The latest insights from your peers on the latest in Enterprise IT, straight to your inbox.
Transforming a hardware-focused network security business to a SaaS mode is not easy. Here’s how one CIO says it can be done.
By Naveen Zutshi, SVP & CIO, Palo Alto Networks
When our new CEO arrived two and a half years ago, he decided that we needed to accelerate our move from hardware-focused network security business to protecting the customers in the cloud and securing their future with machine learning. Most of our customers and prospects were in the midst of moving their businesses to the cloud, accelerating digital transformation, and increasingly consuming SaaS-based services, and we needed to secure them in all these places. In addition, we had to transition from our product and go-to-market as a network security centric company to an overall cybersecurity company with multiple product lines, many of which would be delivered over the cloud as a SaaS service.
These changes wouldn’t be easy. Not only would we have to change the company’s culture, learn new skills, and roll out new software, but to stay competitive, we would need to pursue an aggressive program of acquisitions to complete all this work at an accelerated pace.
Other large firms that had made their transition to the cloud were all pure software companies that shifted from selling on-premise software to SaaS. We knew this transition would be more difficult for us, given that we develop both hardware and software, and that in addition we had to shift our hardware business to a subscription model.
Not surprisingly, the pace in the IT department has been unrelenting over the last two years. Overall, it’s been a challenging transition, because we are in a sense changing the wheels on the running train while also laying down new tracks. Generally, you do one or the other, but we have had to do both at once.
Challenges and Opportunities
Among other things, we have moved many of our internal systems to public cloud, and migrated our custom development from one platform to another set of platforms. We also had to change our go to market systems, especially in the areas of subscription quoting, subscription billing, and creating our marketplace.
Much of this work has proceeded quickly. When we introduced our SaaS subscription management solution, for example, we rolled it out in four months – and this is a process that generally takes 18 months. We also put Prisma Cloud, our first product, on a new subscription management system, a new billing system, a new order management system, and a new marketplace – also in just four months.
What made these projects still more challenging was that we also had to integrate our new acquisitions at a rapid pace. We have acquired nine companies in 2+ years, and in most cases we achieved our goal of integrating them into a common set of systems and processes within 90 to 180 days of the product’s purchase.
Now we are halfway done. We run only single instances of our main applications, and have common data sources and a common data lake, which enables us to go fast, gives our reps a common set of sales tools, and makes updates much easier.
The new architecture is also opening up interesting opportunities. For instance, we are now using machine learning in our Cortex product to find anomalous behavior, a capacity that we believe will be increasingly important over time. We have built a massive data lake where we are pulling in product data from our network, from all our endpoints, and from the cloud, then comparing those anomalies with each other, so that we can immediately inoculate our client against them across the board.
Without a SaaS platform, it would be very difficult to track endpoint behavior in this way. You wouldn’t be able to pool the data. You wouldn’t be able to compare behavior across customers. And you wouldn’t be able to find an issue in one place and then correct it everywhere, which is what we can do now in Cortex.
Next on our agenda is to move the remaining set of products to a more flexible pricing, consumption, and subscription model and track our businesses on an ARR/NRR basis rather than a TCV basis.
Lessons about SaaS
Although we still have a lot of work to do, we have already learned a few important lessons.
One of the biggest things we realized is that you shouldn’t try to jam a hardware business model into a software or a SaaS business model. The two models are very different: for hardware development, for example, we have thousands of SKUs. In SaaS, for each product line we have been able to simplify that structure to a handful of SKUs, which simplifies licensing, purchasing, selling, and tracking of our SaaS business.
The service component is different, too. In a hardware business, you are often providing reactive customer support – customers call you during or after deployment for issues they may encounter. In SaaS, you are focused on hand-holding the customer, making the customer successful as soon as they purchase. Traditionally, that would be done either by our channel partners, by a third-party managed security service provider, or by someone the client’s own team would deploy; in a SaaS implementation, the client can activate right away.
We have worked very closely with the product teams not only to include activation and onboarding within the products themselves, but also to streamline these processes. For Prisma Access, one of our secure access products for mobile customers and remote users, we reduced the activation steps by half in the last three months.
There’s also quite a bit of difference in how SaaS sales works – how the routes to market work, how support works, and how customer journeys are initiated and supported in SaaS software versus hardware.
With SaaS software, we can upgrade and provide new features much faster to our customers without having to do heavy product upgrades. For example, in Prisma Cloud, we are going to be introducing four additional modules. Customers have the flexibility to add these new modules in the product directly as they need them, provided they have enough overall capacity left in their purchase. It’s a different world and experience.
The biggest lesson I have learned however is that this transition is doable. It requires close alignment and partnership with the business, and maniacal execution. It needs to be a priority at the CEO level, because it is a company-level transition, not simply one involving IT or a few functions. Changing your business model cannot be a functional responsibility; it requires top-down sponsorship. But now, two years into our transition, with SaaS billings at $950 million annually, I am convinced that it can be done.
A SaaS business model is very different from either a traditional software or hardware business.
Don’t expect that it will be easy to move to a SaaS model, because those differences change all kinds of processes in your organization.
Make sure you have executive sponsorship before you begin. This is too big an initiative to do without a major senior commitment to the project.