In today's digital sphere, businesses grapple with copious volumes of sensitive information daily. Before implementing robust security measures, it's imperative to comprehend the nature of data being gathered, processed, and disseminated.
It is also actively looking at acquiring companies in structured data protection that are focusing on things like databases or data lakes, to grow inorganically
In today's digital sphere, businesses grapple with copious volumes of sensitive information daily. Before implementing robust security measures, it's imperative to comprehend the nature of data being gathered, processed, and disseminated.
Data-centric security solutions empower organisations to discern the spectrum of data they manage, its circulation, and utilisation patterns. This depth of understanding proves invaluable in adhering to the data mapping prerequisites outlined in the Indian Digital Personal Data Protection (DPDP) Act of 2023.
Vishal Gupta, CEO and founder of Seclore is excited about DPDP though he believes that its impact is still unrecognised. He tells Outlook Business that it is likely to follow the path of the General Data Protection Regulation (GDPR); it was recognised only after Dutch non-profit foundation Stichting Data Bescherming Nederland (SDBN) filed a lawsuit against Adobe. According to the disclosure norms in the DPDP Act companies must reveal data breaches two years ago too.
Edited excerpts:
Many startups are moving their headquarters back to India. Is Seclore considering this reverse flip?
It depends on their long-term objective, especially if they plan to go public in India—it is easier to go for an IPO listing here because in the US the benchmark is $180 million in revenues.
Seclore claimed to have closed the largest quarter in its history this February, securing two seven-figure customer deals and hiring new people to help meet increased customer demand. Where does India sit in the entire business scheme?
Most of our revenue has moved to our headquarters in the US, while India is the main engineering center. In October, we were at about $16 million and by the end of FY24, it ought to be around $25 million, so as a company, we have grown almost 50% in the last six months.
While Seclore has been in operation for about 12 years, we took six years to go from zero to $1 million and then another six to reach the current stage.
Why is that?
It had to do with product-market fit because we were trying to solve a very tough problem technically of sending information to somebody and remotely controlling it without causing friction to the recipient. When we started in 2011, there were nine companies in this space, including Vera, Liquid Machine and Ionic Security, that raised nearly $700 million between them. Today, there are none. They did not fail because of poor marketing, or not hiring the right salespeople, but because they couldn't solve the underlying technical challenges in the system.
We also struggled to solve these technical problems in the initial three to four years, during which time we did not have salespeople. Once we felt we had a saleable product, we had to deal with the product market fit challenge because the technology was far ahead of its time, and there was no demand for it. Since no one was asking for it, we had to educate companies about why they needed it.
VC investors are expanding cyber and data security investments due to Gen AI and rising threats and Indian cybersecurity startups raised $130.7 million in two years. Does the appointment of tech investment firm Tenacity Ventures’ co-founder Rohit Razdan's at Seclore’s board suggest potential capital raising?
We had seed funding from an institutional investor. Seclore’s last fundraise for $27 million was two years ago and today, it has more than $22 million. We have been cashflow positive through six years and focused on value creation, which took us so long. Hence, fundraising is not a very active part of the next year.
Are there any white spaces that Seclore has identified when it comes to acquisitions that will complement its value creation model?
Most enterprises don’t make a clear distinction between unstructured and structured data protection. We are actively looking at companies in structured data protection, which are focusing on things like databases or data lakes. Currently, we are focused on documents, emails, designs, and intellectual property, but there is a lot of interesting stuff happening in data discoveries, where machines are trying to make sense of data. We haven't seen commercial success yet, but there are a lot of technological successes.
CISOs are becoming extra cautious about choosing their vendors as they reduce their IT spending. Has this impacted Seclore’s revenues?
Not really, in fact, we are growing at 60%. Normally the growth percentage goes down as the company grows bigger. In our case, it's the exact opposite. This is because of how we have positioned ourselves as a replacement for many cybersecurity investments companies use.
Many companies have invested almost 70% of their cybersecurity budget in endpoint security, network security, application security, identity, and access management. Our value proposition to companies is that they are protecting public networks and devices that don't belong to them because their employees are working from everywhere on a variety of devices. So, while networks invest in VPNs and distributed networks, we tell companies to focus on securing the data instead.
Many companies are migrating to the cloud without considering their data management strategy. How are you educating them about this?
We consider ourselves as an enabler of the cloud and tell them that if have a data-centric security approach, they can now move all their data to the cloud while retaining control of it, without worrying about what the cloud service providers do. They can do away with wide-area networks because the network is secured. We tell enterprises that they need to apply security to the data, and then they can adopt the cloud.
Which industry sectors are you focusing on in India?
Globally and in India, we currently work with financial services, manufacturing, and engineering companies as well as government agencies. Within the government, the first adopters will be the defence, investigative agencies, defence and infrastructure players as well as regulatory bodies, because they deal with a lot of confidential data that has to move around.
We are working with national government agencies across North America, Asia and Europe creating frameworks to secure critical aspects of the administration.
The biggest threat to digital assets is geopolitics. Since hackers don’t have millions in funding that states have, they are more incentivised to hack into somebody else’s systems. Hence, we are working with the government to ensure that this kind of infrastructure is created and sustained. Now that this is changing, awareness is coming through in regulatory bodies and the whole ecosystem.
Organisations globally spent $118 billion on cybersecurity in 2023, which is expected to hit $215 billion in 2024. Yet they are constantly attacked. Is it because enterprises are unable to think ahead, or that hackers have become too smart to figure out the pain points?
It has nothing to do with security, the difference is that it’s a matter of survival for a hacker, while it is a job for the security officer. So, we are dealing with two different levels of determination.
For example, hackers have adopted Gen AI far better than any security company because they must stay ahead of the game. On the other hand, security officers are tied down with budgeting constraints and dealing with different people and so on. Therefore, the tools available to security professionals and hackers are the same, but the latter are taking to it faster.