Over the past year we have seen global systems integrators (SIs) – Accenture, IBM, Deloitte, Fujitsu, Capgemini and others – make many acquisitions, particularly in the public cloud, AI, cybersecurity and data space. Much of the growth in spending over the past few years have been driven by these categories: in 2020 if a software company was purely or mainly SaaS, they are likely to have witnessed strong growth. If they were on-premises software, they were lucky not to see declining revenues. While it is normal for the larger SIs and consultants to play catch up through acquisition, it is becoming harder for them to gain traction in these new areas.
Technology Shifts Drive Market Fragmentation
With every technology-driven business change new SIs, consultants, and managed services providers emerge. It happened with the move to big ERP systems, the move towards Business Intelligence, the emergence of SaaS etc. But I think we are now seeing something different. More than just the smaller players going after opportunities earlier, I believe we are seeing a changing buying behaviour from tech and business buyers – a greater willingness for larger enterprises to give their most important, business-critical strategies and implementations to smaller, less established players.
And I am not suggesting that the larger SIs are not performing well. Many are growing at 10-25% YoY – but at the same time, many are also growing at a slower rate than the markets they play in. The Ecosystm RNx for global IT services and consulting providers shows that the global providers continue to power ahead. But they need to adapt to changing market conditions.
New Cloud/AI Partners Winning Consulting and Implementation Deals
We have seen a new community of partners emerge with tech changes, such as the hyperscale cloud platforms and AI/machine learning tools. Traditionally, these companies would be good at one thing – and would learn slowly. For example, in the SAP ERP growth period, the projects were large and long. A single, mid-sized SI might only be working with 2-3 clients at a time. Therefore, the IP that they collected was limited – and they would find themselves with focused or niche skills. The large SIs had done many large, long projects across the globe and had much best-practice IP to call upon, giving them a broader and deeper knowledge of the technology and industries. Smaller providers had limited IP and industry experience.
But in this cloud and AI era, specialist providers work on hundreds of smaller projects with dozens or hundreds of clients. With the technology constantly evolving, the skills are constantly improving. While the global SIs are working on many cloud and AI engagements, they are often part of longer engagements – giving the consultants and tech teams less exposure to the new and evolving cloud platforms.
In a world where technology is changing at pace, the traditional global SI practice of “learning from peers across the globe” doesn’t happen at the pace the market requires. By the time your peers in the business have completed a project, documented it, and shared learnings, the market has moved on and technology has changed. Today it is easier and faster to learn directly from the tech vendors and cloud platform providers and their training partners. The network effect of knowledge in a team on the opposite side of the globe for a global SI is less valuable to clients. Often the smaller and mid-sized SIs have a deeper, broader knowledge of the technology platforms and toolsets than the larger providers – giving them a competitive advantage. For example, if you want the actual experience of moving SAP to Azure, or Oracle to AWS – you’ll often find the smaller providers have more experience. And this continues to play out. In many markets in the world, the top 5-10 SIs for cloud, AI and cybersecurity has a high proportion of local specialist providers.
Tech Buyers No Longer Look for Culturally Aligned Partners
Tech buyers themselves are changing too. In years gone by, the smaller tech partners would tell us that they felt they were included in bids to drive down the price from the global SIs. But today the story is different. Smaller partners are admired for their agility and innovation. Large enterprise customers will choose small providers because the small SI is NOT like them. In the past, they chose the global SI because they were just like them!
Because of this, the large SIs are mopping up their smaller competitors across the globe. Accenture has acquired 40 companies in the past 10-11 months, IBM has acquired over 10, Atos and Cognizant have also acquired many companies in the past 12 months. They are doing this for the skills as much as for the clients, along with getting a foothold in a new market or strengthening their position in geography. The challenge will be to hang on to the clients, culture, and the IP of the acquired business. Often these smaller competitors are growing at a significant pace – and the biggest risk is that the acquiring company takes their eyes off the prize.
