HCLTech Cybersecurity Head: Good Vendor Partners Bring ‘A 360-Degree View’
'We deliver outcomes, we create stickiness with our customers and we really stay as a long-term player,' HCLTech executive Amit Jain says.
Amit Jain, executive vice president and global head of cybersecurity at HCLTech, wants to see more resources from vendors to help with the lack of cybersecurity professionals as part of what he calls “a 360-degree relationship.”
Coming off the India-based solution provider’s newly announced partnership with cybersecurity vendor CrowdStrike, HCLTech sees ways for vendors to better support the services-led partners that foster customer loyalty and make sure products are stood up properly, Jain told CRN in an interview.
“That is only possible when there's a 360-degree view to any partnership,” Jain said. “And that's what we like about CrowdStrike having that mindset, that approach toward – not just selling the technology part – but also making sure that it is successful, we deliver outcomes, we create stickiness with our customers and we really stay as a long-term player. Not just a sell and move on kind of mindset, which I see in some of the other providers.”
[RELATED: CrowdStrike, HCLTech Team Up On Enterprise Cybersecurity]
HCLTech Teams With CrowdStrike
In January, HCLTech reported its latest quarterly earnings – for its third fiscal quarter, ended Dec. 31. The solution provider reported about $3 billion in revenue, up 6 percent from the prior quarter and 5 percent year over year, and about 220,000 employees.
It reported net income of $522 million, up 13 percent quarter over quarter and 5 percent year over year. For the 2024 fiscal year, HCLTech expects revenue growth between 5 percent and 5.5 percent year over year with earnings before interest and tax (EBIT) margin between 18 percent and 19 percent.
In his comments to analysts during the quarterly earnings call, HCLTech CEO C. Vijayakumar highlighted cybersecurity along with cloud migration, SAP workloads, data modernization, automation and advanced analytics as areas of technology spending “that should remain resilient” despite no “uptick in the overall discretionary spend,” according to a transcript of the call.
“We believe once Gen-AI peaks speed, clients' eagerness to adopt Gen-AI should create a lot more opportunities,” the CEO said, with activity ramping “over the coming quarters, especially around creating the foundations to leverage Gen-AI at scale, which includes cloud migration, setting up private Gen-AI stacks, data modernization, security and privacy.”
Services partners serve a growing role in the go-to-market for security offerings, with large-scale organizations adopting dozens of cybersecurity products and needing a partner to make sure the products work together, work well and are even needed, Jain said.
“The cost and the effort behind running such a massive environment is just out of reach for most organizations,” Jain said. “And hence it's important that the technology and the service providers like ourselves and CrowdStrike really join hands to drive this mission of simplifying the architecture, making the outcomes achieved easily, cost effectively.”
Here’s more of what the HCLTech executive had to say on vendor partnerships and the cybersecurity landscape.
What should customers know about HCLTech’s new partnership with CrowdStrike?
DB (CrowdStrike Chief Business Officer Daniel Bernard) and I, when we first met we clearly saw a lot of synergy between our ways of thinking and ways of looking at the challenges our customers are facing in the market – the amount of noise and nuisance that cyberattacks are creating and the advancement of many of those attacks, which typically makes it very difficult for many of the tools today to detect.
One of the things that really attracted us to CrowdStrike’s platform was the ability and the strength and the stability and ease of use, which is something that as a system integrator, as a managed services provider, we really were looking to leverage for our customers.
We provide managed XDR (extended detection and response) or MDR (managed detection and response) … offerings, and really that is to drive this level of capability to our customers, which is AI-enabled detection and response capabilities from a managed services perspective.
And we found CrowdStrike to be a very reliable, proven simple to use platform that provides that capability and really powered our services to our G2000 (Forbes Global 2000) customers.
Is HCLTech looking at more vendor partnerships?
Partnership is core to our DNA. … Many of the technologies really power our services and our services cut across a wide variety of domains – not just cloud security, but identity and access management, risk and compliance, OT (operational technology) security and many other areas.
So the partnership element comes in all aspects of what we do because … being a service provider, we leverage technology to deliver those services.
And from that perspective, we evaluate partners every year – their being efficient, their being effective, the ability to support our business is there or not there.
And we see that there has been a growing vacuum in some of the partnerships that we have had in the past. And we see that really there was a strong need for us to develop this strong connect with CrowdStrike because we hear all the good things from customers. Many of our customers use – in fact, HCLTech itself is a user of CrowdStrike technology.
So we've seen the technology firsthand and are really happy to see the outcomes that it can deliver for our customers. And that's where it really fits in.
We manage many more technology providers besides CrowdStrike. But we only get strategic with very few, select few providers who have the global reach, the technology stability … and ease of working which is something really crucial for our business. And that represents all these benefits in terms of partnership.
Do you have a message to vendors on how they can be a better partner?
The reason why we're partnered here is predominantly to build a strong skill base as well.
So we have a lot of domain expertise. And one of the things that I always tell some of the other partners is that you might have great technology, but you probably are not doing a great job in building the talent base.
