Cybertrust exec on global presence

Jaikumar Vijayan schreibt unter anderem für unsere US-Schwesterpublikation CSO Online.

Cybertrust Inc. was formed last September by the merger of Betrusted Holdings Inc. and TruSecure Corp. and is the largest privately owned security firm in the business.

In this interview, Chief Operating Officer Brett Jackson speaks about the ongoing integration of the companies and how Herndon, Va.-based Cybertrust"s global reach gives it an advantage in the security services market.

How is the integration going? We feel quite good about where we are. Still, merging companies of this size has its challenges. We do business in a lot of different countries. Fully two-thirds of our revenue comes from customers outside the U.S. Two-thirds of our people are outside the U.S. So there were some challenges related to the distributed nature of the company. But the reason we put the companies together was because we believe there is an opportunity in the market to create a security-focused services company that had a global capability. The customers we are targeting are large organizations and governments, and having a global presence was very important to us. We short cut the usual long time it takes to build a global capability by putting together companies that were geographically complementary.

Other than the size of your company, what other value-add does Cybertrust deliver over some of the other managed security services providers? There are very few large ones. I think you"d be hard-pressed to find a focused managed security services provider who"s doing more than US$20 million to $25 million in revenue. We"ll be closer to $100 million this year. We"ve got 10 security operations centers distributed around the world; that"s a capability very few others have.

But I think our biggest advantage is the quality of our people. We have people who understand security not just from a technical standpoint, but (also) from an operational standpoint. We are out helping people solve security problems on a daily basis. We understand the problems that large organizations are dealing with, and we have helped them deal with those problems. It"s that real-world operational expertise that sets us apart from the other companies in addition to our size.

But what about AT&T Corp. and MCI Inc. and other telecommunications companies that are talking about increasing their presence in the managed security market? I think they have to drive additional services into their customer space because let"s face it, they have nowhere else to go. I think a Global 2,000 company, when it comes down to major security issues, would rather deal with a focused security company than a telco. For a telco, this is just not their major business. Some of the meat-and-potatoes security monitoring might be done by telcos, but beyond that, they just don"t have the expertise.

What else do you offer besides managed services? We offer a risk management program with 400 customers worldwide. There are a number of customers who don"t have the resources or the expertise, and they turn to us to help them implement a security program that suits their needs. We do security assessments; we do a lot of forensics work. That"s very hot right now. We have our ICSA Labs, which tests and certifies third-party security products. We did $165 million last calendar year.

Where do you see the most opportunity for growth going forward? What"s driving demand for your services? A number of things. First, people are looking to outsource some portion or all of their security to someone like us because they are trying to contain costs. You certainly see a lot of regulatory compliance issues out in the market. Customers need to deal with a variety of regulatory pressures, whether it"s Sarbanes-Oxley or HIPAA or Basel-II. Post-9/11, we have seen a big uptick in identity management projects. Specifically, organizations and governments needing some kind of a trusted-identity scheme. We are working with a number of organizations to implement corporate ID cards to enhance security.

Companies say they have a hard enough time aligning internal IT security efforts with business needs. Won"t it be even harder for an outside service provider? I think from our experience we know a bit more than they do about what good and effective security is. We have approximately 3,000 customers, and because we are service-oriented, we are usually on-site in customer organizations with firsthand knowledge of the security problems they are dealing with. So when someone approaches us about managing security, we have a lot of experience dealing with customers worldwide. When you add that to our research capabilities, we just have a better idea of what good and effective security is than a lot of customers.