Into the cyber-way fray: RedShield
SAAS with a twist helps RedShield stand out in a tough global market niche. Concentrate talked to Founder and CEO Andy Prow of RedShield, the company that won both the best product and best service categories at the 2017 New Zealand Hi-Tech Awards.
If you were choosing a global market niche to target, cyber-security would have to be one of the hottest, but also the most competitive. So fraught has the security of our digital systems become, that the United Nations recently added ‘cyber’ as the fourth domain of war after land, sea and air.
Into this battle has waded Kiwi tech company RedShield, taking a highly innovative approach to help distressed businesses while differentiating themselves in a crowded market.
RedShield describe their offer as ‘web-application vulnerability remediation as-a-Service’. Customers pass their web-traffic through RedShield’s online service, which ‘shields’ any vulnerable applications.
At first glance, this sounds a bit like a fancy firewall for large companies. RedShield understood that they needed to offer something more, characterising their offering as “software with a service”, says founder and CEO Andy Prow.
“Most SAAS (software as a service) is accessibility and licence, you buy and you drive it. If we took the same approach with RedShield it wouldn’t work, there needs to be an expert component for RedShield to go live and stay live. Without the service, we are just another cyber-security tool that a customer isn’t really getting enough ROI (return on investment) from because they don’t know how to apply it.”
Gartner recently pointed to application shielding as one of the biggest problem spaces in the cyber-security area, says Andy, validating something they identified over six years ago. “The cyber-security space in the US and UK is becoming bigger every day, in New Zealand it’s a problem but the level of attacks isn’t the same – the fraud claims, the amount of data stolen simply isn’t at the same quantum.”
“Complex enterprise applications are a slow-moving beast battling against a fast-moving attacker (cyber-threats). A new threat comes out and you have 20 million patient records at risk, and you’ve been told it will take a year to fix it, what do you do?”
The value proposition is clear. “It is a rapid remediation service which is attractive for a large company that has software vulnerabilities and the fix in terms of development is significant – it might not even be quantifiable – but the application is very important. Shielding first can allow them to fix the problem.”
RedShield’s potential was acknowledged in December 2016 with a Series A funding round of $NZ 6.2 million from Sage Technologies Ltd, a vehicle of prominent investor Harald McPike.
Andy says there are more than 3000 applications protected by the Shield – including mission-critical type systems such as customer management portals, airline booking and internet banking systems. The RedShield solution is protecting these applications while RedShield experts are also monitoring all the time, looking for irregularities.
In contrast to many Kiwi exporters, RedShield are very focussed on using channels to take their offering to the large, conservative enterprises they target. “Channels are a force multiplier for us, our team are high end security experts. These partners do a lot of pre-qualification – they have the sales, the marketing team, customer relations. We focus on the hard-core software dev and shielding part of it.”
Andy says that while they work with any organisation in New Zealand, they take a much more selective approach offshore. “In the US, we are much more focussed – we only approach companies with incredibly valuable applications with known security flaws. They’ve might have been breached, or failed a security audit. We come in as the rapid remediation service.”
RedShield have been strategic about the partners they work with, selecting those with a strong existing position in the market. After securing an agreement with Connect IT in the USA in March, RedShield recently announced a deal with BT Global.
In classic Kiwi entrepreneurial style, RedShield are also prepared to back their capabilities in a sales situation. “We think the cyber security market is full of snake oil. We tell the prospects we target to give us your biggest problems and 48 hours, and we’ll show that it works. Others aren’t that transparent.
“It fits with our rapid remediation value proposition, it’s a bit of shock and awe approach which tends to deliver our biggest deals.”
Andy says once secured they are also very transparent in the way they manage a client’s shielded applications. “We do a lot of reporting on what’s happened and what problems are being avoided. We tell them how we’ve prevented known vulnerabilities. A trusted partner gets us in the door, and then we have to prove our value.”
RedShield go against the trend, with only 30% of Kiwi companies using some sort of distribution strategy, according to the annual Market Measures study of sales and marketing by hi-tech companies. The same study associated using channel partners with higher growth.
Andy says differentiation is at the heart of this. “One of the barriers for Kiwi tech firms is being able to differentiate. If we compete in the US and UK on size, the competitors win. We can’t compete on size, sexiness of marketing message or on price. Our differentiator must be around innovation and uniqueness.
“You need to focus on a really specific customer problem, in our case highly vulnerable applications they cannot fix – we are a strategic wedge by our partners as shielding high value apps can be a differentiator for them.
“If you are just a Kiwi business chucking something else in the reseller’s catalogue– you’ve lost. You need to understand your market well.”
Patience and care is also important with channels, he says. “For our biggest partner in the USA, it took us a year. We’d met them at events, we presented at conferences on our security research. All the way through we focussed on being unique and innovative. You don’t want to sell to a global reseller based on a margin deal – it doesn’t stack up for them – they wanted us because it is strategic and sexy.”
Andy’s advice to other Kiwi companies is to really understand their target market and how they can deliver a unique value proposition. “Do as much research to be the thing that people can’t live without. Understand the customer problem, then treat the channel partner as another one of those customers.”
On New Zealand’s Hi-tech Awards, Andy is bullish. “They are bloody gold dust; the team loves them. It’s good for your hiring perspective, we have a shortlist of people wanting to join, which is unusual in our industry.
“In the US, New Zealand is seen as a place that can produce niche, epic things (the Americas Cup being just the latest example) – so when you come out with an award from here it is highly credible.
“The New Zealand story is also strong– we care as a country, we are trustworthy and open, we care for the environment, we are innovative – within cyber security particularly that is useful. I happily overplay the New Zealand Inc story,” says Andy.