In this exclusive interview conducted by Express Computer, Govind Rammurthy, CEO & MD, eScan, provides insights into the evolving landscape of network security, particularly amidst the COVID-19 pandemic. He discusses the challenges companies face in adapting to remote work setups and the imperative for robust security measures. Rammurthy also highlights the significance of indigenous cybersecurity solutions in bolstering national security and the role of AI in transforming cybersecurity practices. This interview sheds light on Escan’s strategic approach to cybersecurity and its vision for the future of the industry.
How has the COVID-19 pandemic impacted network security measures and infrastructure management, particularly concerning remote access, and what adjustments have companies made to address these challenges?
As an industry, whether during a pandemic or not, networks and computing infrastructure remain operational. The shift occurred in how and where people accessed these resources. Offices transitioned to remote work setups, but the need for network, servers, communication tools like email and video conferencing, and internet connectivity remained essential. However, the challenge arose when employees accessed office networks from home, a scenario for which many companies were not fully prepared.
Previously, companies managed network access within the office through firewalls and VPNs, controlling traffic flow to and from fixed locations. However, the pandemic changed this dynamic as employees started accessing office networks remotely, essentially becoming insiders. This paradigm shift introduced new security challenges, highlighting the need for robust access control and network security measures.
The pandemic brought both opportunities and challenges. It spurred the adoption of new collaboration tools like Zoom and Microsoft Teams, revolutionising remote work practices. However, it also necessitated reevaluating security strategies, leading to adjustments in firewall configurations and the adoption of new security solutions.
How do you adjust your strategy to remain relevant and capitalise on emerging opportunities? Can you highlight any innovative approaches you’ve taken to establish your position in the market?
The security industry has been a sector deeply intertwined with the political landscape of any country. The rationale behind this connection lies in the unrestricted flow of information over the internet, transcending national boundaries. Whether it’s banking transactions, confidential emails, or sensitive communications, the internet serves as the conduit for these data exchanges. In the past, a nation’s security was primarily safeguarded through physical means such as armed forces, defence infrastructure, and territorial boundaries. However, with the advent of the digital age, the concept of security has expanded to encompass the realm of cyberspace.
Each nation is akin to a fortress, aiming to protect its digital assets within its virtual borders. This paradigm shift has been particularly noticeable over the last decade, with countries increasingly asserting their sovereignty in cyberspace. Previously, Western nations like the United States spearheaded this movement, emphasising self-reliance and self-protection in the digital realm. India has followed suit, recognising the importance of securing its digital infrastructure and asserting its autonomy in the cyber domain. The “Make in India” initiative underscores this commitment to self-sufficiency, urging reliance on domestically developed technologies and solutions.
Why is this emphasis on indigenous cybersecurity solutions crucial? The answer lies in the inherent risks posed by foreign technologies. When relying on external products, especially those with embedded IPs located outside India, the control over data flow becomes ambiguous. The government’s stance on this matter is clear: ensuring that critical information remains within national borders and isn’t susceptible to external manipulation or influence. This imperative extends beyond governmental spheres to encompass industries and organisations operating within the country.
For organisations like ours, operating in the security sector, the focus has been on catering to the enterprise market within India. While the retail segment remains significant, the emphasis has shifted towards building indigenous intellectual property (IP). In sectors like government, education, and critical infrastructure, the creation and protection of IP assets hold paramount importance. This strategic shift aligns with the broader national objective of fostering self-reliance and securing vital sectors against external threats.
How has your company successfully penetrated government sector in recent years, and what factors have contributed to your ability to provide indigenous security solutions amidst evolving cybersecurity priorities?
Our journey into government sector hasn’t always been smooth. Despite offering robust solutions, penetrating government organisations proved challenging in the past. However, over the last five to six years, we’ve witnessed a significant shift. We’ve secured numerous large accounts, including prestigious entities like Israel, where we’ve been serving for nearly seven years. Our clientele now includes critical institutions such as nuclear power plants, various ministries, and national intelligence agencies.
