THE CHANNEL Dec 2017

| Channel Issues and Advice |

Contents

1. SLA – Senior Level Advisory – Claranet

2. Key Announcement implications – Business Security: Always a Journey…

3. In Depth Focus – McAfee Labs 2018 Threats Predictions Report

4. Financial Rou nd up – Avaya, Brocade, Ciena, Cisco, D-Link, Mitel, Nutanix and Symantec

This Service has been designed specifically for Senior level Channel executives. It provides guidance and highly strategic advice on the channels focussing on the issues of which Senior Channel Executives should be aware. It will guide the management team on the impact of competitor announcements, insights into the market, brief focus on services sub-segments, value stack, vertical focus and Key Director Messages.

1 SLA – Senior Level Advisory

Claranet

Charles Nassar moved to England from Paris when he was 17 and used

his own money as well as funding from friends and family to start Claranet in 1996. The original mission was to offer easy access to the internet. It now employs over 1,800 staff with operations in 8 countries

Financials

Revenue and Adj EBITDA £250.0 M €100.00 M £216.5 M

£200.0 M

£152.5 M

£150.0 M £133.3 M £125.9 M Charles Nasser €50.00 M Founder and CEO £100.0 M Revenue Revenue £M in £38.7 M Adj EBITDA £M in £50.0 M £29.4 M £23.0 M £24.0 M

£0.0 M €0.00 M 2014 2015 2016 2017

Source: Company Financial Results Year end: 30 June

Geographical Footprint Claranet provides

Nigel Fairhurst, CFO network, hosting and managed application services in the UK, , , The , , , and . Claranet has grown its business through a number of acquisitions, including Netscalibur in 2003, via net.works uk in 2004, Amen Group, in 2005, Star Technology

in 2012 and Oxalide in Andy Wilton France in 2017 CIO Acquisitions

Michel Roberts MD Claranet UK

Key Capabilities and Customers

Cloud Premier Partner Partnerships status with Amazon For partners Claranet offers a collaborative partnership (a blended Web Services, , offering), a referral partnership (paying commission at the rate of 5 per Microsoft and VMWare cent of the annual contract amount) and a wholesale partnership (reseller/dealer agreement). Claranet is one of a few MSPs which hold a ITV, Missguided, strategic partnership with AWS, Google, VMware and Microsoft Channel 5’s Big Brother

Hosting

Peugeot, Unicef, WPA

Networks MPLS

Pets at Home, Harvey Nichols, River Island

Communications UC includes MS 365 Conclusion

Penlon, Robinsons By encompassing Public Cloud, DevOps, Security and Big Data Claranet is Relocation and Vol helping customers in Digital Transformation and facilitating partners to

guide their customers through the journey. Security Penetration and Claranet is diversifying from Managed Services via recent acquisitions. It Vulnerability Testing, added DevOps and cloud specialist Oxalide in France and, in the UK, Web and Email security and penetration testing via Sec-1. Sec-1 is one of two Security, and IT WatchGuard Platinum Partners in the UK and is also a Juniper partner. Security Training Claranet SOHO is aimed at smaller businesses and euroLAN have been Santander, Sky Bet customers since it acquired World Wide Web Services via VIA Networks. and Kier

NEXT > 2) Key Announcement Implications

2 Key Announcement Implication

Business Security: Always a Journey, Never a

Destination

Executive Summary

Businesses face an unprecedented set of information security risks in 2017. Not only are companies suffering a growing number of data breaches, but also the compliance risks are mounting. Organizations must address cybersecurity and privacy, not just because they face financial and reputational fallout if they don’t, but also because regulators can penalize them for inadequate protection.

Against this backdrop, NTT Security interviewed 1,350 decision makers in businesses across the globe to find out how they viewed information security risk, and what they were doing to mitigate it. We asked questions ranging from their awareness of compliance issues to how securely they stored their data. This year’s NTT Security report featured questions in

several key areas, including where data was physically stored, the impact of new compliance requirements, and how well businesses communicated information security policies to staff. It broadens an already comprehensive picture of global cybersecurity preparedness.

The results from the research are mixed. On the one hand, companies are making headway in the fight to secure their data. They are showing improvements in key areas, such as storing data securely, investing in cybersecurity measures and cyber insurance. On the other hand, there are several gaping holes in other aspects of cybersecurity preparedness. Companies are unaware of how or even whether security-related regulations affect them, and are still behind in the creation and com- munication of information security policies. As the stakes rise for businesses in Europe and beyond, with the impending General Data Protection Regulation (GDPR) they must bite the bullet and invest in cybersecurity. This isn’t simply a financial exercise. It also takes an inspired and engaged workforce to create a cultural shift within the organization. Cybersecurity is a journey, not a destination.

