Catch Pekka Usva, VP, Corporate Security Business, F-Secure in a conversation with Sanchit Vir Gogia, Chief Analyst & Group CEO,Greyhound Research on Greyhound Research’s knowledge sharing series ONTrigger.
Don’t have enough bandwidth to stream a video? No worries! Hear the conversation as a podcast on #GreyhoundRadio Click on the icon on the right. 
Can’t see the video or hear the podcast? Don’t fret at all! Read full transcript of the interview below in text. To download the transcript in pdf, click on the icon on the right. 
BTW, if you like what you read below, just click the twitter birdy (in text, in blue) to tweet 😉
SVG: Pekka, thank you very much for sharing your views on the industry. I really appreciate that. Now shifting gears to what’s happening at F-Secure and since you are a part of the leadership team, you are best placed person to talk about it.
We just spoke about how SMEs should look at security very different to the larger organisations. So tell me a little bit about what’s happening at F-Secure. Is SME a part of your agenda?
PU: Of course for the company F-Secure, big portion of the revenue comes from the great ISP, the Internet Service Provider business where we basically address the consumer market space with security. Then of course is the great side of mind which is the B2B security and definitely there the focus area is on the SMEs. Not necessarily fair to say what is the exact seed amount we spot for the setup because it quite differs or I would say the more relevant attribute is basically the business model or the operational model of the company rather than the exact seed size. But basically the asset or discussed earlier the Security as a service, as a concept is not only a big belief but is basically what we witness to happen there in the market. Also we are working our own metrics, Key Performance Indicator (KPIs), we see that partners who really go for the SaaS are the ones who are witnessing the highest customer key retention, customer loyalty and also are able to grow by selling more services on top of our portfolios. 
SVG: Let’s just stop there, I think you made an interesting comment about the fact that partners who are sort of selling SaaS more are selling more, is that correct? The margins are smaller on SaaS, right?
PU: That is, of course the money might actually come in quite slow or in small streams in the beginning. But by building momentum and then of course the value-go but the important point here is they enjoy a higher customer retention which means there is good value for money from the customer point of view. So it will really be a sustainable revenue stream and when you build those on top of each other not only by acquiring more customers but also selling on top that will be quite sustainable and predictable revenue.
SVG: So let’s talk two things here. These are very pointed questions. SaaS margins are much lower as compared to your on premise margins. Now is that true at F-Secure as well?
You spoke about partners selling more services on top of SaaS, what are these services and how are you really enabling your partners to offer these?
PU: Basically there is no difference in the channel marginal discount. Well, any business model you choose we’ll support you, be it perpetual, be it license yearly or monthly subscription, doesn’t matter. We fit in all of these very well. But then about your question what could be an example of a service, partner can sell on top. Of course the service, pretty much partners are selling their time where they have high margins and that’s good and that’s healthy. That’s also building the relationship between the partner and the end customer, thus hopefully impacting to a higher loyalty figures.
For example we have a feature called software update which is practically eighty percent of data breaches are because of un-updated software you’re using like third party Skype, Adobe and other examples. That is really tough for the end users to deal with and once we have it implemented and integrated as a feature or function in our solution then that is something the partner can basically build his service revenue model just by taking care of the fact that from this moment onwards there is no un-updated software on the system that you can think will hopefully last for years because the software keeps on updating itself for as many software as you have, maybe twenty, and twenty updates per year by say one hundred machines, that is a lot of time.
SVG: Let’s talk about the product footprint at F-Secure. We spoke about mobility, we spoke about cloud. How has that changed the entire product roadmap at F-Secure? Is there really a change at all?
PU: Basically well good to mention that we’ve just been awarded by AV-Test, one of the most famous independent test organization for security product capability, four times, four years the best protection award. So the end point protection is still highly relevant on PC side. That’s kind of the basics as we discussed earlier but then there is 1.6-2 times the amount of PCs which are post PC era devices yet and so you have to also protect those and for that basically we are now in the Q1, releasing the freedom for business. You might already have heard about the privacy solution we launched on the consumer side a year ago.
Now we bring the same concept with a bit different features and flavours to B2B side to basically protect the mobile workforce, where they go and while they work from the lobbies and the airports accessing their corporate data and what not. Altogether, making this together so that again it is something one as a partner or idea can manage from a single user interface, from a single user experience to make it happen. Then of course the servers still do exist in the companies, on the company’s premises like for emails, stories and call operations, so that’s part of the package as well and again integrating into the setup. But mobility is the way to go and as I said I fully believe in the great promise of mobility. Now we just have to make it intuitively right from the security point of view or so forth for the end users and make an earnings model for the partners.
