2005 article on Keith Glennan

2005 article on Keith Glennan

https://www.crn.com.au/feature/profile-keith-glennan-ceo-network-box-22064/page0
Profile: Keith Glennan, CEO, Network Box

By Darren Baguely
This article appeared in the Issue 165, 7 February 2005 issue of CRN magazine.

The industry veteran and start-up man places his bets on a box with legs. CRN chats with Glennan about his offering to the security channel.
By its very nature, IT is disruptive, but every now and again a new way of doing things comes along that turns everything on its head.
With the introduction of managed security appliance Network Box, co-founder and CEO Keith Glennan may have, in the words of a competitor, "screwed the market for everyone else".
However, the Network Box solution offers hard-pressed resellers and systems integrators a way to meet the security needs of their customers without having to build expensive security competence and infrastructure.
Today, Glennan and his company sell the hardware, software and security service under a service fee arrangement. It incorporates antivirus, anti-spam, VPN, web content filtering, firewall, intrusion detection and system reporting -- in one unit.
Glennan could be classed as an IT veteran. He kicked off his IT career with the completion of a Bachelor of Applied Science, majoring in Computing, at the Chisholm Institute and RMIT.
Starting at Hewlett-Packard in 1984 doing software development, he stayed there for several years before moving to IBM. After two years with Big Blue, Glennan freelanced for a couple of years before teaming up with Andrew Tune to form the Technix Consulting Group.
The pair ran Technix for about eight years, transforming it from a programming outfit doing specialised networking, Unix kernel research and device drivers, into a consultancy offering a range of security and systems integration consulting, before selling it to ASX-listed company eSec in early 2000.
Glennan stayed on as Asia Pacific general manager of consulting for two years before taking a six-
month sabbatical. It was while he was holidaying in Hong Kong that Glennan met an IT consultant, Michael Gazeley, who, with his partner, had essentially been doing in Hong Kong what Technix had been doing in Australia. After they had been talking for a while, Glennan decided he wanted to have a closer look at Gazeley’s current project.
"In the end I bought a Network Box on the spot -- the company had been going for about 12 months at that stage -- brought it home, pulled it apart, did penetration testing on it, all sorts of things," says Glennan.
He and Tune decided the Network Box had legs and a new company was conceived in October 2002.
Between Technix and a New York-based company he had been involved with in the late 1990s, Glennan was no stranger to start-ups, but he was somewhat surprised by the mixed reactions he received from the channel when he started to talk to potential resellers about Network Box.
"There are organisations out there who we are now having discussions with and they are now quite keen, but two years ago they wouldn’t have spat on us if we were on fire," says Glennan. "We were a little bit surprised to say the least."
"We didn’t go out to make a big splash but we started to put the feelers out there, speaking to a number of resellers, and said, 'This is what we’ve got, how does that fit in with what you’re doing?' We got mixed responses."
While some resellers did not quite understand the concept, Glennan found the most disturbing response was that some companies, rather than challenge the status quo, were more interested in getting as much money out of the prevailing business model as they possibly could.
"One of the most amazing responses was a large integrator that said, 'We know that what you’re doing with Network Box is where the market’s going to go. The problem is that clients are paying really good money for us to put point solutions in and then do the systems integration. Not only do we make margin on all the products we sell, but the ongoing management is a nightmare, the clients know it’s a nightmare because there are so many disparate platforms involved that they expect
it to be expensive'," he recalls the integrator saying.
"'If you come along with some much cheaper and ultimately a better solution it’s of no value to us because we make less money out of it'," the integrator said.
Glennan got this sort of attitude from all sorts of companies, ranging from suburban tier-two integrators right up to the largest Australian and international players.
When he actually pointed out to a couple of the companies that this was an incredibly short-sighted approach he was amazed by the response.
"A couple of them agreed it was short-sighted but said they’re going to make hay while the sun shines." One large company in particular is still holding that position because it has long-established relationships with big vendors.
To be fair, a disruptive technology like Network Box is a bit a mind shift for resellers and systems integrators that have worked with the best-of-breed model for almost a decade.
"Everyone who has been doing security has been brought up on the notion of individual vendors specialising in one thing. You get antivirus from one vendor, firewall from another, content filtering from another, and you get a systems integrator to make them all talk to each other," says Glennan.
To a large extent, this approach is just symptomatic of the way security threats have developed. Today’s security situation did not appear fully formed but started with boot viruses and as IT technology matured and became pervasive, the threats multiplied. Ironically, to sell companies on his
new baby, Glennan had to do what the channel hates most, sell Network Box direct.
Apart from the resistance of those resellers who wanted to maintain the status quo, Glennan found the initial response from the channel was ‘who are your clients?’
"Then we’d say, 'We’ve just started in Australia but we can tell you who our clients are overseas'," says Glennan.
"Pretty uniformly we were told, 'We’re not interested, and if we’re going to go and sell this to our local clients we need to know who’s doing it locally'. So we spent 12 months getting direct clients and we targeted high profile organisations like Toyota, BMW, Boise Cascade and Nintendo. A lot of them took a while to make a decision but we knew we needed to get a stable of big clients to give us credibility locally so that we could go back to the channel."
While there was some appeal to staying with the direct model, once Network Box had some runs on the board Glennan went back to the channel because it offers priceless advantages over a purely direct model.
"In some senses going direct can be more appealing but the reality is that when it comes to security, a lot of organisations don’t implement anything until something goes wrong, or someone they know gets hit," Glennan continues.
"When that happens, often the first port of call is someone with whom they’ve already got an established relationship -- their systems integrator. We can’t physically get in front of every potential organisation that would be a candidate for our solution so the channel is essential to us for that reason."
Network Box also recognised that there had not been any type of managed security offering put through the channel that afforded the company a major opportunity.
"Sure, resellers can sell a firewall and get an annuity on the renewal maintenance fee, but it’s pretty slim pickings," says Glennan.
Network Box’s model offers resellers the chance to go to market with a managed service that gives them annuity business while keeping the client in-house.
"If a client says to their reseller, 'We want you to manage this firewall for us', a lot of resellers just don’t have the expertise, and if they try and learn it on the job, they’re effectively experimenting on their client’s network."
That leaves them with two choices, says Glennan. "Do it anyway or get someone in who can and risk a competitor getting the foot in the door with the client.