GDPR’s requirements, far too numerous to list in their entirety, include:

• Individuals’ rights to gain access to data stored about them, to transfer it to a third party, and to have it deleted • Individuals’ rights to complain about how their data is being processed, and to restrict its use • A requirement to report data breaches and a description of the measures taken to regulatory authorities within member states, and in some cases to the individuals affected • Appointing a Data Protection Officer responsible for overseeing privacy within the organization • Adopting ‘privacy by design’ to show that businesses have adopted data protection techniques within their information processing systems Flying Blind on Compliance Requirements

The research conducted by NTT Security suggests that many companies are still unaware of how much emerging security-related regulations will affect them. A common misconception of GDPR is that it only affects EU companies. This is inaccurate. It affects any company that processes data about EU citizens, and promises to have a profound effect on

organizations across the globe.

Small Gains in Secure Data Storage

Data management and storage is a particularly important issue under GDPR. One key piece of advice from the UK Information Commissioner’s Office (ICO) is for organizations to map their data assets so that they know what they are dealing with

Investing in Security

This lack of visibility isn’t creating as much concern as onlookers might expect. Companies aren’t acknowledging information security enough in their risk assessments. In 2015, almost one in five decision maker respondents (18 per cent) considered poor information security to be the single biggest risk to their business. In 2017, that number fell to one in eight (12 per cent) and took fifth place, behind losing market share to increasing global competition, eroding profits and unskilled employees

Assessing the Risk

Respondents to the survey didn’t seem to feel safer. 57 per cent of them believe a data breach is inevitable at some point. If and when it happens,

the impact will be two-fold: companies expect news of a breach to affect their longer-term ability to do business, and also to have a more direct short-term financial impact

Conclusion

Businesses are making some advances in cybersecurity. They are investing more in securing their infrastructure, and more of them are storing data securely than in the past. They believe that they can recover more quickly from data breaches, and do so with a smaller impact on their revenues. Nevertheless, there are some significant chasms to cross. Companies are still not raising cybersecurity as a board-level issue as much as they could, and they are failing to get employees on board by creating and communicating information security policies properly. And they understand that failure to patch and upgrade systems makes it difficult for them to get financial protection in the event of a data breach. Perhaps the biggest risk of all is regulatory. Until now, companies that left

gaps in their information security strategies could simply take the risk of compromise, and then cope with the problem if it arose. From 25 May 2018, they face a burden of proof. Should regulators come calling, A copy of the report, businesses must show that they have taken adequate measures under the with all the sections, GDPR rules to protect their data. If they haven’t, the penalties will be is available from swift, and severe. Now is the time to address these issues and comply. euroLAN NEXT > 3) In Depth Focus

3 In Depth Focus

McAfee Labs 2018 Threats Predictions Report

Overview

In the McAfee Labs 2018 Threats Predictions Report finds us in a highly ML Anti-virus against volatile stage of cybersecurity, with new devices, new risks, and new ML inspired attacks threats appearing every day. Having polled thought leaders from McAfee Labs and the Office of the CTO it offers their views on a wide range of threats, including machine learning, ransomware, serverless apps, and privacy issues

The Adversarial Machine Learning Arms Race Revs Up

The rapid growth and damaging effects of new cyberthreats demand defenses that can detect new threats at machine speeds, increasing the emphasis on machine learning as a valuable security component. Unfortunately, machines will work for anyone, fueling an arms race in machine-supported actions from defenders and attackers. Human-machine

teaming has tremendous potential to swing the advantage back to the defenders, and our job during the next few years is to make that happen. To do that, we will have to protect machine detection and correction models from disruption, while continuing to advance our defensive capabilities faster than our adversaries can ramp up their attacks.

Ransomware Pivots to New Targets, New Objectives

The profitability of traditional ransomware campaigns will decline as vendor defenses, user education, and industry strategies improve to counter them. Attackers will target less traditional, more profitable ransomware targets, including high net-worth individuals, connected devices, and businesses. This pivot from the traditional will see ransomware technologies applied beyond the objective of extorting individuals, to cyber sabotage and disruption of organizations. The drive among adversaries for greater damage, disruption, and the threat of greater financial impact will not only spawn new variations of cybercrime “business models,” but also begin to seriously drive the cyber insurance market.

