Bharath Reddy
All Posts By

Bharath Reddy

Bharath Reddy is a Senior Analyst at Everest Group located in our Bangalore, India office

Protect Yourself from Cyber-breaches: Digital Forensics and Incident Response | Blog

By | Blog, IT Security

According to the Identity Theft Resource Center, a staggering 1,200+ breaches were reported in 2018. A breach can wreak havoc on a business, including – but not limited to – loss of revenue and reputational harm. And poor incident response can compound that damage, as demonstrated by breaches at Deloitte, Equifax, Uber, and Yahoo.

Some enterprises are recognizing the importance of being prepared and able to respond to attacks: 22 percent of respondents to a 2018 Everest Group survey rated “reduction in time/effort to detect, respond, and recover from breaches” as their top strategic priority in next 12-24 months.

But given the dangers, 100 percent of enterprises need to think through and create an effective risk mitigation strategy. This is where Digital Forensics and Incident Response (DFIR) can be essential. Combining incident response with deep forensic analysis to collect and examine digital evidence on electronic devices, an effective DFIR strategy can help mitigate business risks in the early stages of an attack.

Twin Forces Driving DFIR adoption

Starting on the DFIR journey: an enterprise perspective

The first step in the journey is establishing forensic analysis and incident response teams responsible for reporting, incident handling, and monitoring when a breach is detected.

The incident response team should have specific training in areas such as file systems and operating system design, and have knowledge of possible network and host attack vectors.

After a breach is detected, the forensic analysts must work closely with the incident response team to address several issues, such as isolating affected systems and making containment decisions, based on existing device, access, and data security policies. Enterprises must also update their policies regularly to stay ahead of attackers.

Putting DFIR into action

An effective incident response plan should include the following components:

Enterprise action items following breach detection

A guided approach to creating a DFIR strategy

Enterprises without a cyber-attack incident response plan leave themselves open to potentially insurmountable losses. Despite the danger, they often face significant challenges in creating a plan. These challenges include:

  • Limited budget for plan development and forensic analysis
  • Lack of built-in approval systems to kick off incident response
  • Lack of support for cyber insurance policies
  • Lack of adequate skill sets to perform forensic analysis.

Our guided approach to developing a DFIR strategy can help enterprises evaluate and onboard digital forensics as part of their overall cybersecurity strategy.

DFIR strategy for enterprises

Specialist DFIR offerings can help

As many enterprises aren’t equipped to improve their security posture and reduce incident response times on their own, specialist DFIR vendors – such as CrowdStrike, Cylance, and Mandiant – can assist with suites of holistic offerings. In contrast with managed security services (MSS) players, specialist DFIR vendors lead with localization as their core value proposition. Their product-centric service offerings, localization, and a guided approach help enterprises build resilient business are valuable resources for enterprises.

In fact, DFIR capabilities are becoming a deal clincher/breaker in large security transformation deals between enterprises and MSS providers. Enterprises need to carefully analyze the value proposition of their current/potential MSS partners serving as their DFIR vendor. The following checklist can help enterprises determine if their MSS providers can provide DFIR services.

Enterprises MSS Partner checklist for DFIR capabilities

Approaching DFIR in the digital world

Today’s business environment has dramatically changed the way enterprises need to address DFIR. Adoption of digital technologies such as cloud, IoT, mobility, software defined everything (SDX), etc., has made traditional forensics techniques obsolete. And issues such as evidence acquisition, validation, and cataloging are just the tip of the iceberg.

The following new approach can help enterprises effectively protect themselves against cyber attacks in the digital world.

The new approach to DFIR

Given what’s at stake, enterprises must understand that remaining in the dark about potential breaches can prove significantly more devastating than the time and resources required to build or onboard competent digital forensics capabilities. DFIR can be a challenge, but it’s worth it.

Please reach out to us at [email protected] and [email protected] if you are interested in exploring DFIR in further detail.

HCL Acquires IBM Products – Desperation or Aspiration? | Sherpas in Blue Shirts

By | Blog, Mergers & Acquisitions, Outsourcing

On December 6, 2018, HCL announced it had acquired seven IBM products across security, commerce, and marketing for a record US$1.8 billion. To provide a financial context to this acquisition: HCL, India’s third largest IT services provider, invested about 22 percent of its annual revenue to bolster its products and platforms portfolio – what it refers to as its Mode 3 portfolio – which barely contributes to 10 percent of its annual revenue.

Demystifying the Why

What strategic outcomes could HCL potentially derive from this deal?

  • Cross-sell opportunities: Access to the more than 5,000 enterprises currently using the acquired IBM products
  • Superior value proposition around as-a-service offerings: Integration of these products with HCL’s ADM, infrastructure, and digital services
  • Top-line growth due to recurring revenue streams and expanded EBIDTA margins
  • Fewer dependencies on external vendors: Improved capabilities to bundle internal IP with services can enable HCL to have greater control over outcomes, thereby enhancing its ability to deliver value at speed

 Sounds good…Right?

At first glance, the acquisition may seem to be a strategic fit for HCL. But when we dug deeper, we observed that while some of the IP plugs gaps in HCL’s portfolio, others don’t necessarily enhance the company’s overall capabilities.

