Giving agencies freedom and security requires them to be risk aware, not risk averse

Views from the Corner Office is a new show designed to talk to the private sector leaders that influence and impact the federal market. The goal of this monthly discussion is for federal executives, lawmakers and other industry experts to gain insights and a better understanding into the trends, the challenges and the evaluation of the technology, acquisition and leadership in the federal market by the executives who lead the federal practices of government contractors.

Sudhakar Ramakrishna is the CEO of Pulse Secure.

Sudhakar Ramakrishna, the CEO of Pulse Secure, talked with executive editor Jason Miller by phone from his office in San Jose, California.

Here are some excerpts from that discussion.

State of the federal market

JM: Is it a good time to be a federal contractor?

SR: The federal market has always been a very important market for Pulse Secure, but also for other major security vendors. The federal government and the federal sector generally tends to be a pioneer in many cases and an early adopter of security solutions. Obviously, there’s a lot of challenges that are being faced by the federal government, and broadly speaking, the commercial sector as well, be it related to the increase of the types and the depth and the complexity of the threats that they are facing. What I would call insight, the challenges, meaning the separation of the federal enterprise itself from an outside and an inside perspective leading to the trust around zero trust, which again the federal government has been a big proponent off. And then the adoption of mobile technologies and cloud, for instance, have increased the challenges as it relates to visibility and ensuring compliance in the broadest sector, but specifically in the federal sector as well. All of these challenges and problems, obviously, result in the ability for somebody like us to solve these problems. And in that context the federal government and the federal sectors is a very large opportunity for us.

JM: It’s interesting you say that the government has maybe been an early adopter. Sometimes security companies and other technology companies say the government is always a step behind because they are risk averse. They don’t want to have failures, so they want to adopt something they know. Is security a little different based on the breaches we’ve seen over the last decade?

SR: Definitely Jason. The federal government also has to be very efficient in terms of delivering and adopting new technologies like cloud and hybrid, as an example, or even mobile technologies. So the locking down of the areas and creating of walled gardens is no longer practical even in the federal sector. So the way I think about it is when people say they are risk averse, the way I would describe it is that they are risk aware as opposed to risk averse. And in the context of being risk aware, if they can be diligent about who the security providers are and ensure that they are going through the right certifications, integrations, etc., then the speed of delivery and deployment increases and the security of the environment also increases.

More freedom, less control

JM: What are some of the trends you are seeing, whether from the commercial to the federal or vice versa?

SR: The trends are evolving even faster than many other sectors. The first one is the security challenges that customers are facing. Let’s start with the commercial sector, increasing at a rate that has never been seen before. That is further complicated in many ways by the demand from the  customers for more freedom and less control. Meaning that I want to be using a device wherever I am located. I want you to move my applications to the cloud. I want you to deploy a hybrid IT policy. Some of it is economics, some of it is user experience, and some of it is simply user preference. What happens is that it complicates security policy. It makes it more difficult for companies to ensure that their security posture is proper and protected.

The other side of the coin is that companies have fewer resources to procure, deploy and make useful these solutions. So on one hand the number of security solutions is growing. On the other hand, customers have fewer people and fewer resources to manage all this. So the implication from a vendor community standpoint is to make things incredibly easy to use, make things more integrated so you don’t make your customer’s environment more complicated.

Two is with the advent of the Internet of Things, more and more things are getting connected to the Internet. So that causes a visibility problem for customers, meaning what’s connecting to my networks, what is really allowed into my network? That has got a lot of people thinking and worrying about what the unknowns are. That results in, if all these things are happening, am I compliant whether it is to my internal audit needs or external audit needs? So compliance becomes a bigger and bigger issue that everybody has to worry about.

So these combined with the economic challenges, you mentioned budget in the federal sector, budgets in the commercial sector always tend to be quite tight as well, so can I use the cloud and save dollars, become more efficient as an example, so that at the same time increases complexity from a security standpoint. I think the important thing from a vendor community standpoint is make things more simple even as you keep them secure to enable customers to manage these things better and give customers options. Don’t force them into the cloud or don’t fixate them into a data center, and adopt hybrid approaches and give seamless access to those customers.

Cross-pollination not just for the bees

JM: What are you seeing from when you talk to agencies about zero trust? I think a lot of people are just talking about it. Is that something you’re seeing or do you actually see the pieces being put in place to create that zero trust environment?

SR: One of the more prominent agencies is actually part of our customer council and more recently, we hosted a customer council, which included them and other commercial customers as well. We do that routinely to essentially cross-pollinate best practices between commercial and federal. There we went through our zero trust solutions, not zero test pans. Simply put in the approach that we take, we authorize and authenticate users, which is the identity problem that you highlighted, devices to ensure that the devices that are connecting are compliant and have the right security posture, applications to make sure that applications are authorized to be delivered in a certain way and used by the users. And last but not least, the networks, so users, devices, applications and networks are all authorized and provided access by our solutions. The combination of those will allow a customer to deploy a zero trust environment. And so the more we are able to educate them in those terms and language that they already know, they’re getting more and more comfortable with zero trust and obviously derive the benefits of zero trust by not having walled gardens and not having different security policies for inside and outside. We’ve taken that approach and while the adoption in the commercial sector has been faster, the conversations in the federal sector are also accelerating.

JM: Do you get a sense about why the conversations are accelerating?

SR: To a large degree, it is the obligation of vendors such as ourselves to be able to articulate these things simply to the federal sector and others, and highlight how we are adding value to them rather than pushing a specific product or a point solution to them. In other words, if we work backwards from this concept, which we define internally as customer success and doing what’s right and solving their problems, including integrating with third party vendors, we will be able to accelerate their journey. And so it’s a combination of really solving the problem and then mapping it onto their particular problems and environments.

Own version of Jeopardy!

JM: What’s maybe one thing about yourself that you like to do outside of work or that’s something different about you that maybe some people don’t know?

SR: I’m not doing much of it now, but when I was quite a bit younger, I’m a trivia and a history buff. Three or four of us would go from one city to another and essentially compete or spar with other teams in terms of who knew the trivia the best. So it’s similar to like Jeopardy!, but it’s not as structured.

Copyright © 2019 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.