Welcome to the tech in 20 minutes podcast, where you will meet new tech vendors and learn how they can help your business. At Clark Sys, we believe tech should make your life better. Searching Google is a waste of time, and the right vendor is often one you haven't heard of before. I'm Max Clark, and I'm with Dave Nudi with Open Systems. Dave, thanks for joining.

Thanks for having me, Max. Appreciate it.

So, Dave, what does open systems do?

Open systems at a macro level, we we solve some heavy problems for the enterprise. We solve the vendor sprawl. We solve talent shortage. We essentially allow our customers when it comes to security and network operation get to desired and required outcomes in many cases and avoid having to do construction and and building silos and and empires of technology and technology management at a very high level for the mid large enterprise.

So, I mean, what what is vendor sprawl?

Yeah. When it comes to being able to execute well when it comes to cybersecurity and network management, on average, there are as many as 45 to 50 different technology suppliers in the average enterprise environment that teams within the company are then responsible for service chaining and unifying and patching together and having expertise on staff to be able to continually manage and update and evolve. And it has become it's the reason that managed services and and IT security is the fastest growing space in all of IT right now is is the challenges that are associated with that and the expectations on an individual company to execute on that are are almost completely unrealistic at this point.

So when you say, I mean, 45 suppliers in IT environment, I mean, I think, like, oh, security, firewall, antivirus, maybe you've got log you know, a centralized logging system. I mean, what are you guys actually displacing or augmenting when you say 45 to 50 suppliers?

Yeah. It's oftentimes, that's where the conversation immediately runs to in your mind is the traditional endpoint solution on preventing people from getting in at a firewall antivirus, etcetera. Really, what's happened is as companies have moved to embrace managed services, cloud services, software as a service, remote users as opposed to being physically in the office especially around this point in time. There's such a diversity of endpoints that need to be accounted for when it comes to the network from security posture that that the conversation is far beyond I have a new firewall. You know, this is the sophistication of threats and the threat types that are out there now require not only to be able to to button up and secure your physical edge in your office where you have people are, but but how are you delivering that same set of rules requirement and policy to every user to every type of centralized information resource that they're utilizing without compromise.

And so when you start to try to accommodate all those variances as where user can be in the application they're trying to access, it takes a very you're why they're all excellent technologies that there's not a worthless set of of technology out there within the ecosystem that needs to be formed. What becomes incredibly difficult is is allowing those separate point solutions to see each other, share policy, make sure patching 1 doesn't break another, installing 1 doesn't doesn't open a threat for another. And so these these services like an open systems, we solve all of that. We've pre architected that for our customers. They don't have to do any of that in a platform that that not only continually manages that environment for the customer to get them to the outcomes, not the not the noise, but to where they need to be and then continually monitor and support that for them going forward.

It's if you really boil down to, you know, how a company is evaluated on their security posture, it has nothing to do with how many different boxes they can buy, how many people of diverse talents they can hire and staff and try to maintain in this day and age. Those aren't the requirements. The requirements are around protecting IP, the environment, being compliant to, you know, government and industry requirements, and delivering, you know, an efficient environment for employees to execute within. Those are the meaningful desired outcomes that we help our customers get to.

So, Armin, are you managing customer solutions, or are you replacing what they have? I mean, if I have a Palo Alto firewall, are you managing the Palo Alto firewall? Do you replace the firewall? If I have antivirus, do you manage that to replace it? Like, what does this actually mean for somebody, you know, talking to or or thinking about open systems?

Yeah. Think of open systems as, you know, we sell one product. It's the open systems platform, and this platform is in an environment that we manage. It's our cloud native environment where we have already unified, things like firewall, web proxy, email gateways, EDR, MDR, CASB, SIM, whether you know those acronyms or not isn't isn't as important as understanding that when we engage with the customer, we're not building something from scratch for them. We have already built and designed that environment to be delivered as a managed service and then also have the management and monitoring and maintenance that comes along with it.

Now most customers that we engage with have a jagged edge attached to them. They've already made a recent capital investment. They have a subscription that they're committed to living out, and so we're able to coexist with those things. So to circle back to the question, we're we're not gonna take over management of hardware that a customer already has on site, but we will provide a very clear and very valuable opportunity, a fork in the road when when something like an existing firewall goes end of life to sell our customers that you don't have to continue down that cycle. There's no reason to continually buy boxes and maintenance agreements and and upgrade rotate those out over a few years when you can implement a platform that not only delivers it as a managed service that never goes end of life and and and never becomes obsolete, but also is fully unifying that technology stack with with everything else within the security and the and the Wayne environment.