Global SIs Still Own the Industry Play
Despite these challenges, one of the areas that the global SIs will continue to dominate is the industry play. I have discussed how as technologies mature, industry plays become more relevant.
Smaller and mid-sized SIs and consultants find it hard to create deep pools of expertise across multiple industries. While some may have a deep focus on a single or two industries, only the large players have broad and deep geography and industry experience. This puts many of the acquisitions into context – the global SIs will take these acquisitions and use that deep and broad technical and business knowledge and add it to their industry knowledge to create a more compelling offering.
Their challenge will still be one of cultural alignment. As discussed, many companies seek out tech partners who represent what they want to be, not what they are. The ability for the Global SIs to retain the culture, agility and innovation of the acquired business will determine their ability to continue to see similar or improved levels of growth from the acquired business. Using their IP in the context of industries will be the key to their ongoing success.
The Ecosystm RNx – Top 10 Global IT Services & Consulting Company Rankings is based on in-depth, quantified ratings from technology decision-makers on the Ecosystm platform.
If you are an End User, it is likely that you are looking to partner with the right services provider who can guide your transformation journey. This vendor ranking will help you evaluate your buying decisions based on key evaluation ratings by your peers across a number of key metrics and benchmarks, including customer experience, integration capabilities and strategy.
If you are an IT Services & Consulting Company, you operate in a competitive world with several global and regional players – this is an opportunity to understand how your customers rate you on capabilities and their overall customer experience.
In this edition of Ecosystm RNx – an objective vendor ranking based on in-depth, quantified ratings from technology decision-makers on the Ecosystm platform – we rank the Top 10 Global Cybersecurity Vendors.
If you are an End User, you are having to re-evaluate your Cybersecurity risks and measures as both solution capabilities and the threat landscape become more complex. In a fragmented market, it is difficult to select the right Cybersecurity partner to safeguard your organisation. This vendor ranking will help you evaluate your buying decisions based on key evaluation ratings by your peers across a number of key metrics and benchmarks, including customer experience.
If you are Cybersecurity Vendor, you are aware that end users are looking more for Cybersecurity services than solutions – this is an opportunity to understand how your customers rate you on capabilities and their overall customer experience.
As organisations come to terms with the “new normal”, technology companies are presenting unique offerings to help them tide over the situation and lead them towards economic and social recovery. These companies are also leading from the front and demonstrating how to transform with agility and pace – evolving their business and delivery models.
Organisations are dependent on digital technologies more than ever before. In 2020, we have already seen unprecedented and rapid adoption of technologies such as audio and video conferencing, collaboration tools to engage with employees and clients, contactless services, and AI/automation. This will have a wider impact on the technology industry, community, and redefining the workplace of the future.
Ecosystm Principal Advisor, Tim Sheedy hosted a virtual roundtable with business leaders from some of the world’s largest technology service providers to discuss how they managed the challenges during the pandemic; and the measures they implemented to support not only their business operations and working environment, but also to help their customers negotiate these difficult times.
The Role of Technology During the COVID-19 Crisis
When the COVID-19 crisis hit, IT teams found themselves largely unprepared. Ecosystm research finds that only 9% of organisations considered their IT fully prepared for the changes that had to be implemented (Figure 1). More than a third did not have the right technology solutions and 41% were unprepared for the scale of the changes required and the capacity to extend the existing technology to meet client and employee needs.
While 27% of organisations felt that they needed more support from their IT provider, further questioning reveals that only 4% switched technology providers for better support during these difficult times. Organisations are looking to their technology partners for guidance, as they negotiate the new normal.
Here are some of the discussion points that emerged in the conversation with the technology providers.
Business Continuity Planning is Still Evolving
One of the early impacts on businesses was due to their dependence on outsourced services and offshore models. Several concerns emerged – how could their provider continue to operate offsite; would they be able to access the network remotely; how should fully remote teams be managed and so on. In addition to this, there were other challenges such as supply chain disruptions and a sudden change in business. Even technology providers felt that they were navigating uncharted territory.
