Sramana Mitra: Can you take us through a use case of how you implement a cyber governance solution for your customers?
Anand Adya: Right from the get-go, we had to understand the landscape of the security market and where we fit in with the uniqueness and differentiation that we have built around our intellectual property. The notion of cyber security was all based around perimeter security—firewall, network, and even devices. There are examples of successful companies and solutions in that area.
Lots of companies have adopted those solutions already in the context of security just to prevent any threats or vulnerabilities. The challenge is how to translate all those investments in the government framework with a particular focus on risk. What I mean by that is, to amplify your question, if I’m running applications like billing systems, they are carrying 95% of my business transactions. Business is dependent on those systems.
The biggest risk is the ability of intruders to get control of these systems in a certain way and affect the business transactions. That is what needs to be looked at from a cyber policy perspective. We bring in all that intellectual property around application databases and we model those risks in the context of qualities and standards. That’s what makes us unique.
Sramana Mitra: This is a fairly crowded space. Can you paint for our audience an ecosystem map of who else is in the space? How do you differentiate?
Anand Adya: Your question is spot on in terms of the perception of the market or the perception of the industry analysts that it is a crowded market, and there are lots and lots of vendors. Recently, I was at RSA. More than 2,000 companies had participated in the event. Again, when you start classifying the different types of companies in the space, a large majority of those companies are focused on the threats, firewalls, and perimeter security.
Sramana Mitra: You already said that. Who are the direct competitors who focus on cyber governance at the policy level? That space also is quite crowded.
Anand Adya: It is crowded based upon how you see governance. If you’re talking about companies documenting the government policies, there are solutions out there from companies like RSA. Even our own core partner SAP has solutions like that. We don’t compete with those vendors. We are specifically focused on providing the analytics on the the cyber risk where we link in the application back into the perimeter or firewall security and then portray those in the governance framework.
If the companies don’t have any of the governance tools I mentioned, we absolutely have the ability to provide the basic dashboards. What we see more often than not is companies would want to integrate our data with those vendors. In almost all the places, I would say we fill in a wide space that is not met right now by a vendor but more by custom development.