Starting from the business, solve the security problems of enterprise application systems and management systems.
The security problems faced by enterprises mainly come from two aspects: one is from the outside to the inside, and the other is from the inside to the outside. From the outside to the inside, hackers are no longer limited to hacking corporate websites, but are beginning to focus on corporate business systems, encrypt corporate databases and blackmail them, and even sell corporate core data. Internally, internal ghost crimes are becoming more and more common. This kind of illegal behavior by legitimate users is the biggest threat facing companies today.
In the traditional security market, is there a vacuum based on the security monitoring of the enterprise’s own business?
Lin Sen: Yes. Because traditional security vendors do not pay much attention to the enterprise business level. Enterprise security can be divided into network security, physical security, application security, data security and other levels. For enterprises, application security is only one link of the entire security system, but we have found that this link is often overlooked by traditional security companies.
The reason for this phenomenon is simple: First of all, many security companies do not understand the customer’s own business; in addition, once security companies get involved in application security, they will face a large number of false positives and false intercepts, requiring a lot of investment Manpower and material resources solve these problems.
But for start-ups such as Security School, we must find differences from traditional security vendors. Application security is a major direction. For enterprises, once there is a problem with the core business system, the business will stop, so application security is a rigid need for the enterprise. For security vendors, this market also has huge potential.
In the past, security vendors mostly focused on security issues at the network topology level. Although customers are in different industries, the security issues they face are universal. The security school focuses on security issues at the business level of the enterprise. When the security school faces customers in various industries, how to extract commonalities from different business logic and form a more standardized security solution?
Lin Sen: Our customers do come from all walks of life, but they use the same enterprise management software. Currently, in the field of enterprise management software, UFIDA and Kingdee have occupied 70% of the market share. Our services are customized based on enterprise management software. Therefore, as long as we provide security services based on the management systems of UFIDA and Kingdee, we can reach 70% of potential customers.
At the same time, when we classify customer types, we alsoNot based on the industry they are in, but based on the brand and model of the ERP software they use.
What is the relationship between Security School and enterprise management software vendors such as Yonyou and Kingdee?
Lin Sen: We are equivalent to the security solution provider of enterprise management software vendors, and our products can be regarded as security patches or defense tools based on enterprise management software. We will not replace ERP, we are the protector of ERP.
Will enterprise management software vendors build their own security teams in the future? Will the security faction conflict with them?
Lin Sen: Many investors have indeed asked this question. Most traditional ERP vendors are not involved in security services for three main reasons:
First of all, traditional ERP vendors focus on corporate business issues, while security is relatively independent and professional, and traditional ERP vendors have limited accumulation. Secondly, in the ERP field, security is a subsidiary product that cannot directly create value for the enterprise. Finally, if traditional ERP vendors do their own security services, it may give customers the psychological hint that “the product is not safe enough”.
Therefore, traditional ERP vendors prefer to cooperate with third-party security companies like Security Pai to solve security problems.
Enterprise Security Hard Power: Reduce False Interception Rate
How is the latest “SECNANO” product launched by Security School upgraded from the past?
Lin Sen: Security school’s traditional solutions focus on medium and large customers, but we have found that many small and medium customers also need security services. Therefore, we launched the SECNANO product, which is charged according to the number of installations. It can be installed on servers and terminals to automatically identify corporate ERP and financial software and protect related documents. At the same time, SECNANO also has remote hosting services. Once a problem is found, the security faction will immediately call the customer to provide remote warning and support services.
SECNANO can reach a large number of small and micro enterprises through lightweight, easy-to-deliver, and cloud-based security services. We have conducted research on this market. At present, domestic head management software vendors have 800,000 small and micro enterprise customers and tens of millions of terminals. If we can eat this cityThe future will be more segmented, and GRC (Enterprise Risk Management) will become one of the important directions of the future enterprise security market. After solving traditional network security, enterprises will definitely pay attention to the business system itself and the security impact of various operations in the business system on the business and management of the enterprise.
In fact, e-commerce, finance and other industries have begun to pay attention to GRC. For example, anti-fraud and anti-wool party belong to the category of GRC. These are also problems that traditional security vendors cannot solve. We believe that the market potential of this security demand will become greater and greater in the future.
With the popularization of remote office and digital transformation, more and more companies are migrating their business online, and some sensitive information is also migrated to the cloud. The risk of corporate sensitive information leakage is also increasing . In response to this phenomenon, what is the layout of the security faction?
Lin Sen: We are also studying the next generation of cloud security products. But our view on the future cloud trend is that in the field of enterprise services, the future will definitely not be a “pure cloud” era, but a “hybrid cloud” era. Enterprises will put non-core data, such as reimbursements, video conferences, etc., on the cloud; while core data, such as finance, R&D, production management, and enterprise management, will be deployed on self-built private clouds. That is, the future enterprise environment will become a hybrid cloud architecture of public cloud + private cloud.
Therefore, on the basis of improving private cloud products, we are also deploying public cloud security products. In the future, we will still propose corresponding solutions based on enterprise business scenarios and models.