Total ransomware Serverless Apps: New Opportunities for Friend and Foe grew 56 per cent in the past four quarters Serverless apps can save time and reduce costs, but they can also increase the attack surface by introducing privilege escalation, application Recent Event dependencies, and the vulnerable transfer of data across networks. McAfee interviewed Serverless apps enable greater granularity, such as faster billing for the actors behind services. But they are vulnerable to attacks exploiting privilege escalation ransomware and application dependencies. They are also vulnerable to attacks on data campaigns. One of the in transit across a network. Function development and deployment interesting findings processes must include the necessary security processes, and traffic that is was cybercriminals appropriately protected by VPNs or encryption. seemed to have a sense of absolute safety when conducting criminal operations.

Cybercrime is an area of crime like no other, perceived as low-risk with high returns, which contributes greatly to its rapid growth.

This month (Dec 2017), with the arrest of individuals suspected of infecting computer systems by spreading the CTB

Locker malware, a clear message has been sent— involvement in New ransomware families discovered in 2017. On average, 20%‒30% per month of new cybercrime is not samples are based on Hidden Tear ransomware code. Source: McAfee Labs zero-risk.as one of When Your Home Becomes the Ultimate Storefront the top As connected devices fill your house, companies will have powerful CTB Locker, also incentives to observe what you are doing in your home, and probably learn known as Critroni, is more than you want to share. In 2018 McAfee predicts more examples of known as one of the corporations exploring new ways to capture that data. They will consider largest ransomware families—helping to the fines of getting caught to be the cost of doing business and change the drive a new Ts+Cs on products or services to cover their lapses and liabilities. It’s more ransomware surge of difficult to protect yourself from these issues, and the next year will see a 165 percent in 2015 significant increase in breaches and discoveries of corporate malfeasance. as one of the top three ransomware Inside Your Child’s Digital Backpack families, and earning Perhaps the most vulnerable in this changing world are our children. a spot as No. 1 just a year later. Operation Although they face an amazing future of gadgets, services, and Tovar, in which law experiences, they also face tremendous risks to their privacy. We need to enforcement agencies teach them how to pack their digital backpacks so that they can make the took down the most of this future. The world is becoming very public, and though many of infrastructure us seem to be OK with that, the consequences of an ill-considered post or responsible for thoughtless online activity can be life altering for years to come. spreading Crypto- Locker, created a Conclusion need for more malware—CTB Locker In the corporate world, McAfee predicts that the May 2018 implementation and CryptoWall of the European Union’s General Data Protection Regulation (GDPR) could malware families play an important role in setting ground rules on the handling of both helped to fill the gap. consumer data and user-generated content in the years to come. The new regulatory regime impacts companies that either have a business presence in EU countries, or process the personal data of EU residents, meaning that companies from around the world will be compelled to adjust the way in which they process, store, and protect customers’ personal data. Forward-

looking businesses can leverage this to set best practices that benefit customers using consumer appliances, content-generating app platforms, and the online cloud-based services behind them. NEXT > 4) Financial Roundup

4 Financial Roundup

Recently Released Financials

Avaya Q417 – Revenue down 7 per cent Y on Y but up 1 per cent sequentially. EMEA was the only non-gaining geo o North America 56 (52) per cent o EMEA 24 (29) per cent o AsiaPac 11 (10) per cent o ROW 9 (9) per cent

Ciena Q417 – Ciena revenue was up 4 per cent Y on Y and up 2 per cent sequentially. The high profit was due to a reversal of a deferred tax asset valuation allowance o North America 59 (65) per cent

o EMEA 15 (16) per cent o Car and LATAM 6 (6) per cent o AsiaPac 20 (13) per cent o Packet Optical Transfer 68 (68) per cent o Packet Optical Switching 12 (10) per cent o CESD 0 (1) per cent o SW and Services 20 (21) per cent

Cisco Q118 – Cisco revenue was down 2 per cent Y on Y and flat sequentially. Categories are new this quarter: o Infrastructure Platforms 57 per cent o Applications 10 per cent o Security 5 per cent o Other Products 2 per cent o Services 25 per cent

D-Link Q317 – down 11 per cent Y on Y but up 5 per cent Q on Q o EMEA 20 (50) per cent o Americas 52 (46) per cent o Asia 4 (4) per cent

Mitel Q317 – up 13 per cent Y on Y and up 23 per cent Q on Q o EMEA 21 (20) per cent o Americas 13 (14) per cent o Asia 66 (66) per cent

Nutanix Q118 – Nutanix revenue was up 65 per cent Y on Y and up 22 per cent sequentially. Software is 44 per cent and service is 30 per cent o EMEA 14 (15) per cent o North America 68 (64) per cent o AsiaPac 27 (16) per cent o Car and LATAM 2 (8) per cent

Symantec Q217 Symantec revenue was down 17 per cent Y on Y but up 6 per cent sequentially

For Further Information, Please Contact: Keith Humphreys – Managing Consultant at euro LAN – [email protected]