'GDPR didn't stoke the wave of data protection we anticipated' - security vendor Thales

Security specialist’s head talks to CRN about changing up its partner profiles, why the UK is ahead of its peers with cloud security, and the opportunities available to them

The much-vaunted introduction of GDPR two years ago did not lead to as many customers seeking enhanced cloud security as the industry expected, according to Thales' UK and Nordics channel boss.

Phil Holmes told CRN that he is still seeing a "huge amount" of incoming business from companies he "just assumed" would have encrypted their data since the introduction of the EU-wide regulation in 2018.

"They're actually just starting on that data encryption process now," he said.

"I think everyone thought that there would be a gold rush with GDPR, and that hasn't been the case; we're still seeing GDPR budgets being created and released for the first time.

"[There is opportunity in] customers understanding that encryption really is a silver bullet to be able to use the cloud securely and to be able to secure themselves from the threat of being breached. Our encryption solutions are still seeing a huge increase."

Thales' security wing specialises in encryption, access management and data protection. Its capabilities were bolstered by its parent company's acquisition of rival Gemalto for €4.8bn (£4.1bn) last year. Thales Group is a French multinational that designs and builds systems and services for the aerospace, defence, transportation and security markets.

Thales Security has launched a new partner programme in the wake of the Gemalto addition, which now distinguishes MSPs from VAR partners, and caters more to their needs and requirements than it previously did, according to Holmes.

The UK is "advanced" compared with other regions in EMEA when it comes to cloud adoption, which Holmes praised partners for pushing, adding that ample opportunity remains as customers seek hybrid cloud environments.

"I think the channel in general in the UK has really grasped the opportunity that the cloud provided for them," he said.

"But also there's forward-thinking at C-level and security and IT departments. There was a rush to the cloud but I think organisations are now taking a slightly more pragmatic view and we've seen instances where people are repatriating data because maybe they ran to the cloud too quickly.

"That's fantastic for us and our partners as people then re-evaluate their use of cloud. People are now being careful about vendor lock-in so are using multiple clouds and hybrid clouds. We've seen a huge increase in opportunity in the last 12 to 18 months."

The biggest cloud security challenge facing partners at the moment is education, Holmes said.

Partners need to help customers change their mindset to understand that it is not completely about avoiding being hacked, but how to react should an attack occur, he explained.

"From the encryption side, it's really about getting them to understand that securing breaches is not necessarily about trying to stop them, but admitting that they may be breached - and potentially will be breached - and looking at how to mitigate that through the use of encryption," he said.

Customers also need to understand that moving to the cloud does not guarantee built-in security and data protection, the Thales channel boss added.

"There seems to be a general belief in the market that by moving data and moving security into the cloud that it comes with built-in security and that just isn't the case," he said.

"The shared security requirements for organisations don't seem to be understood. There's a huge amount of education [required] to get customers to understand that the level of security as they move data into the cloud needs to be increased, not decreased."