"So a lot of resellers have said it’s a great solution for us because they can control the client interface in terms of the requirements analysis, maintaining the relationship and doing the installation."
Because many resellers lack sophisticated security competence, Glennan has developed the Network Box model so that they are guided through the requirements process.
"We have an accreditation process and we teach our partners the sort of questions they have to ask. After going through a long questionnaire with each client, we collect the information and the reseller can install or have us install it. The reseller can do first level support, we can pipe the data to them or they can get the reports which both can give a really good view of what’s happening on the client’s network.

"But ultimately the client is getting a managed solution. They can pick up the phone and get a change done and the client and the reseller know that the security is managed by someone who lives and breathes this stuff, does nothing else and is an expert."
Although the channel has been fairly enthusiastically picking up Network Box -- 17 partners achieved
level one certification in just four months last year -- the model is still striking some resistance, partly from negative perceptions of first generation security appliances and also from entrenched
self-interest.
"The early security appliances were pretty bad," says Glennan, "but to be fair, where stuff is built into the firmware, keeping everything up-to-date is a difficult problem to grapple with.

"There has been and still is some resistance to the notion of a single box that can protect against a multitude of threats but that thinking has been driven by the point solution vendors who argue that you can buy a box that can do all these things but won’t do any well.
"And in the early days I think that was a valid criticism but now that a lot of the hardware out there is becoming increasingly more powerful, the bang for buck is just getting better and better, and people realise that going down the integrated best-of-breed path is hideously expensive, not just to install but to maintain as well."
While Glennan recognises there may be some environments that are so complex that they demand the best-of-breed integration approach, he also believes that some IT managers artificially increase the level of complexity because it looks good on their resume.
"There are purists who say, 'Let’s pick one solution for every part of the problem', and I do think that has its place -- extremely complex or heterogeneous environments or where it’s driven by integration with a third party or where there’s a particular regulation, some particularly difficult requirement," says Glennan.
"Unfortunately we see a lot of clients generating almost artificial requirements for complex solutions driven by what people want to put on their resumes. Some IT managers will say, 'That’s an interesting technology, I think it might go somewhere and if I spend the next six to 12 months dabbling with that I’ll command 20 percent more next year. That’s not restricted to the IT security area but it’s probably as prevalent here as anywhere else."