With the threat vectors looming large in the cyber-security space, there has been a need to address the concerns with advanced mechanisms. In an interaction with Express Computer, Rohan Vaidya, Regional Director of Sales – India, CyberArk shares about these solutions and how the company is leveraging upon them as services.
Could you elaborate your views on cyber-security, and how CyberArk fits in as a solution provider?
Considering the past 10 years, cyber-security has slowly started coming in. Over the last two-three years, cyber attacks have become a viable business. According to estimates, globally there is a loss of about a trillion dollars due to cyber attacks. When looked at the last two-three years, most of the breaches were announced from the US organizations. In most of these breaches, they have published forensic results – things like why and how the breaches happened. Typically, the common underlying factor is that the Privilege Accounts or Domain Accounts have compromised. There are two types of accounts you would envisage as a normal user – user account and administrator account. If the administrator password is compromised, one can easily cause breaches. We at CyberArk, protect these accounts.
With numerous new technologies – such as cloud and Internet of Things (IoT) – coming in, any device having an IP address is going to be susceptible for a cyber attack, thereby increasing the scope for cyber security day-by-day. This makes it easier for the attacker to look at open areas and start penetrating. Traditionally, it was more of a perimeter security that we had created; we had formed a server and put network devices and a firewall around it, but then we got a lot of technologies which kept building on those pieces. Even after all this, there are still breaches. At the end of the day, if I look at the endpoint, the senior management – which travels a lot – becomes soft target for attackers. In the ransomware cases, the attacks were more on the endpoints, because these are easy ways. These are the areas pose a challenge from a cyber security perspective.
CyberArk started around 19 years ago as a startup in Israel. The founders came from a military background and started something for storing sensitive information. Over a period of time, we started building on the different parts of IT. Now the newest part is DevOps which is largely used by e-commerce companies.
We also work with most of the security vendors to align with them, in terms of integration. You have to be one step ahead of the attacker. It is now a team game, rather than just vendors. When we integrate with different vendors, the security posture becomes much stronger. We have something known as C3 Alliance, wherein we work with about 50 security vendors, and we have pre-defined templates which can be used for out-of-the-box integrations.
How is CyberArk positioned in the Indian market?
We have been in India for about four years. In 2014, we went public on NASDAQ, prior to which there was a smaller enagement from Israel as a normal startup – we had limited visibility. In early 2016, we created three theatres – North-end Latin America, EMEA and APJ. We re-started building our APJ organization and we have now five regions in APJ among which is the India-SAARC region. In India we started with a few customers.
In the last six quarters, the low-hanging fruits for us have been the IT and ITES verticals. The telecom space has been quite exciting for us, becaus that’s where there have been a lot of regulations and needs. Banking has been more mandated because of RBI regulations – we have public and private sector customers. Recently, we have had a lot of conversations with power and manufacturing companies.
The latest that we have approached is the e-payment space. We have about 45 active customers in India across these segments, of which few are critical in nature from the national perspective. Most of the Supervisory Control and Data Acquisition (SCADA) systems that are used by the power companies have been built on old Microsoft OS. Many SCADA systems are going on the IoT space. These are two of the areas we are focusing on. About 15-16 per cent of our customers have associated with us over the last 18 months.
Is the government missing in this entire gameplan of CyberArk?
In the first two quarters, we didn’t focus on the government. However over the last three quarters, we have bagged three large and significant national level projects from the government. This has given us the confidence in terms of our place in the government space. We have also witnessed a lot of co-operation from the government.
What is roadmap set by the company?
In 2018, we would work a lot on awareness, because in India it still is believed that this is a perimeter security-driven market. We have to amplify our message and work on those lines. There seems to be a lot of conversations on cloud integration, where everybody is going to move to cloud. We have come up with a solution, called Application Identity Manager, which is in the maturity phase. Going by our conversations in the industry, this would be an area of focus for us alongside end-point offerings.