It was back in 2013 when Meg Whitman started to highlight the importance of advisory services for HP, repeating it as part of the “advise, transform and manage” message which she regularly articulated in interviews and briefings. Last week, HP held an EMEA security event for analysts in Boeblingen, Germany. The thing that stood out for me was not HP’s depth and breadth of cyber security capabilities (which I had expected) but the fact that it is reaping the benefits of Whitman’s move to advisory services.
Before the advisory move, HP focused heavily on the technology aspects of the security business, either bundled with other services or as a partner to consultancy firms. Today the situation is very different with HP offering clients security assessments and audits. For example, compromise assessments typically lead to remediation and on-going engagements of $250k to $1m. Furthermore, the engagements create a halo effect driving sales and pulling through additional sales in services.
About three years ago HP started to offer standalone security services as well which were previously only offered bundled with other IT services. This move supports the advisory business and has helped the company engage with clients earlier and for longer on projects and services.
According to HP, its security services business has significantly outpaced growth in other parts of the business both in terms of revenue and headcount. This is against the backdrop of a diminishing workforce elsewhere in the company.
Security is a priority business area for HP – a core part of its new style of IT messaging, which also includes big data, mobile, and cloud. The company is investing in its capabilities:
- In December 2014, it announced the opening of the cyber security operations center (SOC) in Boeblingen, Germany to cater for local clients. This is in addition to its 10 global SOCs
- It is developing new capabilities based on its software assets such as Autonomy and Vertica to complement the real time analytics capabilities of ArcSight, which it uses for its security services
- Investing in security R&D.
The addition of advisory services to HP security portfolio has changed HP’s relationship with its customers allowing it to engage with them at early stages of the investment decision cycle. It has helped HP increase the scope and length of its security engagements.
A large part of the security services growth comes from consultancy that is manpower heavy. HP already has 600 security consultants and is hiring more. This must be pushing up the cost base. The managed service benefits from automation and the headcount does not need to increase as steeply as the consultancy part. HP’s challenge is to balance recruitment and business growth and the mix of consultancy and managed services.
Security services still account for only a small part of HP’s overall business (less than 2% of the total revenue). The company is working on creating more brand awareness and increasing its share of the security services market in some key geographies including the US. The business will always be relatively small compared with HP’s other major service lines of ITS and BPS. However, the success of the advisory model in this segment shows the way forward for other HP businesses. HP’s recovery could accelerate if those also gain a halo effect from advisory services and pull through additional sales.