“Remote project delivery is not new, it’s been going on for a few years; but I think that there’s been a lot of non-believers out there. This experience has moved a lot of those non-believers to the believer category. A lot of our delivery can be done from home – think of the savings of time and money that can be realised through this.” – Andrew Campbell, Partner Asia Pacific for Talent and Transformation, IBM
Moreover, the rising workload and client expectation has led businesses to move towards exploring automation and AI.
“The thing that is changing now is, when we approach a new opportunity or an existing customer with a new requirement, we look at using automation. Typically, when you go in to design a solution you always think of the human aspect. We’re working very hard to move our thinking to automation first and then supplementing it with the human side as a backup.” – Michael Horton, Executive VP, ANZ, HCL Technologies
Data has become paramount in this time of crisis. The right use of data is helping organisations fulfil customer requirements, enhance their experience, and optimise services and products.
“Those organisations that have a good understanding of the data within their business, and how that data can be used to understand the impact on their business, are starting to have much better clarity on future requirements.” – Peter Lawther, Oceania Regional Technology Officer, Fujitsu
Organisations should take the learnings from managing this situation to keep evolving their business continuity plans – keeping in mind individual business needs and growth and business strategies.
Having the Right Infrastructure Means Employees are Productive
The lockdown and social distancing measures forced organisations to focus on the infrastructure that can support their remote and hybrid work environment.
“Before the pandemic around 20-30% of our staff logged on to a VPN, but with remote working, all of a sudden, we were at 90%.” – Lawther
The adoption of digital tools and online infrastructure led businesses to re-think how they were delivering their services. While some organisations had the tools, governance and the protocols in place, there is still a long way to go for organisations to solve their infrastructure and networking challenges.
“It gets down to the quality of the equipment that the staff use – which ranges from decent laptops, phones, and network connections. If you don’t have that now, people cannot work effectively.” – Horton
Several of these organisations, focused on ergonomics as well, when evaluating their employees’ infrastructural needs when working from home. This extra focus on infrastructural needs – with the employees firmly on their mind – ensured that there was minimal impact on delivery.
Caring for Your People is More Important than Ever
The pandemic has changed the way people work, socialise, and interact. While this appears to have become the new norm, adjusting to it can create emotional stress. Simultaneously, as organisations focus on survival and recovery, workloads have increased. Employees are working extended hours, without taking adequate hours. There is an immediate need to involve organisations’ HR practices in evaluating the emotional well-being of employees and finding better ways to engage with remote staff, to reduce stress.
“A key aspect of handling the crisis has been empathy, transparency and engagement with employees. In a business environment, we have all sorts of teams, cultures, clients, and so on. The common thread in this model is that everyone’s just become a lot friendlier, more empathic, more transparent.” – Sumit Nurpuri, COO, SE Asia Hong Kong and Taiwan, Capgemini
Organisations will have to be innovative in the way they manage these people challenges. For example, a common problem that has emerged is employees attending meetings, with interruptions from family, especially children.
“One of the things that we did as a part of our team meetings is that we assigned tasks to children at the beginning of the call and in the last few minutes, the children presented back to the teams on what they’ve been up to. It was a mechanism for us to make sure that we were involving our staff and understanding their current situation – and trying to make it as easy for them to work, as possible.” – Lawther
Taking the Opportunity to Drive Positive Outcomes
The other aspect businesses are trying to overcome is meeting the rising expectations of clients. This has led them to focus on skills training, mostly delivered through e-learning platforms. Organisations find that this has translated into increased employee performance and a future-ready workforce.
The crisis disrupted economies and societies across the globe, with business and industry coming to a standstill in most countries. Unexpected business benefits emerged from the necessity to comply with country regulations. By and large, employees have been more productive. Also, many organisations re-evaluated their commercial property requirements and many were able to reduce expenses on office rentals (for many this will not be immediate, but there is a future potentiality). Similarly, there were other areas where businesses saw reduced expenses – operational costs such as equipment maintenance and travel expenses.
