Orange Cyberdefense exec on rivaling the IT services giants
After building a leader in cybersecurity services through acquiring two of Europe’s largest independent players, Thomas Gourgeon discusses the difficulties of integrating the firms during COVID-19, and plans for the future
Orange's double swoop on two of Europe's largest independent cybersecurity outfits in 2019 saw the creation of a new European-born cybersecurity force to rival the globe's largest players coming from the US.
SecureLink was its own M&A machine in the years leading up to its sale to Orange, acquiring Sweden-based firm Coresec, UK-based Nebulas and Germany's iT-CUBE in 2016.
But Orange's ambitions to consolidate the European cybersecurity market through its eye-watering €515m purchase of SecureLink a year ago, preceded by its buyout of £40m-revenue UK firm SecureData, cemented Orange as Europe's standout MSSP with revenues in excess of €700m.
Now a year after consolidating some of Europe's biggest players, Orange has been silently building a new identity for its cybersecurity arm. By fitting SecureLink and SecureData into a larger global organisation, Orange can rival the might of the big-fish American players such as HPE, IBM and Accenture in the European market.
Speaking to CRN's sister title Channel Partner Insight, Thomas Gourgeon, head of international development for the newly-formed cybersecurity arm of Orange, Orange Cyberdefense, said there's still some time to go until he can label the integration of two firms as a success.
He said that integrating two large firms during the COVID-19 pandemic has proven difficult.
"It's quite difficult to integrate during COVID-19. People don't get to meet up as often as they would like. It's kind of tricky," he said.
"We will probably need a couple of months more to make sure that it's a success".
The Cyberdefense brand came to life in Q4 last year as part of a project to bring Orange's much larger cybersecurity business under a single banner.
Both SecureLink and SecureData have now been rebranded under the Orange Cyberdefense brand.
Gourgeon said he has tried to keep office closures and relocations to a minimum throughout the integration period, unless doing so is in the best interest for its employees.
SecureData's central London office has been closed down in favour of SecureLink's much larger one. Whenwhile in Belgium, where both Orange and SecureLink have established operations, integrating the businesses under the Orange Cyberdefense banner is still an "ongoing project".
But the French firm has reorganised internally and is now operating as a single marketing entity for the entire Orange Cyberdefense group with a unified services and solutions portfolio.
Taking the SecureLink and SecureData additions into account, Orange Cyberdefense now has 16 security operations centres (SOCs) globally, alongside a further 10 cybersecurity operations centres.
Orange's SOCs manage customer infrastructure, while its cyber SOCs handle detection and response, Gourgeon said.
The combined business will continue to operate through two seperate go-to-market models. In Europe, Orange Cyberdefense generates a "significant share" of its revenues by selling pure-play security services, said Gourgeon, while also working on large infrastructure projects where it acts as the security division of the larger Orange Business Services group.
"If I look at Europe it's a different paradigm to the Americas or APAC. We have a very significant share of our revenues [in Europe] that are completely driven by our own salesforce and that are really pure-play security services on a standalone basis. And when we work with OBS it's really simple and is really a win-win situation for everyone. We're really going to keep the two because it's the two legs upon which our business stands on.
SecureLink and SecureData typically focus on a different sector of the market than Orange's original cybersecurity business, said Gourgeon. While they mainly cater for enterprises with up to 5,000 to 10,000 employees, Orange serves large multinationals with tens of thousands of staff.
But the international boss said that the larger Orange Business Services business, which reported 2019 revenues of €7.8bn, will open new doors for the former SecureLink and SecureData teams.
"We have different strategies to address those market segments. The smaller the customer the more packaged offers will be. We're seeing a lot of traction and a lot of cross sell and upsell for SecureLink and SecureData and and vice versa," he said.
"SecureLink and SecureData might have the right connection with the vendors or the right skills on the ground to integrate certain security blocks in a very complex, large enterprise infrastructure. The other way around, because Orange is a well-known player in the managed infrastructure play, that has opened the door to a number of large logos that maybe SecureLink or SecureData would have struggled to open the door to because it was for big outsourcing project in the in the €15m-plus contract value.
"These kind of projects are not easy to get when you're a domestic player or when you don't have the scale of a large group behind you. That's clearly something that we have seen and where we have a couple of opportunities where we are seeing the value of being together."
Gourgeon said the idea is to form a European born-and-bred cybersecurity company that has the scale and resources to rival the might of US heavyweights IBM, HP and Accenture.
"We believe, if you look at the market and the way it is structured today on security services, you don't have that many European born-and-bred players in the top league. When you look at the market breakdown, you see IBM, HP and Accenture - all American players.
"There is something at stake here; we want to make sure that larger organisations, in particular European organisations, have sound advice in cybersecurity and have someone to turn to."