HCL acquisitions

This analysis raises meaningful questions that indicate there are potential potholes that challenge its success:

  • Confusion around strategic choices: The product investments point to a strong proclivity towards IT modernization, rather than digital transformation. This acquisition of on-premise products comes at a time when inorganic investments by peers’ (recent examples include Infosys’ acquisition of Fluido and Cognizant’s acquisition of SaaSFocus) and enterprises’ preference are geared towards cloud-based products
  • Capability to drive innovation at speed on the tool stack: To address the digital needs of new and existing clients, as well as to deliver on the promise of as-a-service offerings, HCL needs to repurpose the products and make significant investments in modernizing legacy IP
  • Financial momentum sustenance: With an increasing number of clients moving away from on-premise environments to cloud, it remains to be seen if HCL can sustain the US$650 million annual revenue projection from these products
  • Customer apprehensions: Customers that have bundled these products as part of large outsourcing contracts built on the foundation of their relationships with IBM will likely be apprehensive about the products’ strategic direction, ongoing management, and integration challenges as their IT environments evolve
  • The illusion of cross-sell: It remains to be seen if HCL can succeed in cross-selling digital services for these legacy products, especially in the beginning of its relationship with the 5,000+ clients currently using the in-scope IBM products.

 The Way Forward

The acquisition definitely is a bold move by HCL, which may seem meaningful from an overall financial investment and ROI perspective. However, the subdued investor confidence reflects poor market sentiment, at least at the start. Although this could be considered a short-term consequence, HCL’s investments in these legacy products is in stark contrast to the way the rest of industry is moving forward.

On the day of the acquisition, HCL’s stock price fell 7.8 percent, signaling negative market sentiments and thumbs down from analysts. In contrast, the market behaved differently in response to  acquisitions by HCL’s peers in the recent past.

To prove the market wrong, HCL needs to focus its efforts on developing and innovating on top of these products; developing synergies with its ADM, infrastructure, and digital services; alleviating client apprehensions; and providing a well-defined roadmap on how it plans to sustain momentum leveraging these products over the long term.

What is your take on HCL’s acquisition of these IBM products? We would love to hear from you at [email protected] and [email protected].

Office Depot Acquires CompuCom in an Amazon–Driven Pivot | Sherpas in Blue Shirts

By | Blog, Mergers & Acquisitions

The adage, “Disruption does not discriminate,” rang true again with Office Depot’s acquisition of CompuCom last week.

The beleaguered office supplies retailer bought the IT infrastructure firm for US$ 1 billion, illustrating yet again the disruptive impact of Amazon and the digital economy. With this deal, Office Depot expects to add US$1.1 billion in revenue, and achieve cost synergies to the tune of US$40 million in two years. As part of the transaction, Thomas H. Lee Partners LP, the PE firm that owns CompuCom, will assume an 8 percent ownership in Office Depot.

The why

The deal comes at a time when Office Depot’s business is in the doldrums due to diminishing demand for traditional office supplies as offices go digital and online retailers eat into brick and mortar sales. CompuCom had its own share of problems, with four CEOs in the past four years, declining revenue, and diminishing investor confidence.

As the proposed takeover by Staples fell at the antitrust altar last year, Office Depot had been looking for ways to strengthen sales that had continued to slacken for several quarters. Its hiring of a slew of tech executives indicated that a drastic change was in the cards.

With this acquisition, Office Depot aims to pivot towards a business services and technology play in order to achieve:

  • Superior value proposition: Provide a stronger story to customers around the “workplace ecosystem” for enterprises
  • Cross-sell opportunities
    • Leverage its “Last Mile” footprint to provide Tech-Zone help desks in Office Depot’s 1,400 retail locations, thus increasing CompuCom’s service-based opportunities
    • Use the Tech-Zone help desks to increase on-premise traffic, thus driving traditional sales
  • Topline growth from recurring revenue streams
  • Synergies around the SMB market: Both companies target this highly fragmented market, with Office Depot’s omni-channel strategy offering access to nearly 6 million SMBs.

So, all ends well…right?

While the CompuCom acquisition is in line with the “Software Eats Everything” theme, meaningful questions exist:

  • Uninspiring investor confidence: Office Depot’s share price dropped by 15 percent following the announcement. Although this can be considered a short-term consequence, both firms have struggled as secular market trends reshape their core industries. Will the combined entity realize its promised value?office depot acquisition of compucom blog
  • Digital innovation: There is little clarity on the combined entity’s innovation strategy around the digital workplace construct. The onus is on it, especially CompuCom, to deliver a value proposition centered on seamless customer experience
  • The Amazon conundrum: With Amazon disrupting traditional business models – via e-channels and innovation across physical channels through concepts such as Amazon Go – the combined entity must chalk out a strategy to counter Amazon’s onslaught from both the retail and technology perspectives
  • Change management: The combined entity needs to guard itself against organizational inertia, as the pivot from a brick and mortar model to a services play will require considerable structural changes and incentive restructuring
  • Customer education: The combined entity must educate customers about its new value proposition and what it means for their business and their business as usual to assuage any concerns that lead to customer flight.

The way forward

There have been previous instances of retailers acquiring Managed Service Providers (MSPs) to enhance their value proposition and margins. This includes Staples’ acquisition of Thrive Networks in 2007, and Best Buy’s acquisition of mindSHIFT in 2011. Although worthy pursuits, these acquisitions failed due to executional fallacies, lack of a clear-cut strategy, and their erroneous belief that SMBs would choose them to outsource their IT in a managed services model.

On the other hand, most of CompuCom’s revenue comes from conventional project-based and procurement engagements. The customer experience point is important here. If Office Depot can make this model a de facto choice for customers looking for a better customer experience, this might just work.

That said, the continuous disruption by players such as Amazon and the proliferation of digital users who demand a personalized user experience across all channels will play a key role in determining the success of this acquisition.

Creating a definitive digital value proposition aligned to customer expectations and chalking out a clear, dynamic execution strategy are the key tenets Office Depot must embrace for the CompuCom acquisition to succeed. Indeed, they are our words to the wise for any service-related organizations considering M&A activity in today’s digitally-disrupted environment.

What is your take on Office Depot’s pivot? We would love to hear from you at [email protected] and [email protected]