“What is different in India is that the government is taking online services to the villages and spending on taking Internet to rural India, unlike the US where the corporates do this”, says Hemal Patel, CEO, Elitecore Technologies
What brings you to India and what are your plans to expand here?
I came to India to do my Internet Service Provider Project in 1998, when the government started e-Regulating ISP policy and I had an ISP in Portorican Islands then. From what I see, most of the IT companies have a revenue dependency on foreign companies. But our government is taking many initiatives, so there has to be a local market. If I make a product, there will be a local market for it. That is when we came up with the billing solutions. There is a huge demand for IT here, and that is what I saw, that if I build a product and try to sell it here, as I do understand this market better than the US, there will be demand here and there is room for a lot of growth.
Please tell our readers about Cyberoam and why you decided to establish it in Ahmadabad (Gujarat) in particular?
I knew that where ever I come out with the product, there will be competition. Either one innovates a new product, with a completely breakthrough technology, which also takes time of adaptability in the market, or work in a competitive market with a product that is price competitive. So, we needed to build more value in less price in order to compete and being in Ahmadabad helped in that respect.
We do everything remotely except sales, pre-sales and channel related marketing. Other than these three, everything else can be done remotely like logistics, payments etc., which helps us to maintain our cost structure. It obviously has its challenges, like the mind set of people, as there is no concept of drop shift. I had to face that challenge. I feel work should be done in research and development and designing of the product and it should be sold in a drop shift kind of a model.
On the way, Elitecore Technologies came up with two products; Cyberoam Internet security products and telecom billing solutions. In both we have done significant work, we started with India and spread into the surrounding countries and last year we started work in the United States. In the US, the enforcement of regulation is very strict so whether you are a small company or a large enterprise, the regulatory compliance and law enforcement does not change and you can take advantage of that to position your product.
Recently, we were funded by Carliol, which is one of the biggest equity players in the United States, which boosted everybody’s confidence and we could feel that we are on the right track.
From the inception of the company till about seven years, we did not raise any funds. And we took it from the initial investment of only half a million dollar, all the way to nine million dollar without any fund raising. However, now for our growth, we needed to raise money and so we do, for expansion.
Since you have experience in various countries, what is your opinion of the global picture in terms of network and security, especially in the United States?
Mostly security solutions are out of need, out of competition and out of regulatory obligations. I feel that the United States tends to be a little bit ahead in implementing them, as compared to other countries. In regard to security compliance, we looked at three things. One of them is HIPPA- Health Insurance Privacy Protection Act in the US. Under this particular act the subset dealing with IT mentions that all IT infrastructure in the health care industry should protect the patient’s information, the data should not only be encrypted but there should also be monitioring as to who is transferring what data. If your security is tied up to a desktop, it is difficult to know who is sending the data as terminals are often shared by many in the health industry, that is where we come in. Another industry where IT security regulations are implemented, is in the financial sector. The cyber SOX compliance Act for financial public companies, states that IT departments must monitor the unencrypted information going in and out of a financial organisation and all the data must be stored for 7 years. So there are information trapped monitors and in our device, the pattern allows us to drive the same performance as a regular network device and it does not impact the performance.
This device is especially for the SME (Small and Medium Enterprise) market as big corporations can spend money even for a single threat but small industries can not spend on all of them and even if they did then they would need people to maintain all of it.
The third law which is most prominent, and I feel which is most missing in the rest of the world is CIPA (Child Internet Protection Act). The US government has a CIPA Act which they are not enforcing yet, but the way they triggered it, is that the federal government would give schools upto 100% funding for Internet bandwidth only if they are CIPA compliant, which means that the children are protected from accessing all malicious sites. Also, their activities on the Internet are monitored. We are trying to position for that. However, CIPA is not seen so much anywhere outside the US in the education industry.
How our product works is that we have an engine which is called the categorisation engine defined by the content of a particular website, which works just like a virus. Taking the most popular world sites, we have an auto rule based engine, based on rules, it categorises what kind of site is there. However, there are sites that remain uncategorised, for which the auto engine carries out manual categorisation. So far, we have about 11million sites categorised.
