Govt spending billions on cybersecurity solutions to protect critical infrastructure

Cybersecurity threats are rising each passing day in India with many nation states mounting attacks on critical infrastructure of the country. Recent attack on All India Institute of Medical Sciences (AIIMS) is an example of the threat level that the country is facing as of now. As a result, the government agencies are spending a lot on cybersecurity solutions. Similarly, the awareness level among private enterprises is also rising. In a conversation with the Bizz Buzz, Harshil Doshi, Country Director (India) of global cybersecurity firm, Securonix said that its solutions are getting wide adoption in the country. The cloud-based solution provider counts BFSI as the major vertical in the country apart from digital native enterprises. The company has many marquee enterprises as its clients and is confident of bagging more such clients in coming quarters. With regard to growth moderation seen in the cybersecurity segment, he said that the period of hyper-growth may be over but growth will continue as organisations see cybersecurity as an area of critical investment. The company, which has two technology centres - in Bengaluru & Pune, said that it is driving many innovation from these centres. He also said that with 55 per cent of its employee base in India, the country is one of the most important centres for the US-based firm. He said despite taking a pause on hiring, it will continue to add headcount as demand improves

What are the key differentiators of Securonix as compared to its competitors in the cybersecurity market?

Usually, in cybersecurity firms, you provide some information to the system, it has some policy engine and if the data provided violates those policy engines, it will highlight those data points. In Securonix, we collect all activity data points including from servers, humans, end points, mobiles and others and we run artificial intelligence (AI) and machine learning (ML) over it. We understand the behaviour of the users or entity or entire organization. That helps in understanding the security anomaly. That is how, we are different from legacy cybersecurity solutions. We curate the information available to actionable insights saying this is exactly happening and these steps should be taken. So, it becomes easier for the security analyst to go ahead and take the action. This space is called User and Entity Behaviour Analysis (UEBA). This is absolutely real time. We collect tera bytes of information from organisations every single minute and run machine learning on the top of it. Our system enables early warning even before the anomaly turns into a full-fledged threat. We don’t allow that anomaly to turn into a full-fledged threat. We use machine learning to understand the aberrations or outliers from a regular activity. If the risk score breaches certain threshold, then the action is taken. So, enterprises turn from reactive to being predictive through adoption of our system.

How many technology centres are in India of Securonix? Can you throw some light on the employee count?

From an engineering perspective, we have two offices- one in Bengaluru and another one in Pune. We have around 400 people that include engineering and other staff. Typically, we get good technical talent in these two cities. The reason for having two centres is that we want to diversify our talent base. In Pune, we get more senior level people, while in Bengaluru, we get more technology talent, who are relatively young. Even in technology terms, we have more big data resources in Bengaluru; while we have more cloud knowledge in Pune. India has 55 per cent of global employee base of Securonix.

As far as employee count is concerned, most cybersecurity companies are optimizing the headcount. So, we are not actively hiring for now. Once we see the demand improving, we will start hiring again. Profitability is something, everybody is looking at. We were a growth-focussed company till now but we want to focus on profitability now. That is why we want a lean and thin organization.

How you handle the clients’ data, especially business sensitive data points? Can you throw some light about the safety and security of those data?

We don’t collect any business sensitive data. What we collect, are activity logs. It doesn’t collect any sensitive information. From the entire system, we collect the activity and then run machine learning. So, we don’t collect any sensitive information. Secondly, even if we are a cloud-based solution provider, the data stays in India. So, even if you provide us the information, it is in the physical boundaries of the country, which means the local laws are applicable. From compliance perspective, data privacy perspective and data residency perspective, we are fully compliant. In India, we are collecting 40 tera bytes of data every minute. So, that’s the kind of scale we operate in. We have many marquee enterprises as clients who have adopted our solutions. We participate with around 20 system integrators (IT firms) in India. Firstly, we have a direct sales model and secondly, we collaborate with system integrators who take our solutions to their clients.

Cybersecurity players have seen rapid growth during the pandemic. Has the pent-up demand waned now or is still intact?

Hype-cycles keep on happening. During that phase, rapid growth will happen. But, growth will continue to happen due to the tech-refresh cycle that keeps on happening every few years. In India, we are a cost centre. We invoice our quotations in US dollars. Since a lot of things happen in engineering space in India, we get tax benefits.

Can you give us some views on which are sectors you currently have a strong presence? In which sector you have strong expertise?

Anybody who has identified cybersecurity as a key investment area, will be interested in our offerings. BFSI (banking, financial services and insurance) sector is very important for us. Of late, we have also seen that the government is spending a lot in cybersecurity because we have a lot of critical infrastructure in the country like oil and gas industry, payment gateways, PSBs. From that perspective, the government is spending a lot in securing these assets. Secondly, there is a lot of innovation on the government side. For example, CoWin, Direct Benefit Transfer (DBT) schemes, UPI (Unified Payment Interface) and others have big success stories. There is a lot of vulnerability of government assets from nation state actors. Thirdly, entire healthcare and pharma industry, where a lot of critical information is stored. For us, BFSI is the biggest. We also count IT and ITes as one of the major contributors of revenues. We have digital native companies like big startups as clients.

How do you see the awareness among Indian enterprises towards cybersecurity aspects?

It is slowly improving among Indian enterprises. However, the preparedness needs to be better.