The return on investment on efficiencies and hard costs and execution, are enormous for our customers.

So, I mean, we got into this talking about vendor sprawl. Right? But ultimately, you're a security company. So your problem that you're solving is you're improving security for your customers, and you bring a lot of ancillary benefits. And those benefits are they don't have to manage multiple vendors.

They don't have to buy boxes. They don't have to integrate systems anymore. I mean, is is that correct? Am I understanding this properly?

It is. I like the way that you structure the question because because ultimately we are what we are because of our customers. This security as a service platform at Open Systems began in 1999. So when a new enterprise engages with us what they're looking at is over 20 years of accumulated large enterprise and and midsize enterprise feedback, you know, automation and best practice already fully matured in a single environment. So this started off we started off selling firewalls in the nineties, know, to global enterprises and and our customers began asking us, can we just deliver that as a fully managed service?

And so, you know, the team of, of of DevOps engineers from from open systems went to work in 99 cannibalized the hardware business and started doing firewall as a main of service. And then as that began to to grow, our customers began asking us, you know, can you do a, you know, a web proxy for us? Absolutely. We can't. Can can you do, you know, a secure email gateway?

And so thus began the the 20 year journey of continually adding in capability. And what ended up happening about 10 years ago, 10, 12 years ago is they started asking us, can you do our network routing for us? Can you do path selection? Can you do hybrid networking? We'd like to do less private network, more internet based networking because of application origins.

Can you put this capability in the cloud for us? And so we grew up alongside our customers and alongside all of these migrations where the modern enterprise executes today. So when a when a customer comes and talks to us today, we're actually this isn't a a a closed off echo chamber of what we think you should do. They're actually looking at 20 years of of accumulated best practice, fully refined, automated, and matured, and ready to go out of the gate immediately for an end customer. It's, you're almost if you've held out until today to talk to open systems, you're a beneficiary, of that result.

I don't think that most business leaders really are thinking about security in the sense of I need to replace what we already have, or we're not protected, or, you know, we already have this equipment. So what would be something for them to self diagnose or to be able to ask their teams, you know, to qualify, do we need to talk to an open systems? How would they know by looking at their organization or their their company? Like, this is something that should be addressed so they should think about.

Yeah. It's it's interesting. You and you're exactly correct. I I I love it. Just a few weeks back, we had a CSO come visit us, at our SOC in in Northern California, and and he sat in the room and he said, I have no business being in the security business.

And this person's in charge of 35,000 concurrent users. And and I asked him to qualify what that meant. He said, look, you know, and we touched on this previously a bit is is that, you know, I'm I'm not measured by how recently I bought box is, you know, do I need to buy new ones and and, yeah, how often am I patching? Those are the conversations I have in an executive level with the CFO and CEO. They they want to know and be able to see very clean desired outcomes that we are protecting our intellectual property.

We're protecting our environment, our users, and we're compliant to things like in California CCPA or GDPR and and that the way that we're executing that I have an audit trail that that in many ways, cybersecurity is an insurance policy in many ways of protection. It's it's something that's consistently working for you, but when it's working really, really well, you don't hear about it. It is is because it's it's taking care of what needs to be taken care of. So the business owner, like you said, isn't necessarily, you know, losing sleep over, boy, I really I I should go buy new new firewalls as much as it is that they wanna know that their environment and their investment is protected and they're doing it as efficiently as possible and, you know, leveraging it in a way that for us, you know, a customer utilizing us that they're, you know, we allow that midsize company to execute like a fortune 100 without having to go and and endure the expense and the time of of having to go and do it.

I mean, what what are the stakes here? What happens if if somebody doesn't solve this problem of security and, you know, continues their status quo.

I mean, it's it's devastating in a number of ways. I mean, right now, there are clear compliance requirements that if you don't satisfy them, you you will be fine. You know, so there's a monetary result that doesn't even involve being breached, but it got core responsibility to understand from a certification point that you're doing what you are required to do to protect user information, employee information, etcetera. When it comes to, you know, security itself is, you know, everyone loves to believe that the bad guys just aren't interested in me and and, you know, that's always the the one of the most painful hindsight conversations that you can have because when something's already happened, it's already happened. And that's where that kind of insurance conversation, you know, comes into play.

So, you know, oftentimes people mischaracterize what the, you know, the the bad actors are out there doing is is is bad actors are collaborating like crazy on how to breach your environment. They're working together. They share their tools online. You know, they have communities and pooling their expertise and our we have our product manager that that, put it great. He's a he's a why aren't the good guys collaborating?

