Reported By:
| Edited By: Ashish K Tiwari |Source: DNA |Updated: Mar 25, 2018, 05:25 AM IST
With backing from GVFL and Unicorn India Ventures, Mumbai-based cyber security start-up Sequretek IT Solutions is looking to build on intelligence within its current product offerings and foray into new markets within India and overseas. Pankit Desai, co-founder and chief executive officer, Sequretek, speaks with Ashish K Tiwari about cyber security sector, challenges and how his company is helping corporates deal with the challenges and threats.
Cyber security market in India is still evolving, there are three segments that one sees here viz. the haves, which are organisations who are abreast of the security threats and have made investments all three elements of effective cyber security i.e. people, process and technology. The second segment is the have nots, wherein the organisations have little or no security awareness and feel, for whatever reason, that this threat is not for them. And the last one comprise those in-betweens, who have been forced to look at it either because of the regulatory pressure (and will do only what is being asked) or activist chief information security officers (CISOs) who continually fight the battle. The fact that cyber security has not yet become a boardroom discussion is probably why we have the two latter classes in the ecosystem.
As far as the comparative scenario is concerned from a technology point most, if not all the technology components today exist in India, as far as skill set is concerned there is a need to create security talent within the country both in terms of university curriculums and private institutions offering point certification programmes. The gap exists in two areas – lack of effective regulatory framework which forces organisations to report security breaches and second structural where cyber security gets viewed as a technology risk and not as a business risk which makes it difficult for this part of the risk to find a voice within the corporate hierarchy.
Industry analysts like Gartner and IDC predict the market to be around a $1 billion and growing at a healthy 10-12% rate. However, our point of view is that India has undergone a seismic shift in the past couple years – tremendous proliferation of data consumption through smartphones and broadband connectivity, digitisation of traditional products and services, government push for less-cash economy and Indian organisations becoming a part of global value chains. All these will have a compounding effect on how security risk will change for them, forcing them to re-evaluate their security budgets getting the security spend growth to be multifold.
The pace of digitisation of services consumed by citizens, customers and enterprises coupled with the proliferation of cheaper access devices and drastically reducing data costs should yield to dramatically different inter-connected world. This, whilst promising a much better digital life for those involve, will present security related challenges too, making the need for cyber security related investments even more crucial.
Attacks are typically orchestrated either by cyber activist groups, hackers or cyber criminals. The first set of attackers are motivated by specific agenda ranging from espionage, information stealing or sabotage and is often very targeted and stealth in nature. Consequently, a lot of attacks of this nature target critical and sensitive institutions with an explicit purpose to either steal information or bring down the connected networks. This will be a continuous threat to any nation that we have to watch out for and create adequate defence and response mechanisms.
The second set comprise of cyber criminals and hackers who's only agenda is to make money, and they will go after organisations for whom brand reputation is key and leverage their security loopholes to extract money either directly from the organisations or sell the stolen information for money. India being an emerging superpower makes it an attractive target for its enemies and in the case of organisations’ ability to pay for protecting their data and brand makes them an attractive target for cyber criminals. One cannot rule out state-sponsored cyber surveillance, recognisan
Indian corporates are exposed to various global and localised threats, which are highly targeted and sophisticated in nature. Targeted spear-phishing attacks instead of mass mail phishing have significantly increased in India. Ransomware attacks (again targeted on high asset value systems) are on the rise. As per some industry reports, India ranked fifth in Ransomware attacks (4%) in 2016.
As Indian enterprises embrace mobility and bring your own device (BYOD) trends, mobile vulnerabilities and malware are also on the rise in India and globally. Apart from these, Indian corporate networks are subjected to very high volume of DDoS – Distributed Denial of Services (often targeted) attacks that chock the enterprise network and BOT / Spam BOT attack that use the company infrastructure to launch attacks to outside environment.
Most Indian corporates deploy a variety of security products and services such as next generation threat management devices and other security products to protect against these attacks. Adequately patching the IT infrastructure is also an important step in protecting the environment against the attacks. Creating security awareness among employees, adequately defining corporate security policies and putting appropriate protection technologies including comprehensive monitoring and incident response / remediation mechanism is needed to address these threats effectively
Industry regulators such as RBI, IRDA, TRAI and Indian government's cyber security policies provide clear guidelines to create, protect and manage security frameworks relevant to their specific Industry for Indian corporates. Creating a comprehensive and relevant cyber security policy, governance mechanism that takes into account the organisation’s critical Information and infrastructure needs to be adopted. The overall environment has to be managed to identify security incidents and an appropriate incident response needs to be created for the same.
Indian corporates are at various stages of achieving this level of sophistication depending on their Industry (regulated or not) and company size (large or medium). However, most of them have basic security technologies implemented.
Security is a very complex area for most customers especially because of its ever-evolving threat landscape. Sequretek’s approach is to help our customers simplify this complex security landscape by eliminating the need to use multiple technologies (almost 40-45 technologies needed for protection today). Sequretek’s Kawach - Endpoint threat management platform looks to simplify security by consolidating disparate technology elements under a single platform. Our second offering Avatar – Access Governance leverages existing investments that customers have made for identity landscape and device control software to manage the complete technology lifecycle that employees live within the company. Whilst our integrated managed cyber security delivers actionable threat intelligence for our enterprise customers that leverages both internal and global threat data.
Security is a heavily competitive market space with several new players mushrooming almost on a regular basis, each of whom looks to address a specific problem in the enterprise thereby continuing to complicate the security technology landscape. The technology itself is moving from traditional signature-based detection of threats to more of artificial intelligence, machine learning and behaviour-based detection of threats. In the endpoint space there are several new players who have emerged in the recent past, focusing on the new technologies. Some of the global names include Cylance, Crowdstrike, Carbon Black etc. On the access governance, some of the players gaining global traction are Sailpoint, Avatier, etc.
What kind of revenues are you doing since inception and what is the growth and market share like?
Sequretek has been seeing over 60% compounded annual growth rate (CAGR). With the recently closed Series A investment, we will be looking at better threat intelligence, market reach and accelerate the growth multifold.
Could you tell us about the challenges and opportunities for players in this industry?
The challenges in this industry are in two areas one relates to customer acquisition and the other is product engineering. Security industry works on a trust basis and it takes a while for a new player to establish a level of trust with the ecosystem. For Sequretek, it has now taken us close to four years to build that trust and we can now say that some of the most renowned names in the industry verticals like BFSI, IT, Pharma etc are our customers. The other challenge specifically from an India perspective is a dearth of talent in security product engineering side, to build a product of this size and scale needs some of the best minds in the industry.
The funding from GVFL and Unicorn India Ventures will be deployed largely towards augmenting our threat intelligence capability, completing the final bits of the endpoint security product as well as subjecting the product to international benchmarks. The company also plans to use part of the funds for international expansion towards the end of this year.
The current round will take the company towards a self-sustaining domestic market presence, our next round will primarily be for setting up our international presence. We plan to start the international expansion from this year end onwards and launch our North America operations by this year-end. Over the next 18-months, we will look at expanding to other geographies viz. Europe, Middle East, South East Asia, Africa and rest of the world in that order.
Sequretek currently has over 45 enterprise customers across banking, financial services, insurance, pharma, retail, logistics and IT/ITES segments. Our strategy so far was to directly acquire the customers through a combination of our sales team and customer references, however, this year we are launching our indirect sales model as well with a separate team that will look at creating brand awareness, inside sales and channel sales. This is an essential component of ensuring a multifold growth.