Where do you think India stands on the matter of security compliance?
The only thing that I do not see coming to India is the patient protection law in the near future. However, what I do see is a lot of forensic and cyber laws. The education industry is similar to health. In a school, Internet is still not a part of the education system. However, we are moving towards it. The health care industry security laws will then follow later. So I feel that in India, the financial sector is growing by implementing new technologies and I would say that the technology growth in financial sector in India would be more than the US. Thus, I personally feel that the government will be looking at the financial sector more than the other two verticals right now, as the financial industry is growing faster and I think all the Indian financial companies are investing heavily on technology and have leap frogged all the way from not having any to having cutting edge technology.
Coming to the data and conversion billing solutions, BSNL and MTNL are usuing internet so how are you incorporating the privacy and security element there?
We work with BSNL and provide billing solutions, customer care and sales care. Many vendors are providing billing solutions but the owner of the consumer data is not the solution provider, it is the service provider, so they have to provide the protection. However, I do not think security is a critical element as BSNL and MTNL payments are still not online, so even with very less security implemented, not much can go wrong, unlike the US where my payment information is with the service provider. Whenever they implement that, they have to bring the protection. Right now BSNL and MTNL have password protection for the website which is through SSL (Secure Socket Layer) which is an encrypted format and can not be read in the middle. In India, the use of credit cards for online payments is yet not widespread, and also people have yet to develop trust in online transactions which will come with more stringent protection laws and they have to be enforced effectively. When the government steps in and allows the entire financial industry to accept credit cards and if they do not protect their customers, they would be penalised for that, only such kind of law enforcement will give confidence to the consumer in online transactions. These are very open areas and I am sure that we and the governments can contribute a lot into this.
What role is Cyberoam playing in the field of security to promote e-Governance? What do you think about the National e-Governance Plan?
US Government now has a lot of initiatives on bringing everything online and promoting e-Governance activities, they provide everything online. However, they want to protect their systems too, for which they use devices like firewall etc. In my opinion, in the United States, the government has been paying more attention to the protection of the security and privacy of citizens, than other countries. Whereas, in emerging markets like ours, the laws on Internet security in the educational industry are quite open I would say.However, that is changing. NASSCOM is taking big initiatives on security awareness. We are proud that we are one of the security appliance companies here and we are also working with NASSCOM and other companies to raise the awareness levels about the importance of security. Here, I think the media also plays a very important role in making the decision makers aware of the emerging security threats and also about regulary compliance, especially in verticals like education where the security threat is more eminent.
Our contribution would be joining hands with organisations like NASSCOM, regional organisations like GESIA (Gujarat Electronics and Software Industries Association) in Gujarat and go out and make faculties of universities, future decision makers and professionals studying in various institutes, aware of the importance of network security. We do have deployment in various government verticals, for example, ISRO is one where we have deployed security.
In India, we have also been involved with the Gujarat state government in the implementation of the GSWAN (Gujarat State Wide Area Network). However, dealing with state governments in US, cyberoam works with educational institutions that are governed by the state governments and not federal government. Right now we are working with New Jersy, New York and Conneticut.
What I think of the National e-Governance Project is that it is a very good step, that each person has to communicate a faster response, consider your tax payers as your customers and even though all that has now started, the procedure to the end user has not really developed. The application of government services online is yet to become more effective.
In the US, the government gives flexibility to the citizens, an option that people who have accessibility can make transactions online but if they do not (in rural America for instance) they can make the payments manually. What is different in India is that the government is taking online services to the villages and spending on taking Internet to rural India, unlike the US where the corporates do this, but they do not go where there is no benefit. So here also we have leapfrogged compared to the US government by setting up CSCs and kiosks in the remote areas and working towards last mile connectivity.
The government is doing great work and I am sure that all their approaches are well thought. The end user confidence, however, needs to be increased in online transactions which will come with better regulations and will drive things in a more positive direction. So, one by one all services can be made online, The Indian Railways for example has taken amazing initiatives and that is the way it should be.
So if there are more laws on protection and security in transactions for citizens rather than only forensics, it would be really helpful.