SVG: I hear a lot of focus on the partners. You’ve mentioned partners over and over again. So is that preferred mode of go to market for across the world?
PU: We are one hundred percent channel dedicated when it comes to B2B business, so that’s the only way to scale for F-Secure size of a player and that’s why I’m here fortunately in India. We are meeting a lot of new partner candidates and hopefully we are able to on-board many of those and really service selling partners. That’s the way to go. But that’s roughly three thousand active partners globally representing F-Secure brand for B2B and that’s growing.
SVG: We spoke about metrics changing and how security is being measured and how outcomes are being measured. Now, a lot of times organizations face this problem where they actually get no hand holding from the vendor’s side to help them measure these new metrics so is there a game plan or let’s say a new team at F-Secure which is doing a bit of hand holding and helping organizations measure these new metrics?
PU: I think in today’s business models of course it’s pretty much the local partner, the trusted vendor who is the closest F-Secure representative towards the customer. Of course these are the true heroes who will then make the security or the security pay investment pay it back to the TCO and the whole service experience, the quality of service to analyse. So those are the guys I’m referring here the most.
SVG: Pekka help me understand, there’s a lots of confusion in the market with the consumer community. When I say consumer I mean the CIO community, that should I actually go in for an end point security solution? Should I actually go for a full-fledged MDM? How does it bleed into each other? What’s the difference really? What are your thoughts on that?
PU: You know the MDM, the mobile device management as a market, I see is basically the way to manage and manage mobile well but have control over the post PC era devices and then the functionality from bin locks to lock and wipes, the anti-theft application or application management, maybe even telecom expense management in the highest range of scale for example. But that is not end point security or end point protection in my books. I believe you need kind of a combination of both but the way we implement the MDM is not the mobile device management because I don’t believe that as a market it is there to stay. The things that you can do with mobile device management are still highly relevant, for example, to get a control over the fleet of post PC era devices but then the security end point, security for the post PC era devices is definitely something else. That’s a combination of functionality from the MDM side nicely bundled with the modern mobile security offering or product and that makes it relevant and only to the extent in my books that okay, with the MDM you are enabling access to those devices to do the necessary management task or jobs but I take the two as separate things, the end point protection and the management.
SVG: So it’s not an either or strategy, it’s AND strategy, right?
PU: But I still believe only with MDM you can’t protect the devices, you do need the solution to end point protection there.
SVG: In the closure, the final question really, if I was to talk about the next twelve months and how the technology roadmap would look like for you and your current job at F-Secure, what would be the key five things you would go at?
PU: We are definitely, as discussed, to get the post PC era, meaning the tablet, the smart phone, the new mobile security, the protection out there and get it really going big that I would say is not only necessary to me but it is more necessary for the end customer because that’s the fleet unprotected at the moment. Then I think we will be putting much more emphasis on the end point protection on the PC side and really make it more network forensics averse . Then we will really go beyond what we know today as the internet security class or client security class, so make it more, you can call it advanced, but I would say network forensics payload aware so we are able to play more efficiently then.
SVG: So pay load aware you mean?
PU: What’s happening there in your network or in your system, not only what’s happening in my machine but to see what’s there in the network. And to make it even better tool against the most modern malware or most modern attacks that seem to be coming in a faster cycle in all the time. But I think those end point is really the strong thought. Then of course the partner point of view, the ease of doing business because I believe in keeping the security solution intact or on par with the competition. But if you are the guy and you are easiest to do business with, then you are on the winning side always because the go to market is through the partner and it is about the relationship between us and the partner. Also, how do we make the partner to make money the most easiest way.
SVG: Interesting. I really like the point you made on end point security. Just to give you a context, we did a recent study at greyhound research and what we found out was that Middle East still hasn’t reached the cusp of mobility and probably 2015 is going to be the year of mobility for the Middle East. Hence 2016 will probably be the end point security way for the mobile devices in the Middle East for example. Thank you very much Pekka for your time. Sorry to put you on the hot seat but you have done a fantastic job. Thank you very much for your time.
PU: Thank you
SVG: Thank You. Thank you very much for taking the time out to see the video. I really appreciate your time. If you would like to learn more about our latest initiatives at Greyhound Research, please go in on our twitter and search for the #ONTrigger to find out more. Thank you very much.