The CEO of the newly formed HP Information Security is out to shake up the business of data security and now has the resources to do it. He outlines his plans to Paul Fisher.
December 10 was a big day for Dan Turner. It was when Vistorm, the specialist security services provider absorbed into one of the world's biggest IT companies in 2008, was officially transformed into ‘HP Information Security'. And Turner became the public face of what it is hoped will be a global force in information security.
He had been serving as CEO since July 2010, while plans for the transformation were put into place. Turner originally joined Vistorm in October 2004 to focus on developing its information assurance professional services.
Now 47, Turner was born in Mildenhall, Suffolk. He went to Cranfield for his first degree, Loughborough for his MSc and Warwick for the MBA. Prior to joining Vistorm, Turner was at QinetiQ, where he is credited with moving its IS business back into profitability.
Turner's easy manner belies his sharp commercial sense. At QinetiQ, he turned the division from the worst-performing to the fastest-growing business centre within the QinetiQ Group, with a turnover greater than $30 million.
That's the past however and Turner is keen to focus on the future. “This marks the start of a new era in IS, not just for us, but right across HP. The past two years saw significant development at Vistorm, with HP innovation coming into the mix. At the same time, the market was demanding more robust security capability from HP. It's now all coming together as we reinvigorate the Vistorm vehicle into something much bigger, with global scale and capability – HP Information Security.”
The decision was taken to “sunset”, in Turner's words, the Vistorm brand, but he is keen to stress that this shift is strategic and not just a simple rebranding exercise or, worse, absorption. HP, he says, has thought this through and is looking to benefit from Vistorm's success.
“All the core values and the good things about Vistorm – the culture, the innovation – that survives. And it's a very comfortable fit within HP,” he says.
The word ‘global' peppers Turner's sentences as he describes the logic of the transformation. Yet previously, Vistorm had been largely a local brand, serving the UK and European markets. How will this change, how does it mesh with HP's existing security proposition?
“There has been, perhaps, a cottage industry of security capability dotted around globally – of which Vistorm was part. We can now go to market in all of the countries that HP serves and take advantage of its delivery capabilities and economy of scale,” he says.
“We have huge innovation through the HP Security Services labs here at Bristol and the global capability and reach of HP's Secure Advantage Portfolio. We will be able to go well beyond what IBM can do, because it hasn't got this.”
“What we have been very impressed with is the sheer class of HP. HP has everything that we aspire to be; it's a bit like, ‘what do you want to be when you grow up?' One thing that really struck home is HP's desire, whatever it takes, to ensure that our customers feel that they are being looked after in a very differentiated way,” he adds.
Sounds great, but was there anything that Vistorm brought into the world of HP? “Yes. Very specific intellectual property, the knowledge, the skills and expertise that we have deployed quite successfully here in Europe. But now we can do that on a worldwide stage.”
Turner reveals that there has already been some cross-pollination between expert child and its new parent, with senior security talent from HP being drafted into the new division.
Of course, HP Information Security is going to find itself coming up against some pretty tough, already global competition, in the shape of Cisco, IBM, Symantec and now, following its acquisition of McAfee, Intel. All of these companies have seen that an integrated security offering is vital to make sense of the new enterprise IT environments that need to meet the challenges of cloud, consumerisation and virtualisation, among other trends.
Turner believes that HP Information Security will be able to tap into much unique talent to reap advantage, but admits that it is also a priority to understand how HP's competitors talk to their clients.
In what is almost a statement of intent, he says: “It is important that we understand the pricing pressures, get the pulse of the market. We must not become complacent. We must always be pushing on the door of innovation and taking the market further, to a place where our competitors can't reach us,” he says.
HP is a company built on research and invention. Its slogan is simple: ‘Invent.' It is proud of its scientific heritage and even boasts its own ‘HP Fellows', much like an academic institution. It is a longstanding component of the HP culture and, among its competitors, only IBM comes anywhere close. In HP's case, it extends to dedicated labs, one of the biggest of which is based in Bristol.
