|Home - CEO Spotlight - Jun 04 Issue
CEO Spotlight: Bill Conner, Entrust
By Angel Mehta, Managing Director, Sterling-Hoffman Executive Search
Angel Mehta: How did you get involved with Entrust?
The last assignment I had at Nortel was heading the e-business and enterprise parts of the business - so the non-carrier part of Nortel. One of the organizations we had was Entrust. We spun that out of Nortel back in the late nineties. I was Chairman of Entrust until I became a 16B Officer at Nortel, which required that I step down.. Three years ago I decided it was time to come over to Entrust again and focus on the security space.
Angel Mehta: Was it viewed as a turnaround situation?
Bill Conner: Yes, when I got here, Angel, it was $30 million of revenue; $55 Million had been spent. We had 1255 employees when I came to Entrust – now we have 503 as of last quarter. So it was a huge turnaround job.
Angel Mehta: A successful one?
Bill Conner: We recently introduced the most new products in a hundred day window in the company’s history, and we’ve enjoyed tremendous deployment of our products. We’ve had record renewals on our maintenance contracts, which showed us that people were deploying the solution and getting the value. So I’d call that successful.
Angel Mehta: What was wrong with Entrust that resulted in a ‘turnaround’ initiative being required and what were some of the major changes you had to make when you came in?
Bill Conner: The first thing was getting a handle on the financials. I joined the company in April 2001, literally a day before the earnings call, and on June 4 we had a major restructuring where, in that six weeks, we took the organization from multiple business units, and drove it to a global, functional organization. After that, it was about focus. There had been four acquisitions that were operating as separate businesses. We collapsed them into one - which literally took out 40% to 50% of the workforce. In the restructuring, we took out a lot of senior management as well as more junior employees, and we re-focused our strategy around certain key technologies. We also focused in on certain vertical markets in certain geographics.
We’ve continually refined the products to lean more towards solutions. Solutions like secure messaging, secure identity management and secure data. We’ve also overhauled the sales force itself to go more towards a solution sell. In the past security was not sold based on ROI. It was more about, ‘Mr. Customer, you had better buy this or else’…
Angel Mehta: Fear-based.
Bill Conner: A fear-based approach. What we focused on over the last three years is how to use security as an enabler, not just to keep people out, but to let people in - because businesses and government are trying to have access to content and information. They want to provide information over the Internet, or through e-mail or files and folders, and do it securely without exposing any information.
Angel Mehta: What is the single biggest difference between leading the enterprise business at Nortel and running a much smaller organization like Entrust? You grew up primarily in a large company environment, with AT&T, Nortel, etc. so it interests me how you adjusted to a smaller organization.
Bill Conner: You’re right, it was a big adjustment. When I started running the enterprise piece at Nortel there were 23,000 people in it. The day I left, there were about 12,000. Twelve thousand versus 1,200 at Entrust – that’s an order of magnitude difference.
The single biggest difference? At Nortel, you spent 80% of your time working with other organizations to make sure they understood what you think the right things are…to make sure they understand what it is you intend to do. At Entrust, I spend 100% of my time actually doing the right things. Big difference
Angel Mehta: Let’s talk about how Entrust is positioned today. What is the business problem the Entrust Suite solves for customers?
Bill Conner: Our focus in the market is a category called “Identity and Access Management”. It’s really about dealing with digital identities and digital information. Questions like, how do you know who is on either end of a digital transaction, or how do you know what the information is, and how do you protect, encrypt and manage it? That is the basis of what Entrust does and we do that across the three solutions I mentioned: secure messaging within an enterprise, from one business to another, or for enterprise or government to consumer or citizen. We deal with secure identity management from how a server can talk to a server on a Web service model, to a Web portal and how you can use Web certificates to provide a base level of security for provisioning of digital identities in an enterprise, etc.
Angel Mehta: Are you still having to put forward a ‘market growth’ effort? Or has the category reached a point yet where evangelization is no longer necessary?
Bill Conner: First, I think it’s more than just evangelization. If you look at it Angel, since 9/11, awareness about the importance of security has been raised tremendously. Most of that awareness has been around the perimeter, in terms of the number of viruses, the firewalls, and intrusion detection. I think those three areas have gone from low to high awareness, with a pretty good understanding in the marketplace.
The next wave of this is going from awareness to *understanding. Look at the number of phishing attacks that are happening today - depending who you believe, there is anywhere from $1 billion to $3 billion of costs embedded in that. That goes right to the heart of a brand, right to the heart of people’s confidence, and those are the kind of things now that you have to deal with. Authentication and authorization in a new model in this digital world.
Most of the CIOs that I’ve talked to know it’s something they need to do and have it as a high priority. The gap is, how do you build the business case and how do you attach that risk to a business risk. That’s why I’ve co-Chaired two different industry task forces. One was the Business Software Alliance with Tom Noonan from ISS who I know you’ve talked with, and most recently in the Department of Homeland Security one with Art Coviello (National Cyber Security Partnership or NCSP Task Force). I’ll put my CEO hat on and say, “\what’s my check list for information security governance? What should my Board be looking at and what should I be looking at as a CEO? What should my business units look at and what should my CIO look at?”
It’s funny because before Sarbanes-Oxley, if you had IT problems, you fired the CIO. Now, if you have governance issues, you fire the CEO! Part of what was needed was that template around information security governance that a company could use as a global template to navigate this new world that they’re into. That’s why we (on the NCSP task force) came out with the framework we have. Entrust has been using that framework for almost eighteen months and we have discovered that it is a journey much like quality was 50 years ago, Angel.