• Thomas Fetten gets to work on focusing T-Sec portfolio and charting course for growth, while looking for M&A, JVs, and partnership opportunities.
  • Key growth areas include industrial control, cloud, and consulting.
  • Regional focus is Germany, Austria, and Switzerland for now; geographic expansion planned for next phase.

Thomas Fetten

Thomas Fetten

CEO, Telekom Security

Six months into his new job, Thomas Fetten, Chief Executive (CEO) of newly independent Deutsche Telekom Security GmbH (T‑Sec), shared insight into his plans for growing the business and focusing its portfolio in an interview with Deutsche Telekomwatch.

Deutsche Telekom (DT) completed the spin out of T‑Sec in July 2020, to give the unit more freedom and flexibility to grow and strike deals through M&A, joint ventures, and partnerships and respond quickly to market changes. For Fetten, who joined DT in May 2020, that means everything is “on the table” right now so long as the various forms of deals “make financial sense for both parties”, add value for T‑Sec’s customers, and align with Fetten’s focused growth strategy (Deutsche Telekomwatch, #93 and #95).

What’s in T‑Sec?

T‑Sec comprises all of DT’s security activities, including monitoring and protecting its own networks as well as providing security services to businesses, consumers, and government and public sector agencies. For customer-facing services, T‑Sec works closely with T‑Systems, Deutsche Telekom Business Solutions, Telekom Deutschland, as well as consumer businesses across the Group. T‑Sec will continue to leverage these existing routes to market as well as expanding its own direct salesforce.

In the legal structure, T‑Sec falls under Deutsche Telekom AG, which gives the business flexibility for M&A or partnership moves and signifies that the security business is core to the entire Group, Fetten explained. Operationally, T‑Sec remains part of T‑Systems and its financial reporting is consolidated under T‑Systems. Fetten’s Supervisory Board is led by Adel Al-Saleh, CEO of T‑Systems, and the secondary board member is Claudia Nemat, Head of Technology & Innovation at DT.

T‑Sec has 1500 employees. According to the T‑Sec website, the business has revenue of more than €250m (£223m). The Cyber Defence & Security Operation Centre (SOC) in Bonn is considered the largest in Europe and is at the heart of T‑Sec’s international network of SOCs, which spans 17 locations in 13 countries, including Mexico, Singapore, South Africa, and the USA (Deutsche Telekomwatch, #90). The SOC in Bonn provides security monitoring for all DT’s internal networks, as well as security services for businesses, consumers, and public sector agencies.

Fetten, who was born in Germany and raised in the USA, brings international business and transformational work experience to his new role at T‑Sec. He cut his teeth in the corporate world at IBM, holding various positions in the USA, Germany, and Singapore. In his most recent position, he was CEO of SecureLink, one of the largest cybersecurity service providers in Europe, which had annual revenues of €248m, in 2018 and 660 employees.

In May 2019, SecureLink was acquired by Orange Cyberdefense for €515m, soon after the French operator had bought another cybersecurity service provider: SecureData. Together, the acquisitions substantially expanded Orange’s cybersecurity footprint in Europe.

Building up core strength in DACH, and where next?

Don’t expect Fetten to follow the Orange playbook and go on a spending spree to grow its geographical footprint. That’s not the near-term plan. Rather, Fetten is focused on building on T‑Sec’s market strength in Germany, Austria, and Switzerland (also known as the DACH region) and continuing to serve its clients globally.

I don’t believe that just very broad and thinly spread expansion drives value for corporations. It doesn’t”, he said. “Security is a trust business, it’s a local business, and has a human relationship perspective, and we have the strongest presence here [in DACH]”.

In his two- to three-year plan, from a regional perspective, the main growth area will be out of the DACH region to serve T‑Sec’s clients globally. That does not mean the business is retreating to its home territory. T‑Sec will continue to operate and strengthen the 17 regional SOCs.

When Telekom Security was first established as a distinct business unit within T‑Systems back in 2016, DT indicated it would spearhead work to become the “European market leader for cybersecurity” (Deutsche Telekomwatch, #58 and #59). Right now, that’s not Fetten’s mission. He said that if someone asked him if he planned to make five acquisitions in Europe to build a presence in, for example, UK, Netherlands, and France in the next twelve months, “my answer will be no”.

“I will fortify my investments in DACH, continue to serve my clients globally with the footprint that I have, and I’m not going to challenge a European leadership position right now. I don’t see the value for us in doing that.”

— Fetten.