Why aren't why why isn't an enterprise collaborating with someone like an open systems that's been doing this for over 20 years for thousands of deployments all around the world and you can immediately leverage that type of expertise in protection and have that ongoing as a collaboration for you without trying to build it yourself. So, you know, bad actors aren't out there. You know, the movies make it look very interesting. They're not out there trying to, you know, break into people's bank accounts. Like, sometimes I've seen you're just locked out of resources that you actually already own.

You know, how would you like to not be able to access your your customer database, not be able to generate quotes, not be able to, in the city's case, close on real estate transactions or use your voicemail system or imagine the disruption that that causes and it's it's oftentimes simple things like that because, you know, security has gone unchecked and they've allowed someone to to loiter in their environment long enough to execute something like that.

So open systems has an approach of your own platform, your own integration, your own tooling, your own intellectual property you've built. There's other security companies in the market that are integrators that they'll go out and they'll take and they'll buy the boxes and they'll help companies splice all these pieces together. I mean, why advocate for the open systems approach? Why is your way better than other ways?

We deliver it as a sole provider. So there are plenty of companies out there that will try and construct something from scratch for you and that's no different than you go in and try to do it yourself, at at the end of the day. You know, for open systems, the word unified, you know, when we use that, it's it's it you're talking about something incredibly innovative when it when you use that word with open systems, meaning that that this environment already fully exists. Like, we just want to know how to configure it for our customers on what they need at the level that they need it. But what we also deliver, and this is critical, is a cooperations model that goes along with it.

This is not configuring technology and and dumping it on-site and having a customer up and running. We are co managing that environment and bringing to the table the ongoing monitoring and support that goes along with it. With within any system, the technology alone is not enough. You are only as good as the day you put that technology on the ground if you don't have the ability to continuously monitor what's happening in the environment and take what you learn and reapply it back to the technology layer on a continuous cycle and, you know, monitoring and detection security operations center SOC that as it's called that's what that is and the only way for that to effectively, you'll be in place is number 1 it's done 24 by 7. It's being done by security expertise and that expertise is heavily enhanced by automation tools that that, you know, we hear about AI and machine learning and and those things are very real in the cybersecurity space to help security experts be able to isolate the general noise, of the environment, you know, and have those things auto resolve by automation and understand what is a unique, bad behavior, a unique occurrence on the network that needs to be contained, stopped, investigated, shut down, and then have that learning reapplied back to the technology so the next time it shows up, it can't get through.

Those are the things, like, you know, 0 day threats that we hear about all the time, that that fresh technology you just put on the ground is as good as the last software patch that was made for it, but those bad guys are collaborating on on how to get around that all the time, until you can get that next patch in place. We get to give that knowledge on an aggregate basis, and that's a that's the advantage to our customers.

So, I mean, really, what you're talking about is all of your customers benefit from all of your other customers and the experiences that they're seeing and what's happening across the entire open systems platform. So this is an aggregated, rolled up, improving everything kind of story.

Absolutely correct. And when you look at our customers, you're talking about global financial companies, your, you know, global manufacturing, pharmaceuticals, etcetera. When you see, you know, the NASCAR slide of of companies that utilize open systems, you're gonna realize very quickly there's no compromise. They're not compromising the quality of their security and capabilities by utilizing an an open system. It's actually just the opposite.

They're getting the absolute best bang for their investment by using expertise. I like putting it this way is is that for those that are out there looking to do this themselves, I have bad news for you. The best cybersecurity people in the world wanna come to work for open systems, not for you. Because as they're looking to build their value is, you know, working in this environment and bringing their talents to an environment that's that's specializes and focuses on cybersecurity. That's incredibly valuable for them.

But the good news is is that our model is designed for you to have them as a resource without having to go and try and hire it and build it yourself. It's a it's a it's a beautiful aggregate, you know, model, where all those best practices are just constantly refined.

So today post COVID, remote work and distributed workforce has become very important. It's always been important, but now it's really important, right, for everybody overnight. Do you guys I mean, what do you do in a in a for a remote or distributed workforce? Is this something that you can still protect now that people have moved out of their offices?

Yeah. I mean, so that portion of our, of our platform, we call it mobile entry point for the remote users coming in, and this is actually really a good part of the conversation. Over the last, month or so, I think we've enabled another 100,000 remote users, to access their corporate assets through mobile entry point on open systems. And here's the real key thing to this is it's not just about providing a a VPN connection for a user to dial in is that when you shift 80% of your security monitoring from what is use usually on prem at physical office or plant locations, whatever it may be. And all of a sudden, all of those endpoints become wildly distributed and the and the monitoring and detection needs to shift to put eyes on that type of traffic as opposed to the other.