The biggest challenge that we are dealing with in security is lack of talent. And of course, there is tons of automation that has come in with platforms such as CrowdStrike. But we still need to have both a platform domain and understanding.
I would always want to tell my other partners – always come with a mindset of a 360-degree relationship. Because that's where you're not just providing the technology. You're helping us take that technology successfully to the markets at large, to our customers at large.
We are able to deliver successfully in terms of having the right skill sets that back the technology and services, of course, that we provide from a managed service perspective. … We always take … our relationships are very, very deep and very, very wide with our customers.
So if we were looking at – let's say, doing a digital transformation on one end and on the other end we are trying to kind of define, let's say, a cloud security strategy – to connect the dots, you need a provider or a player who can help support us through enabling that journey for our customers.
And that is only possible when there's a 360-degree view to any partnership. And that's what we like about CrowdStrike having that mindset, that approach toward – not just selling the technology part – but also making sure that it is successful, we deliver outcomes, we create stickiness with our customers and we really stay as a long-term player. Not just a sell and move on kind of mindset, which I see in some of the other providers.
Why are solution providers important to security vendors’ go-to-market?
We see a lot of organizations, the Global 2000 that we work with, probably jump into technology sometimes in a more product-oriented approach to securing their landscape.
And we've always found that to be a problem area. And today, most organizations that we deal with … are dealing with 30 to 50 products that they have in cybersecurity.
Now, one has to make sure that these products talk to each other so that you can make sense out of it, you can control the threats, you can protect the environment, protect their IP (intellectual property).
But more importantly, the cost and the effort behind running such a massive environment is just out of reach for most organizations. And hence it's important that the technology and the service providers like ourselves and CrowdStrike really join hands to drive this mission of simplifying the architecture, making the outcomes achieved easily, cost effectively.
And the ROI (return on investment) really is something that today all the leaders talk about, be it an IT leader or business leader or a security leader.
Because many of those technologies that were purchased in the past as distinct islands of products are not delivering the ROI really. In fact, many of them are never even used properly.
The ability to integrate in a simple platform is really going to drive a change in the market in my mind – not just from a secure enterprise perspective, but also from a more efficient, more TCO and ROI driven enterprise from a cybersecurity standpoint.
And that's where I think the partnership and joining of hands between two of us is really going to make a difference to the customers in the market.
We're really trying to change the landscape from being isolated islands of products to a more committed outcome, to a more platform-driven approach and a more simplified approach to achieving their outcomes.
What are talking to customers about in terms of keeping them secure in the short run?
The one thing that will not change in cyber is maintaining a strong cyber hygiene. I think I've been talking about it for over 10 years now. And I'm not going to stop talking about it.
Because there is so much change in the landscape from a business standpoint. Organizations trying to open doors, organizations trying to connect. There is all this pervasive connectivity between organizations today.
So the landscape keeps changing. And when I say security hygiene, the hygiene definition also starts to evolve.
So one thing we've realized, while it might appear easy to say, but it is very difficult to achieve. And that that is something truly that keeps me up at night with the organizations that we are protecting – are we doing enough to maintain and keep hygiene?
And what are the other controls that we need to put in place when the hygiene is really not there. We have unpatched servers, we have unpatched desktops, applications that have passwords visible out in the open.
We have access being given openly without strong access controls and admission controls and governance around it.
Many of these basic elements continue to keep me awake in the sense that we don't know what's going to break at a particular point in time for this customer or this organization.
And I think these remediating controls where you can monitor anomalies, detect threats, even if there is no control, is something that provides a sense of relief that, hey, even if the primary level of controls or the first line of defense is not working, there is a second line of defense available.
That will provide us an ability to constantly monitor and provide some degree of assurance – which is better than nothing. That is one message that I always give to my customers – let's make sure that hygiene is constantly kept updated.
Because that's really our first line of defense. We're doing the second line of defense, for the most part. But it's important that customers stay committed to that.
What are some of your biggest security concerns looking into the future long term?
The industry is talking about building a dynamic posture and to enable that dynamic posture, we need a zero-trust framework.
And the zero trust framework is nothing but making sure that organizations don't put themselves at risk while doing a business transformation and don't accept too much risk that they cannot really remediate.
From that perspective, our strategy is very straightforward. We are here to build a dynamic posture for our customers and maintain the dynamism in the posture by constantly delivering zero trust from a … cloud perspective, from an endpoint perspective, and making sure that the trust boundaries are very well-monitored.
Any breach to that trust is captured and addressed at that point in time. It's a very straightforward, simple way of addressing the concerns, the threats. … I always say that cybersecurity is always a roadmap. It's a journey. It is not going to stop, like I'll finish a project tomorrow and then you're done.
So because the threats are evolving, and the techniques are evolving, the approaches are evolving and the business is evolving. So we are constantly looking at the attack surface changing. In that sense, our approach is to keep the zero-trust journey on for customers constantly, evolve their posture and really drive or inspire business confidence in what they're trying to do as an organization.