In the next two to three years, T‑Sec will begin to look at scaling up beyond the DACH region. A natural next step would be to expand into the USA. However, Fetten did not specify where his next move would be, only to say, “I’ll leave the imagination up to you… you’ve seen where DT has grown”, and teased that maybe the business is targeting more than one region.

New contours in Europe’s cybersecurity competitive landscape

With T‑Sec focusing on the DACH region and eschewing footprint expansion in Europe, the business unit appears to be leaving openings for rivals with pan-European ambitions.

DT is clearly the 800-pound gorilla in telecoms services in the DACH region, (i.e. German-speaking Europe)”, said Rik Turner, Principal Analyst at Omdia, covering IT security and technology. “It has also had a respectable IT services business [T‑Systems] for a lot longer than most of its rivals… They’ve pulled back in the UK, with T‑Mobile becoming part of EE, and they don’t seem to be big in any other non-German speaking countries any more”.

Looking at the field of DT’s telco peers and their moves in cybersecurity services, Turner said that “Orange is by far the most serious international player in this pack, with businesses in multiple geographies”. The other notable player is Telefónica, because of its international presence and creation of a standalone security business via its acquisition of ElevenPaths, “which they then bolstered with some internal assets they already had”.

He added that “across Europe, [telcos] will all be competing with IBM, which is the big beast internationally and has a truly global message, with [localisation] and regionalisation as required. There are also multiple managed service providers and the more specialised managed security service providers in each country and region”.

Focusing on areas for growth

As Fetten reviews the portfolio he inherited, he aims to have at least 10% market share for the security services T‑Sec provides, which is his measure of sufficient market relevance. The provider will continue to grow in the areas where it is already strong, including network security, identity and access management, and managed services.

Beyond those current growth drivers, he also has several areas in his sights for incremental growth, namely security for industrial control systems, cloud security, and consulting.

T‑Sec has also discontinued some services because they don’t fit the new portfolio focus. One example is drone security, which is simply too niche for T‑Sec, said Fetten.

Industrial control systems, cloud, and consulting

The integration of IT and Operational Technology (OT) has increased security vulnerabilities for industrial companies. “We have to address the OT environment, which was never built for security”, said Fetten, noting that OT was always segmented in a different operating environment where security patches happened only every three or five years.

In OT security for industrial control systems, T‑Sec is investing heavily and has started to form partnerships to develop joint offerings and gain market knowledge, since it is a relatively new area for the business. Fetten did not name the new partners but gave a theoretical example of the power sector and potentially teaming with companies that manufacture power plant equipment.

T‑Sec is not completely starting from scratch in the industrial control space and Fetten described his growth strategy for this area as “organic, inorganic, and a partnership play”. He expects double-digit growth from OT security and is targeting more than 10% market share.

It’s an opportunity and… an obligation”, he said.

“We as DT have an obligation not only because of the investment of the government, but as a German provider to support German businesses and DACH business to secure the critical infrastructure that our whole democracy is based on.”

— Fetten.

Another key growth area is cloud security. T‑Sec is “doubling down” on cloud security to support infrastructure customers of T‑Systems that are migrating into hybrid cloud environments, as well as to bolster managed services offerings. Fetten views the cloud opportunity as filling a gap left by hyperscale cloud providers.

“[Hyperscalers] might give you the platform, but the user is left with the responsibility to configure, manage, and operate,” he said, noting that the company already provides these services and there is “exponential growth” potential.

The third area of focus for T‑Sec is consulting. Fetten readily admits that this is the one area where the unit is not going to achieve 10% market share in the short term, because that would require a huge step‑up in scale. There are security advisory services embedded in some of T‑Sec’s customer delivery teams, as well as a dedicated unit, and Fetten wants to grow those capabilities in the portfolio.

“Clients want a trusted advisor to help them understand and make sense of the complexity of cybersecurity because the attack vector is no longer just the network.”

— Fetten.

As T‑Sec looks for M&A and partnership opportunities, any activity is likely to be in the areas that Fetten flagged for growth. And it appears there are no boundaries around the possibilities, so long as the relationships are focused on delivering customer value. There could be tie‑ups with manufacturers in the industrial control space for OT security or hyperscale cloud providers for cloud security. For managed services, Fetten is naturally talking with all the usual suspects, whether it is Fortinet, Checkpoint, Cisco Systems, IBM, or Palo Alto (Deutsche Telekomwatch, #93 and #98).

“We know exactly where we’re going, we know exactly what clients we want to address, and we know exactly what area of growth we’re expecting. And now we’re looking for partnerships, M&A, joint ventures, and everything else … to drive and accelerate the portfolio.”

— Fetten.