These successes stem not just from being an Indian company, but from our emphasis on developing exclusive IPs and solutions independently. This shift in mindset within the country has been immensely beneficial. Historically, there has been a tendency to favour foreign solutions, often equating them with superior quality. However, the government’s push for indigenous solutions has reshaped perceptions. The realisation that cybersecurity is paramount, especially in an era where cyber warfare looms large, has underscored the importance of homegrown innovations.
The security industry, by its very nature, demands self-sufficiency. We can’t afford to be reliant on external sources for critical security solutions. While other industries might entertain partnerships or dependencies, cybersecurity necessitates autonomy. We’re not merely protecting data; we’re safeguarding the future. And in this rapidly evolving landscape, being prepared for any eventuality is paramount.
As the only Indian company with a global footprint in the enterprise segment, we’ve forged strong partnerships worldwide. From Malaysia to Latin America, our presence is felt across the globe. However, there are regions where we’ve faced challenges, such as Russia, where stringent policies regarding source code disclosure have hindered our entry.
Nevertheless, the trajectory of the security industry remains promising. The government’s focus on data privacy and regulatory compliance has created a conducive environment for growth. Companies are increasingly investing in security audits and compliance measures, signalling a newfound seriousness towards cybersecurity. We’ve actively engaged with policymakers and regulatory bodies, offering our expertise to shape policy decisions.
Before delving into the customer side, has being a homegrown company provided or is providing you with an advantage, despite the presence of numerous players in the market?
Let’s address the misconception about the number of players in the security industry. Contrary to popular belief, there aren’t as many players as one might think. While the consumer segment might appear saturated, the enterprise segment, where serious players operate, is a different story. In enterprise networks, the competition is fierce, but the field narrows when it comes to serious contenders. We’re active in this arena, where names like Trend Micro have dominated for over a decade. However, displacing entrenched players takes time. Other contenders like SentinelOne and CrowdStrike often pitch their solutions aggressively, particularly in areas like Endpoint Detection and Response (EDR). However, their marketing pitches sometimes oversimplify complex issues.
Let’s draw an analogy to driving a car. You understand the importance of a seatbelt and an airbag in a vehicle. Similarly, in cybersecurity, you have Endpoint Protection Platforms (EPP) and Endpoint Threat Detection and Response (ETDR), akin to your seatbelt and airbag. While EPP serves as your primary protection, ETDR acts like an airbag, mitigating impact when an attack occurs. It’s crucial to educate customers about these distinctions amidst the rapid pace of technological advancement. Many fall prey to marketing gimmicks, only realising the importance of comprehensive protection after an attack.
In our interactions with clients, we emphasise the need for education. As technology evolves, so do threats. It’s essential to stay informed and understand the intricacies of cybersecurity. We’re actively developing solutions to address emerging challenges, such as data leak prevention, in line with evolving regulations like the data protection bill. Compliance is no longer optional; it’s mandatory, with significant fines for non-compliance. Our goal is to empower organisations to navigate this complex landscape confidently.
How have conversations with large customers evolved in recent times? They’ve shifted from compliance checks to boardroom discussions. What are your day-to-day conversations like with large enterprises now?
As you rightly pointed out, cybersecurity has now ascended to the boardroom level, marking a significant shift in organisational priorities. In today’s boardroom discussions, the participation isn’t confined to just internal or nominated directors. Instead, it involves key stakeholders, including senior executives such as the CFO, CIO, CEO, or managing director. This elevation in discourse underscores the gravity of the cybersecurity landscape and its implications for business operations.
On a daily basis, we’re inundated with reports of major companies falling victim to cyber threats like ransomware attacks and data breaches. These incidents have demonstrated that no organisation, regardless of its size or stature, is immune to such attacks. The emergence of ransomware has particularly highlighted the potential for enterprises to be held hostage, compelling many to grapple with the dilemma of whether to pay exorbitant sums to reclaim their data.
Consequently, the narrative around cybersecurity has evolved from being solely an IT manager’s concern to becoming a matter of strategic importance discussed at the highest levels of corporate governance. Senior leaders now engage in these discussions, posing pertinent questions and seeking assurances about the organisation’s preparedness to mitigate cyber risks.
