Palo Alto Networks’ Sean Duca on rising cyberthreats and the firm’s plans in India

California-based cybersecurity company Palo Alto Networks, led by former top SoftBank Group executive Nikesh Arora, ended the financial year 2017-18 with revenue of $2.3 billion, a 29% year-over-year increase, the firm’s website shows.

The company offers enterprises a security platform that can be operated across clouds, networks and mobile devices. It claims to have acquired more than 56,500 customers in over 150 countries across multiple industries till date and counts Accenture, Amazon Web Services, Google, Microsoft, VMware and others as its partners. The company debuted on New York Stock Exchange in 2012.

In a conversation with TechCircle, Sean Duca, Palo Alto Networks’ vice president and chief security officer in the Asia Pacific region, spoke about the firm’s operations in India, the cybersecurity landscape in the country and more. Edited excerpts:

How has Palo Alto Networks been performing in India and what is your strategy? Do you do any R&D in the country?

Although we don’t break out country-specific numbers, we are actually growing in India (revenue-wise) as we continue to make investments in the country. India is one of our fastest growing and important markets in the region. To underline India’s importance, I spend most of my time here. Another reason for that is that the market here is still maturing as companies look to start their digital transformation journeys. We are trying to raise more awareness about our offering of a product ecosystem or platform and cybersecurity in general.

We had announced our intention to acquire Bengaluru-based cloud security firm RedLock for $173 million and we closed the deal last year in October. Acquiring RedLock was a strategic move in order to enable our automated cloud security suite.

To answer your second question, we actually do a lot of research and development in India. The acquisition has shifted our focus to provide better cloud security for the time being.

Who are your customers, partners and resellers in India?

One of the most recent announcements that we made was Pune-based IT consulting firm KPIT Technologies adopting our security solution including firewalls and network security management.

In India, we work with a variety of companies including most system integrators and consulting firms. These are tier-2 partners. Their strategy is to work very closely with partners who invest in skills, consulting/professional services and advocate best practice system integration to protect our customers. To name a few, our key partners are ACPL Systems, VDA Infosolutions, Network Techlab, 22by7, Valuepoint Techsol, Raksha, Frontier Technologies and VFM Systems. The system integrators we work with include Wipro, Dimension Data, IBM, TCS, Hitachi Systems Micro Clinic and Inspira.

Palo Alto Networks has a two-tier partner strategy, globally. Our partners place an order through their distributors, who then pass that onto Palo Alto Networks. We have three distributors in India – Redington, Inflow and M.Tech

Has the role of the chief information or security officer gained more importance and what challenges does he/she face in these times?

To answer your question in one word: Yes! Chief information or security officers in some companies are seeing their importance grow as firms look down the barrel of a gun called cyber threats. As policies or frameworks such as General Data Protection Regulation see more adoption, the importance of such executives are only going to grow. Cybersecurity itself has gained more importance. In fact, few venture capital firms have started auditing startups’ security before making their investment.

To answer your second question, I think a modern-day CISO faces the challenge of plenty. While there is a new concept called the ‘single pane of window’ that shows the most actionable items for the CISO, he still has to adopt at least 30 to 50 different cybersecurity solutions. The issue is that most of these products don’t talk to each other which means that the CISO has to go through all of their reports to take stock of his cybersecurity status, basically creating what we call pockets or gaps in information. Palo Alto Networks works against this practice and tries to bring down the number of products from three to five by deploying a product platform or ecosystem. The platform in itself looks at quick deployment and automating most of the tasks so that CISOs can look at more critical things.

What is India’s status with regard to cybersecurity?

Computing power has been on a serious rise globally. To put it simply, people are using more and more devices generating billions of data units as we become a more connected world. But this also means that the attack surface is increasing with the rise in the number of devices and connections. Hackers now have more targets than before and they are focusing on financial gain in some way or the other.

Now, think about the population in India and the number of devices people are going to use in the very near future. In my prediction, each individual of the country will end up owning at least 3.5 smart devices along with a family owning close to 20 smart devices. That is huge. This makes India a prime target for hackers and other black hats.

India is also trying to adopt laws similar to Europe’s GDPR. Your thoughts on that.

I think that adopting new policies and guidelines, especially when a country of India’s size is undergoing digital transformation, is a natural step to take. However, this also means that you will soon see the number of cybercrimes increasing rapidly in the country. This is not because that these crimes weren’t happening before but the laws will ensure that these crimes or attacks are reported and often you will find them as a part of mainstream discussion. We saw the same thing happen in Australia (where I originally belong) in the past.

What are your views on the cybersecurity startups in India devising their own solutions?

Yes, we realise that there are a lot of Indian startups and developers who are working on cybersecurity solutions. However, sometimes they can be a piecemeal solution or these individuals might need help in terms of developing their product or accelerating it for market adoption. This is why, globally (India included) we run our accelerator and incubator programme in partnership with Sequoia Capital and Greylock Partners. The total corpus of our programme is $20 million and can be used by anyone globally who can create the right product or solution.

Do you think India faces a shortage of cybersecurity talent? If so, is Palo Alto Networks addressing the issue?

Yes, I do agree that a country like India needs to produce more cybersecurity talent as the demand is high, which is why Palo Alto Networks has been trying to upskill its own employees and students in the country. While employees go through internal skilling processes, the company has partnered with Indian universities to train them in cybersecurity and emerging technologies. These universities are mostly based out of Tamil Nadu, Maharashtra, Andhra Pradesh and West Bengal.