“IBM does have research in security, but we think the HP labs – and specifically the HP Cloud and Security Lab under Martin Sadler down at Bristol – have a differentiated position. We think they're market-leading in a number of areas. They share the same passion as us from a service perspective. In the future, clients are going to need something that genuinely turns information security and risk management from less of an art form to more of a science,” he adds.
“We've got to help our clients automate their responses to the bad stuff that's coming down the track. HP leads the world in that thinking, and particularly how clients make decisions around what they spend on. HP helps make that real for you through its security analytics.”
‘Security analytics' is HP's developing set of technologies that came out of the security labs and allows professionals to monitor and react to information risks.
“And this is how major clients decide: do they invest £5 million on post-intrusion systems, or is it better to put £7 million there on patch management systems? By giving really good data to end clients, we can help them decide where they get the best bang for their buck from us. We've just sold the first engagement with a UK client and are just about to go into our second contract – it is a real differentiator for us,” he says.
Turner says that senior security people don't talk about a technology problem anymore: they look at cost, he argues. They just can't keep spending, because their own internal business senior leaders are saying: ‘Look, the more we spend on protection for our own business, the more both innovation and our own projects suffer.'
“We've got to do things better, cheaper and faster. That's easy to say, but the reality behind it is some cutting-edge thinking – and that is security analytics,” he says.
The arrival of HP Information Security is part of a wider consolidation that has been going on for several years. Turner has his own take on the power plays and shifts that have led the major players positioning themselves to chase after the security dollar.
“The McAfee acquisition by Intel earlier in the year was groundbreaking and strategic. In time, we'll look back and say to the Intel board that its decision was very astute. It is important for HP, because it has a massive relationship with Intel. If you could genuinely tie the hardware and the software security together through the firmware – well, you would take a major step towards a very secure enterprise.
“But what does that mean for the rest of the market? Nobody, particularly HP, has to make another generalist acquisition of a security player, because McAfee was the biggest. But it does mean that we can focus on those niche technologies that we can use to differentiate ourselves in the market,” he says.
Many people reading this, who knew and perhaps were customers of Vistorm, will know that it worked closely with partners such as Check Point, RSA, Websense and other technology providers. Will this continue under the new regime?
“Absolutely, yes. We will encourage those partners to put their software onto our technology and that gives our clients a fabulous solution, actually. They can now have a combination, an OEM to an HP piece of hardware bringing market-leading capabilities at great value.”
Turning back to HP's rivals in the enterprise space and the new threat landscape, Turner reveals that there is an element of ‘we are all in this together', that HP Information Security will work closely with its technology rivals for the common good of defeating cyber crime and worsening cyber attacks. It is a kind of gentlemen's agreement, he implies.
“We have very close relationships with most of the technology vendors, because typically we are the best, the biggest seller of their technology globally. But it pays both parties to have a close relationship and that's normally done at the CTO level. So every six months or so, you would get the CTOs talking about what they're seeing out there. We may be rivals, but we all have an interest to stay one or two steps ahead of the criminals and attackers,” he says.
So, new brand established, big launch done. There are fired-up people itching to go to market, but what state is that market in? What is worrying people?
“For some of our commercial clients, it is still early days in understanding the cyber security threat. We have to do a lot of hand-holding there. Governments have been aware of some of the incursions and intellectual property thefts that have been going on, but which have never really been treated too seriously, until now.
“As the recession bites, people know that they do have to look after their respective economies. It's tough out there for UK Plc. We absolutely do not want our greatest and best industrial secrets being siphoned off elsewhere,” he says.
Undoubtedly, it is tough out there – and getting tougher. If Dan Turner and HP Information Security can deliver on their promise, the world will have a formidable ally in the fight against cyber crime. He says he is looking to transform security. He has a good chance.