“When you start global projects and global implementations, you typically do some kind of global design work and maybe fly in people from all over the world, typically to a centralised location. This has changed to virtual meetings and collaborative interactions on online global design. The amount of time and money that was saved – that would typically be spent on people traveling to manage these global design workshops – was great” – Campbell
Most organisations, across industries, will have to make considerable changes to their IT environment. The Ecosystm Digital Priorities in the New Normal study finds that 70% expect considerable to significant changes to their IT environment, going forward. Technology providers will remain a significant partner in organisations’ journey to transformation, recovery and success.
The Cybercrime Pandemic, Ecosystm Principal Advisor, Andrew Milroy says, “Remote working has reached unprecedented levels as organisations try hard to keep going. This is massively expanding the attack surface for cybercriminals, weakening security and leading to a cybercrime pandemic. Hacking activity and phishing, inspired by the COVID-19 crisis, are growing rapidly.” Remote working has seen an increase in adoption of cloud applications and collaborative tools, and organisations and governments are having to re-think their risk management programs.In his blog,
We are seeing the market respond to this need and May saw initiatives from governments and enterprises on strengthening risk management practices and standards. Tech vendors have also stepped up their game, strengthening their Cybersecurity offerings.
Market Consolidation through M&As Continues
The Cybersecurity market is extremely fragmented and is ripe for consolidation. The last couple of years has seen some consolidation of the market, especially through acquisitions by larger platform players (wishing to provide an end-to-end solution) and private equity firms (who have a better view of the Cybersecurity start-up ecosystem). Cybersecurity providers continue to acquire niche providers to strengthen their end-to-end offering and respond to market requirements.
As organisations cope with remote working, network security, threat identification and identity and access management are becoming important. CyberArk acquired Identity as a Service provider Idaptive to work on an AI-based identity solution. The acquisition expands its identity management offerings across hybrid and multi-cloud environments. Quick Heal invested in Singapore-based Ray, a start-up specialising in next-gen wireless and network technology. This would benefit Quick Heal in building a safe, secure, and seamless digital experience for users. This investment also shows Quick Heal’s strategy of investing in disruptive technologies to maintain its market presence and to develop a full-fledged integrated solution beneficial for its users.
Another interesting deal was Venafi acquiring Jetstack. Jetstack’s open-source Kubernetes certificate manager controller – cert-manager – with a thriving developer community of over 200 contributors, has been used by many global organisations as the go-to tool for using certificates in the Kubernetes space. The community has provided feedback through design discussion, user experience reports, code and documentation contributions as well as serving as a source for free community support. The partnership will see Venafi’s Machine Identity Protection having cloud-native capabilities. The deal came a day after VMware announced its intent to acquire Octarine to extend VMware’s Intrinsic Security Capabilities for Containers and Kubernetes and integrate Octarine’s technology to VMware’s Carbon Black, a security company which VMware bought last year.
Cybersecurity vendors are not the only ones that are acquiring niche Cybersecurity providers. In the wake of a rapid increase in user base and a surge in traffic, that exposed it to cyber-attacks (including the ‘zoombombing’ incidents), Zoom acquired secure messaging service Keybase, a secure messaging and file-sharing service to enhance their security and to build end-to-end encryption capability to strengthen their overall security posture.
Governments actively working on their Cyber Standards
Governments are forging ahead with digital transformation, providing better citizen services and better protection of citizen data. This has been especially important in the way they have had to manage the COVID-19 crisis – introducing restrictions fast, keeping citizens in the loop and often accessing citizens’ health and location data to contain the disaster. Various security guidelines and initiatives were announced by governments across the globe, to ensure that citizen data was being managed and used securely and to instil trust in citizens so that they would be willing to share their data.
