Look at today’s geopolitical situation, modern-day warfare and risk factors, the question is how do you stop a nation’s economy? How do you paralyse a nation? It is by targeting its critical infrastructure. Across GCC, the core focus will always be in segments of energy, oil and gas, and utilities. But without a services partner to present a complete end to end product to these enterprises, the solution will not work, says Khalid Aljamed at Nozomi Networks.
Saudi Arabia, just like most of the GCC, is an energy-driven economy. Saudi Arabia is now investing in tourism and aviation infrastructure, and not just airports but also airlines. Transportation is another area where there is much progress, especially with Riyadh launching its metro project.
Nozomi Networks is focused on industrial control systems and operational technology, or OT cyber security. And the core focus, will always be in energy segments, oil and gas, and utility sector.
They are the main pillars of critical national infrastructure whether you are talking about electrical utilities, water utilities, saline or water treatment. This comprises almost 60 to 70% of the focus of Nozomi’s customers, and it is also where the government is focusing in terms of regulation and regulatory requirements.
Today, when we look at the geopolitical situation, when you look at modern-day warfare and risk factors, the question is how do you stop the economy? How do you paralyse a nation? It is by targeting these critical infrastructures.
“I would say, for the next at least two to three years, you will see a lot of vendors, including Nozomi focusing on that. You will see a lot of government initiatives addressing those areas,” says Khalid Aljamed, VP Saudi Arabia, Nozomi Networks. “We are also focusing on smart cities, transportation, aviation.”
Giga and Mega projects
When you talk about Giga projects, like Neom, you basically have a full miniature ecosystem of almost every single technology, every single use case that you can imagine out there. Whether you are talking about the infrastructure level like smart or green energy generation, recycling, drinking water, HVAC systems, smart buildings, public safety, drone systems or perimeter defence systems.
Unlike typical IT businesses or IT-heavy businesses, when you talk to oil and gas companies for example, the automation group – the people running the refinery or excavating crude oil – are at the core of the business.
It becomes a sensitive topic when you suggest that someone from IT or IT security is going to oversee their operations. From a monitoring perspective, IT teams must inspect operational systems from a cybersecurity angle – checking they are up to date, configured correctly, and aligned with standards and regulations. This may create friction between different groups.
What most companies have realised now is that the only way forward is by having champions. You need a cybersecurity champion within the automation group, and vice versa. You also need to comply with government standards, whether in UAE, Kuwait, or Saudi Arabia. Mostly companies, even without government standards, already have internal regulations to protect operations and anything that would disrupt their operations.
The next step is to create work groups of members from different business units – operations, digitisation, and cybersecurity – to produce a solution that satisfies everyone.
One challenge such teams face is differing life cycles of IT and operational systems. The average life cycle of an IT solution – cybersecurity being one of them – is five years at best. And every five years, you need a complete refresh on the IT side.
On the automation side, in an industry like oil and gas, equipment warranties and contracts often span 20 years. Their equipment runs for two decades because, because for them, availability is more important than anything else.
“That is why it is a rough and difficult journey, but companies realise it has to be done, and it is not just about cybersecurity or modernisation. It is also about how I process the massive amounts of information and generated by plants and refineries and use it to optimise operations and reduce operational costs,” says Aljamed.
One of the important solutions today is edge processing. Companies are looking at how to move away from centralised data processing. Instead, they aim to keep data at the edge, in the refinery or at the site, and use it for data analytics. This includes building data lakes and conducting cybersecurity analysis onsite rather than centrally.
OT decision making
With most CISOs, CIOs, and other technology and cybersecurity decision-makers, there are multiple levels of conversations. When Nozomi talks with IT security teams, Nozomi talks about their requirements and expectations from a cybersecurity perspective and how this helps the operational team.
When Nozomi interacts with the operations team, Nozomi talks about how these efforts will help them from an operational perspective, and what cybersecurity means for them.
“Nozomi sits in the middle, translating between these two different languages,” says Aljamed.
As a vendor and technology provider, Nozomi is positioned to help CISOs and CIOs jump two steps ahead without reinventing the wheel. Nozomi can share experiences of other customers. The vendor can help clients skip a few steps by sharing what worked and what did not, instead of customers taking the full journey.
With regard to technology spin-offs from within large enterprise, this is part of a long-term strategy for many multinational corporations.
This helps significantly, as the IT spin off arm acts as an unbiased consultant for the parent company. This makes it easier for Nozomi as well because there is now an in-house, trusted advisor within the enterprise. This is a healthy approach, as these mega-large customers are not just buying technology but also investing in it by developing in-house capabilities that they own and control.
Smart cities are at the top of Nozomi’s preferred list. Faster traction is happening in Riyadh because project delivery times there are quicker. There are also developments in Jeddah, Makkah, and Al Khobar, which are mini smart cities. While they are not at NEOM’s scale, their smaller scope allows for faster turnarounds.
Adoption of operational security is also happening within critical food and beverage sector, which is leading the adoption. Large companies producing dairy, bread, staple products, which supply food not just to Saudi Arabia but across GCC and Middle East, are implementing cybersecurity measures for their industrial IoT and OT.
However, vendors need to do more to raise awareness about its importance, and work closely with regulatory bodies to help simplify the adoption journey.
Go to market
“During conversations with enterprises, Saudi Arabia is a little different compared to other regions,” explains Aljamed. At the start of the conversation, it might be Nozomi Networks leading the discussion. But as the project advances and other products like SIEM, firewalls, network access control, or data lakes comes into the mix, the alliance partner, system integrator, or service provider takes over both the discussions and the service delivery.
Nozomi Networks is a solution provider, not a services provider. Nozomi puts the solution ahead of the service. Nozomi provides asset visibility, vulnerability management, asset discovery, and are all designed to be part of a larger ecosystem.
Nozomi Networks has one unique advantage: from its inception as a company, it was channel-first. When it comes to the Big Four consultancies, they are partners of Nozomi Networks and are Nozomi certified. Global system integrators are also partners of Nozomi Networks.
“Without a services partner to take solutions like ours, and present a complete end to end product to the customer, the solution will not work,” says Aljamed. “That is why we work with consultants like the Big Four, work with global system integrators, work with local system integrators, and service providers. They are subject matter experts, whether it is aviation or oil and gas.”
For Nozomi, it is a mission statement to work with them as the lead and as long-term partners. If they initially need guidance, Nozomi will guide them, but Nozomi expects them to eventually take over and drive the solution themselves.
“This is also what customers want in a long-term strategy,” says Aljamed.
If the customer wants to work with a non-Nozomi partner, Nozomi actually goes out of our way to make sure they are trained and enabled, because Nozomi want the best partner for the end user, and not the most loyal Nozomi Networks’ partner.
“Our concern is whether that partner is the right fit for the customer and for the technology the customer uses,” continues Aljamed.
With regard to the pricing and SLA provided by the channel partner, Nozomi believe it depends on the size of the project. Some projects are complex, requiring a five-year engagement. Some projects have a very quick turnaround. Nozomi does not dictate the financial terms of the contracts to channel partners.
