Security in Canada going through interesting times: Palo Alto Networks Canada country manager Rob Lunney

Palo Alto Networks’ Canadian country manager talks about the challenges his company faces, how it has adapted its strategies to meet them, and what the channel needs to do to keep pace.

Rob Lunney, Palo Ato Networks’ Canadian country manager

‘May you live in interesting times’ is a well-known slogan that happens to be a Chinese curse. Rob Lunney, Palo Alto Networks’ Canadian country manager, thinks these are very interesting times for the security industry in Canada. However, while there are several key challenges his company needs to overcome, he also sees enormous positive opportunities. He also thinks that the company’s channel partners are making good progress in their own ability to address those challenges.

“The security space is even more interesting than it was a year ago,” Lunney told ChannelBuzz. “There have been more disclosures and breaches, and the expansion of the federal PIPEDA regulatory laws in Canada last year will mean that we will hear more about those things here. That’s an easy prediction. There will be more embarrassments for organizations, leading to a potential erosion of trust. There are other forces working against customers today. These include a cybersecurity skills shortage which limits their ability to hire people, and to keep them, and well-funded actors like rogue nations trying to steal intellectual property. All this means that while customers continue to spend money on security, they are not sure if they are seeing a return. We would propose that just buying more doesn’t solve the problem. Doing things the same way that you’ve done it in the past isn’t the answer. The attackers today are using machine learning, cloud services, collaboration services, and other state of the art techniques. Customers need to look at investing in those to keep up with them.”

Instead, Lunney said that many customers continue to invest in new point products, as they did in the past.

“Many continue to buy a series of point products,” he indicated. “We find that some of the larger ones we see will have 30 or more of these, while smaller ones might still have ten or more. These new threats challenge the best-of-breed paradigm. It’s incumbent on us as a company to deliver the efficiency of best-of breed point solutions in the platform format, because it is better as a platform.”

To this end, the company launched the Palo Alto Networks Application Framework in 2017, an ambitious consumption-based platform designed to let Palo Alto Networks and third- party developers write apps to it, which would be consumed as cloud-delivered security apps. Apps have been slow to come, however.

“It will be an incremental process,” Lunney said. “As much as we were optimistic about the Application Framework’s capabilities, we were realistic about the time frame. Bringing in third parties and customers to the concept of aggregation of data to be better able to see patterns was something that we have to build. We are selling more logging services to customers to deliver more contextual network log data, and last year we introduced our first app for the platform, Magnifier, to provide user behavioral analysis. But we need to get customers using and developing more algorithms.  I don’t know if we have hit critical mass there. And as we do that, we have to strengthen our firewall and endpoint and network products to make sure we can stand as best of breed. We also strengthened ourselves with acquisitions last year, especially Redlock, to make sure we can provide top compliance and monitoring capabilities.

“An easy prediction is that Machine Learning and Artificial Intelligence will be the key buzzwords, but the question is to what extent the benefits of that can be reaped,” Lunney added. “Security will increasingly become a data game – aggregating contextual security in volume and applying Machine Learning and AI against it. The more of that data we have, the more we can provide customers by delivering next-gen machine learning capabilities.”

Managed security services providers [MSSPs] have been slower to emerge in Canada than in the U.S, but Lunney said that has begun to change.

One of the things we still see as an emerging trend here is managed security services, where the MSSP takes over monitoring and management,” Lunney said. “Customers are looking more closely at it. We are also seeing the trend of more third party SOC services being delivered. That’s good for us because our products fit well into that environment.”

Changes are also appearing in the competitive landscape in Canada, as more of the flood of newly-funded startups turn their eyes to this market.

“In perimeter security and network appliance security, the landscape hasn’t changed,” Lunney said. “It’s still the same four or five key players selling in midrange and enterprise. In cloud security and user behavior analytics however, we are starting to see the impact of the large amount of venture funding that has gone into security. Some of these companies are now coming into Canada and offering very specific point solutions, although Canadian customers tend to be a little more cautious about startups than American. Canada has also been a little slower to adopt public cloud than the U.S., but is now on the faster ramp that the US was 18-24 months ago.”

Lunney stressed that Palo Alto Networks has been doing extremely well in Canada during this period of great transition in the industry.

“We are very pleased with the Canadian business,” Lunney said. “As a company, we grew 28 per cent in Q4, and 30 per cent for all of fiscal 2018. In Canada, we don’t break out the numbers, but they are 40 to 50 per cent higher than that. Customers are rewarding us for past performance. We have added new customers in both the midrange and enterprise. Our partners have also evolved. We had high expectations around security and services and they have responded well to that.”

Lunney told ChannelBuzz a year ago that channel partners had to be aggressive in adapting to the rapid changes taking place in the cloud world, or be displaced by either competitors or hyperscale cloud providers who made the transition more successfully. He said that they had succeeded at this, in large part.

“The channel in general has become more adept at positioning public cloud services and helping customers make the transition,” he said. “They have retooled themselves from a services standpoint to enable customers to move to the cloud.”

That being said, more can still be done.

“Customers can still use more assistance in operationalizing the cloud and securing workloads,” he indicated. Partners need to develop greater skills at that and develop greater skills at managing cloud environments, especially around multi-cloud strategies. It’s conceptually the same managing things in different clouds but doing it cost effectively isn’t – especially where security is involved.”