, which includes Trend.

“I’ve had many conversations with Trend over the last two years where we’re either going in together, or we’re agreeing at the point that we may not be the right partner or trend may not be the right the right tech. You need to be able to have those really honest conversations, which we do,” he said.

In regards to Trend specifically, Griffiths believes that in order to find furthered mutual success, the vendor needs to work on its marketing.

“From my own perspective … before I actually started working with Trend, I only really knew of Trend’s capability from an antivirus perspective. I wasn’t really across the whole capability they’ve got,” he said.

“How they’ve won me over was really through their Capture the Flag exercises and their training. I’m a bit biased because of my background as well — very much network and telco — and Trend’s platform includes an NDR [network detection and response], so for me, the network is critical. It’s often overlooked when it comes to monitoring; Everyone seems to go down the end point path.”

Good partners

As for what makes a good security partner for DXC, Watson said the provider wants original equipment manufacturers (OEM) that are forward thinking – they don’t just say they have automation and AI but they “actually have it and aren’t just talking it up”.

“When you look under the hood, it’s actually there, and it’s doing what they say it’s going to do. If it’s a roadmap, you know it’s going to come and they’re reliable,” she said.

Also high on Watson’s list of priorities is adaptability when it comes to customer environments and not be “stagnant”.

“We look for ones that I can pick up the phone and I can go, ‘Hey, there’s an issue here. This is not quite the norm that we see. What have you learned from other things that you’ve done?’” she said.

“So, I can actually pick up the phone to somebody, or our security delivery lead can, or anyone on our projects that has that relationship.”

In addition, there needs to be an active element when it comes to training, as DXC’s developers need to be across a range of coding areas, like C++, Java, SQL, Python, Fortran and Mathematica.

“They have to keep adapting and learning and training, so we need flexible training models. We can’t just have them go, ‘[For] five days, you go and do this boot camp and then you’re accredited,’” Watson said.

“We need them to go, ‘Here’s a flexible training module and by the way, you can shadow us and have real life experience or scenarios,’ so that we’re not turning up to the customer and just saying, ‘Oh yeah, we’ve got the training.’

“We actually have the runs on the board and the experience and the backing from them as well.”