Orange Cyberdefense exec reveals what cybersecurity technologies he's investing in this year
International business development boss of the €700m-revenue European giant tells CPI where he’s placing his bets in the cybersecurity space

After a year which saw it acquire two of Europe's largest independent cybersecurity companies, Orange's newly-formed cybersecurity arm will be placing its bets on three key technology areas looking ahead to this year and beyond.
In 2019, Orange became a European cybersecurity leader after forking out €515m for pan-European player SecureLink and acquiring £44m-revenue UK firm SecureData.
Now, with both firms operating under a newly-created brand in the Orange Group called Orange Cyberdefense, the €700m-revenue French cybersecurity giant will be investing heavily in nascent technologies in the cybersecurity field.
Speaking to Channel Partner Insight, Orange Cyberdefense's head of international business development, Thomas Gourgeon, said he will be looking to grow the firm's expertise in three key cybersecurity areas, both organically and through potential M&A.
Cloud security posture management
"You've seen what's happened during COVID-19 with everyone going through the cloud" said Gourgeon.
"We're going to see more move towards the cloud, that's a certainty and for us a no-brainer… People are basically working with a laptop connecting to the cloud. So we rely less on traditional datacentres, traditional intranets and therefore security needs to be handled between the endpoints and the cloud service. So this part of our service is probably going to accelerate. It was already an area of investment, but it will become even more relevant."
Gourgeon added that Orange Cyberdefense has been particularly investing in cloud security posture management (CSPM) over the last few months - mainly through working with Palo Alto and CheckPoint.
CheckPoint acquired Dome9 in 2018 - a Tel Aviv-based firm that secures multi-cloud deployments across AWS, Microsoft Azure and Google Cloud.
Meanwhile, Palo Alto made two acquisitions in the CSPM space during the same year in the shape of Evident.io and RedLock.
"It's really around the topic of providing visibility on your security posture within Azure or AWS, for instance. So here we are working on a nascent topic with well-known leaders in the market," Gourgeon added.
OT Security
Large-scale cyberattacks such as WannaCry, NotPetya and Industroyer crippled countless businesses when they hit in 2017, causing many to wake up to the need for operational technology security.
Many of Orange Cyberdefense's customers are in verticals that utilise OT - be it in manufacturing or transportation and logistics.
"These enterprises are struggling today with how to secure from a cyber securitystandpoint," said Gourgeon.
"All that infrastructure has become more and more connected using the internet, and sometimes organisations don't even know that it is. They will have third-party machines that are managed remotely by the vendor, then they will have contractors and a number of people who will be working in the factory and that only increases this connectivity.
"That opens backdoors into the environment of the factory. And this is something that gains more and more visibility and attention because of what we saw in 2017, where cyberattacks took down whole production chains."
Gourgeon said Orange Cyberdefense is investing in OT security, asset discovery and detection with vendors including CyberX, Nozomi and Sentryo - the last of which was acquired by Cisco last year.
Managed detection and response
This is an area in which Orange Cyberdefense has been investing in for several years, but remains a key pain point for its customers.
"Our customers are struggling to hire and retain the right skills and expertise and therefore, if they can find things to outsource to a trusted partner like us, they will be able to focus smaller security teams on the right topics," he said.
Gourgeon said Orange Cyberdefense has formed relationships with emerging vendors such as Cylance, SentinelOne and Cybereason in order to deepen its expertise in endpoint detection and response technologies.
He added that deception technology will another key area of interest, and recently signed on with Attivo Networks so it can start offering this honeypot solution to customers.
How will cybersecurity needs change post-COVID-19?
With many businesses currently in the grips of a global pandemic, forcing employers to ask their staff to work from home, many are beginning to predict that COVID-19 will bring a permanent change to how we work, and the technology that enables us to do so.
Gourgeon said that what businesses require from their cybersecurity provider will undoubtedly change once the crisis passes.
"I've seen a funny tweet which asks ‘who has made digital transformation a reality? My CTO, my CEO or COVID-19," Gourgeon joked.
"But it's quite true. COVID-19 has made digital transformation a reality, and there's no way back from that."
"In France, there has always been some resistance [to working from home]. Now with the crisis, we have demonstrated that it is possible to work from home and remain efficient. Maybe some people will argue that they're actually more productive when I'm at home than when I'm in the office.
"I think this has changed the perspective of a number of our customers who were maybe a bit cautious about working remotely. It has maybe convinced the last people who were against that trend."
Gourgeon said context-aware security technologies will become more vital as working remotely becomes more generally accepted.
He said new models such as Zero Trust will become more prevalent in a post-COVID era.
"Maybe you want to rethink the way you grant access to sensitive applications in the work from home context. Maybe you want to make sure that somebody who is connecting from a public WiFi hotspot into sensitive applications does not have all the rights or the credentials that he would have when is connected from the office with a proper laptop.
"So I think context in the world of security is probably going to be another area of investment on our side."
Watch out for our full write up of our chat with Thomas Gourgeon as he lifts the lid on the integration roadmap for SecureLink and SecureData, raising awareness of the new Orange Cyberdefense brand and what the future holds
More on Managed Service Provider (MSP)
US services giant Ensono bought in PE sale for a reported $1.7bn
Private equity firm KKR buys partner last acquired in 2015 for just $190m
Three things we learned from Dustin's Q2 results
We dissect the details of the Nordic reseller’s Q2 figures
Dustin snaps up largest reseller in the Netherlands for €425m
Swedish reseller says Centralpoint acquisition will raise turnover to approximately €2bn
US MSP leaders from Verteks Consulting, Assured Data Protection and Iconic IT confirmed for CPI Inside Track US
CPI to hold virtual MSP event on 22 April, bringing together channel leaders from across the US managed services market
Proact buys Swedish partner Conoa to develop new cloud services
The transaction is expected to add around €8m in annual sales for the Nordics systems integrator
More news
CPI MSP Inside Track US event to go live next week on 22 April
Confirmed MSP leaders from across the United States will discuss what forces will shape the managed services market in America this year
Canadian cloud specialist buys AWS partner in European expansion
The deal will allow the cloud provider to grow its global presence
Asana formally launches partner program
The software vendor claims its taking a 'quality over quantity approach' with new channel engagement strategy, which launched this week
3D printer industry hard hit by COVID-19 - Context
Channel analyst says a strong rebound in China’s domestic economy was not enough to overcome a difficult year