Yet, despite the heightened awareness and involvement of senior leadership, the rapid pace of technological advancement presents a formidable challenge. Keeping abreast of the myriad ways in which technology can be leveraged or exploited proves to be an uphill task for many organisations. However, our role extends beyond merely highlighting vulnerabilities; we strive to provide comprehensive solutions and insights to navigate this complex landscape.
With the impending implementation of data protection regulations, many organisations find themselves grappling with compliance concerns and policy ambiguities. The uncertainty surrounding the interpretation and enforcement of these regulations adds another layer of complexity to the cybersecurity discourse. However, governmental efforts to clarify these issues through FAQs and guidelines offer a glimmer of clarity amidst the uncertainty.
How do you anticipate the game plan evolving for companies and enterprises regarding AI adoption, considering its potential as a significant disruptor, and what measures are being implemented to ensure the security of AI environments, including telco solutions?
Alright, let’s dissect AI from two critical angles – its impact on cybersecurity and its integration within organisational frameworks.
Firstly, let’s address the implications of AI on cybersecurity. With the advent of AI, cybersecurity measures are poised to undergo a significant transformation. Our focus lies on harnessing AI to bolster cybersecurity defences within organisational networks. We’re currently engaged in pioneering research aimed at developing an innovative concept known as automatic inferencing. This groundbreaking technology is designed to autonomously detect and identify anomalous entities within network infrastructures. By swiftly identifying and neutralising potential threats, such as unauthorised intrusions, we anticipate a substantial enhancement in cybersecurity efficacy.
Now, transitioning to the realm of organisational AI adoption, several noteworthy considerations emerge. For instance, the proliferation of AI-powered tools, like GPT (Generative Pre-trained Transformer), presents both opportunities and challenges. While these tools offer unparalleled capabilities in natural language processing and data synthesis, they also pose inherent risks, particularly in terms of data privacy and security. To mitigate these risks, organisations must exercise caution and prudence in deploying AI technologies, ensuring that sensitive information remains safeguarded against inadvertent exposure or exploitation.
The integration of AI-driven support bots within organisational frameworks introduces a paradigm shift in customer interaction models. While traditional bots have served rudimentary functions, the future lies in AI-enabled bots capable of comprehending complex queries and delivering tailored responses. However, this transition necessitates meticulous attention to detail, particularly in defining the boundaries and constraints of AI algorithms. A recent incident in the UK serves as a poignant reminder of the challenges inherent in AI implementation, wherein a chatbot inadvertently engaged in contentious dialogue with customers, prompting its eventual shutdown.
What challenges do you encounter when implementing AI models?
If you put too many rules, its effectiveness diminishes. If you don’t impose any rules, it appears overly autonomous, potentially leading to unanticipated actions. So, that’s the challenge we’re facing. From a security standpoint, excessive autonomy can result in uncontrolled data proliferation, a scenario we aim to avert as technology advances. However, I’m confident that by the year’s end, we’ll have highly adept Gen AI taskmasters equipped with appropriate guardrails—constraints to prevent aberrant behaviour. That’s our current stance on the matter.
In the next five years, where do you envision your company and what are some of the key goals you aim to achieve?
AI is the future, no doubt about it. I foresee a significant transformation in technology within the next five years. Experimental models already show AI taking over tasks traditionally performed by humans, such as responding to messages on WhatsApp. However, while AI holds immense potential, it also brings forth challenges, such as the rise of deep fakes. Addressing these issues will be crucial in ensuring the integrity of information exchange. Personally, I’m concerned about instances where individuals rely on AI to create resumes or introductory letters, as it raises questions about their ability to think independently. Moving forward, I anticipate AI to play an integral role in various solutions, facilitating community, national, and commercial endeavours. Our focus is on deeply integrating AI across different aspects of technology, including servers, workstations, smart routers, and cloud infrastructure, to make a substantial impact in the industry. However, it’s essential to recognize that technological proficiency varies among players in the industry, and those lagging behind may face challenges in adapting to the evolving landscape.