That's why it becomes so valuable to have the security layer see the network layer and understand when those shifts take place and be able to to dynamically move, awareness that I have a lot more traffic coming in from users from, you know, their their living rooms and and bedrooms now than I used to. And so for us, for our customers that was seamless. There there was it's a it's a core part of what we do that we treat a user coming from their house with the exact same set of rule set and requirements as a user sitting in their corporate headquarters. You know, there's there's no difference and but that is the great challenge also is how do I have an equal identical set of rules and policy for every user coming into our most valuable information on it and that's what open system solves. It doesn't matter where the user is coming from.

It doesn't matter where the end destination is of the information they're trying to utilize to do their job. Everyone passes through the same set of of rules and everyone gets the same set of, you know, scrutiny investigation and and monitoring for, you know, nefarious bad action, bad behavior, etcetera, that is part of a SOC operation.

When you say, you know, the largest global brands and have seen and after seeing your slide deck of customers, you know, my you know, the immediate reaction is that open systems must be very expensive and that you have to be a big company in order to engage and become an open systems customer. So what does this mean actually in the real world? I mean, what what size organizations do you support? How small can you support? How do you price?

I mean, what how does this work?

We're it it that's such a great question, and it's so important that to look at this from a market level is that is that when you look at market disruption and you look at really what I consider to be the 2 bill biggest pillars of disruption when it comes to, you know, a purchase is number 1 is convergence. Service convergence is is can I deal with with 1 company instead of 15? There's obvious returns there. And secondarily is as a service. And and the as a service piece is is what I circle back to on the pricing model is that is that that's the beauty of using as a service models is that they can be scaled to your requirement.

Whether you are midsize, whether you are large global enterprise, we do, you know, directly answer the question. Our pricing is based upon users and locations. So just just by definition, we scale our service to the exact size of the customer. This is not out of reach for a customer. We usually so where we resonate best is if I had to put guardrails on it, I'd say 10 or more locations, 500 or more users, and there's some variance on the low end, and there's no caps on that on the high end in the way that we scale for our customers.

I mean, what's the pricing range? I mean, if if we're a 10 location 1,000 user company, you know, what's what's the kind of range I should be thinking about or or be prepared for?

Yeah. I mean, the other component that goes into the pricing is what are you using us for? Because we're not gonna charge you for service capabilities that we deliver, but that can range anywhere from, you know, $10 a user to $60 a user. It it it'll vary quite a bit, but I think the most important thing is that is that it's gonna be precisely right sized to the amount of services that you're using for from us and which particular services you're using for us completely configured to the, you know, the their outcome. And what's what's usually interesting when we engage with the customers, they have in their mind what it is that they think that they know.

And then when we get to sit down and say, well, here's some here's some best practices viewpoints and how we've been doing this for customers for years and the way that, you know, don't leave their mobile users behind. Don't leave an email gateway to 365 behind that we can integrate with the web proxy and and they start to discover other areas where they can get a very quick, large return on being able to, you know, you know, aggregate, you know, some of this intelligence into a into a single platform that's actually using in many cases some of the suppliers suppliers out there that they're already familiar with. We're all about that that end outcome and making sure that from a pricing and configuration perspective, it's exactly right sized to what the customer wants. We don't lose anything on price, so to speak. If you're a really small company, you're just generally have a tolerance level of willing to deal with it yourself and until you discover, you know, pain points that you just can't accommodate and we're doing some things that may move us, you know, downstream, but there are other solutions out there that, are a little lighter lifting than than open systems for the for the small business to go after.

Last question, Dave. So can an enterprise try you before signing a contract? Do you have an evaluation period, proof of concept demo? I mean, what does what does that look like from an engagement standpoint?

Proof of concept for us is standard operating procedure. Once we've identified and and it actually ties nicely into your price question is that we don't even wanna go to proof of concept until you fully understand what the what the pricing model is gonna look like on open systems because we want to go to proof of concept with enthusiasm on both sides for it to be effective and work and do what we say it's going to do, with the objective of quickly transitioning to to full deployment, because we're totally transparent on what the pricing model is gonna look like at the end of the

day. Awesome. Dave, thank you very much.

My pleasure, Max. Thanks for having me.

Thanks for joining the Tech in 20 Minutes podcast. At Clark Sys, we believe tech should make your life better. Searching Google is a waste of time, and the right vendor is often one you haven't heard of before. We can help you buy the right tech for your business. Visitus@clarksys.com to schedule an intro call.