Singapore, following its Smart Nation initiative, introduced a set of enhanced data security measures for public sector. There have been a few high-profile data breaches (especially in the public healthcare sector) in the last couple of years and the Government rolled out a common security framework for public agencies and their officials making them all accountable to a common code of practice. Measures include clarifying the roles and responsibilities of public officers involved in managing data security, and mandating that top public sector leadership be accountable for creating a strong organisational data security regime. The Government has also empowered citizens to raise a flag against unauthorised data disclosures through a simple incident report form available on Singapore’s Smart Nation Website.
Australia is also ramping up measures to protect the public sector and the country’s data against threats and breaches by issuing guidelines to Australia’s critical infrastructure providers from cyber-attacks. The Australian Cyber Security Centre (ACSC) especially aims key employees working in services such as power and water distribution networks, and transport and communications grids. In the US agencies such as the Cybersecurity and Infrastructure Security Agency (CISA) and the Department of Energy (DOE) have issued guidelines on safeguarding the country’s critical infrastructure. Similarly, UK’s National Cyber Security Centre (NCSC) issued cybersecurity best practices for Industrial Control Systems (ICS).
Cyber Awareness emerges as the need of the hour
While governments will continue to strengthen their Cybersecurity standards, the truth is Cybersecurity breaches often happen because of employee actions – sometimes deliberate, but often out of unawareness of the risks. As remote working becomes a norm for more organisations, there is a need for greater awareness amongst employees and Cybersecurity caution should become part of the organisational culture.
Comtech received a US$8.4 million in additional orders from the US Federal Government for a Joint Cyber Analysis Course. The company has been providing cyber-training to government agencies in the communications sector. Another public-private partnership to raise awareness on Cybersecurity announced in May was the MoU between Europol’s European Cybercrime Centre (EC3) and Capgemini Netherlands. With this MoU, Capgemini and Europol are collaborating on activities such as the development of cyber simulation exercises, capacity building, and prevention and awareness campaigns. They are also partnered on a No More Ransomware project by National High Tech Crime Unit of the Netherlands’ Police, Kaspersky and McAfee to help victims fight against ransomware threats.
The Industry continues to gear up for the Future
Technology providers, including Cybersecurity vendors, continue to evolve their offerings and several innovations were reported in May. Futuristic initiatives such as these show that technology vendors are aware of the acute need to build AI-based cyber solutions to stay ahead of cybercriminals.
Samsung introduced a new secure element (SE) Cybersecurity chip to protect mobile devices against security threats. The chip received an Evaluation Assurance Level (EAL) 6+ certification from CC EAL – a technology security evaluation agency which certifies IT products security on a scale of EAL0 to EAL7. Further applications of the chip could include securing e-passports, crypto hardware wallets and mobile devices based on standalone hardware-level security. Samsung also introduced a new smartphone in which Samsung is using a chipset from SK Telecom with quantum-crypto technology. This involves Quantum Random Number Generator (QRNG) to enhance the security of applications and services instead of using normal random number generators. The technology uses LED and CMOS sensor to capture quantum randomness and produce unpredictable strings and patterns which are difficult to hack. This is in line with what we are seeing in the findings of an Ecosystm business pulse study to gauge how organisations are prioritising their IT investments to adapt to the New Normal. 36% of organisations in the Asia Pacific region invested significantly in Mobile Security is a response to the COVID-19 crisis.
The same study reveals that nearly 40% of organisations in the region have also increased investments in Threat Analysis & Intelligence. At the Southern Methodist University in Texas, engineers at Darwin Deason Institute for Cybersecurity have created a software to detect and prevent ransomware threats before they can occur. Their detection method known as sensor-based ransomware detection can even spot new ransomware attacks and terminates the encryption process without relying on the signature of past infections. The university has filed a patent for this technique with the US Patent and Trademark Office.
Microsoft and Intel are working on a project called STAMINA (static malware-as-image network analysis). The project involves a new deep learning approach that converts malware into grayscale images to scan the text and structural patterns specific to malware. This works by converting a file’s binary form into a stream of raw pixel data (1D) which is later converted into a photo (2D) to feed into image analysis algorithms based on a pre-trained deep neural network to scan and classify images as clean or infected.