Interview

GRC in the cloud makes sense

Chandra Sekhar Bilugu, Chairman & Managing Director, eGestalt Technologies spoke about the cloud based model for GRC with Rajendra Chaudhary

In addition to offering SecureGRC through an on-premise delivery model, you are also making it available through Cloud. Just how valid do you think is this approach when we know for a fact that historically enterprises have preferred to keep the monitoring and governance pieces in-house and on-premise?

Well, it is not entirely true. Enterprises have been known to involve outsiders and also go in for on-demand models. This is particularly true of security monitoring, where a number of Managed security Service Providers (MSSPs) continue to work successfully with user organizations, primarily on an off-site model. Sure there are businesses who have kept it in-house and on-premise, but there is also ample evidence to suggest that users are open to security monitoring through cloud. In today’s highly dynamic and competitive business climate, information security has assumed critical importance. However it is not always possible to build one’s own security practice since not everyone has the required internal IT resources or finances at his disposal. In such cases the appeal of an on-demand solution is undeniable.

They might be open in case of IT security but what about the GRC (Governance, Risk and Compliance) piece? Are they just as willing?

In case of GRC components they might not be fully on-board just yet but lately we have been observing a shift in the customer mindset. This is because they have begun realizing that there are certain issues with the traditional approach. One such issue has to do with retaining people post the roll out of a GRC project. Given the rising demand for GRC experience, quite often people who participate in successful roll-outs tend to move out in search of better prospects. This can prove to be rather detrimental for the deployment in future. However, this is not the case if you do in the cloud or outsource the activity to an MSSP. There you don’t run the risk of loosing your talent and seeing your project in jeopardy.

You aren’t just targeting enterprise users for SecureGRC but you are also going after the MSSPs as potential customers, right?

Yes . SecureGRC, offers an end-to-end integration of security monitoring with IT-Governance, Risk Management and Compliance management solutions using a cloud based delivery model. When it comes to MSSPs in India barring a few not all of them can afford to build a facility of their own. As we all know the cost of setting up the desired infrastructure needed for a captive facility for an MSSP is huge. We figured that it would be great if we could come up with some sort of model wherein we could offer them everything they need to begin offering services without any significant infrastructure investments upfront. That’s where the cloud idea came into the fray. What we are proposing here changes the whole paradigm for the service providers.

Earlier what took vast sums of money and months of preparation for aspiring MSSPs now takes a fraction of the same time and hence we are particularly hopeful of the opportunities in this area.

But is there enough play for you as a vendor?

While it is true that the India market is not quite as mature as some of the other global markets, we believe that the scenario could change very quickly. Barring a few large MSSPs there aren’t too many credible service providers to go around at the moment. But we firmly believe that it’s going to change and we are positioning ourselves accordingly as the technology partners to these service providers.

At the moment where are you focusing more?

We are exploring opportunities in both the areas. We are talking to customers directly and also we are engaging with MSSPs. We need a direct channel with the customers because we need to get their feedback to improve our offering while at the same time we also realize that we can only scale out if we enroll partners like MSSPs. But if you really asked me I would say that at the moment the major thrust is on partners right now and going forward it will continue to be a priority for us.