This Zero Trust security solutions provider based out of Fremont, USA, and headquartered in Bangalore, is making enterprise cybersecurity simpler and accessible.
Today, organizations are functioning with remote as well as on premise workforces. They are also functioning with some or most of their resources in the cloud, while some other resources still exist in on premise data centres.
Security for such distributed organizations can become a headache, what with multiple solutions to secure remote workers and cloud apps, and multiple others to secure on premise workforces and on-premise apps.
In the current context, with the location of extensive resources being multiple, i.e., applications, databases, and servers, Sandip Kumar Panda, Co-founder and CEO at InstaSafe Technologies, describes their nature in one word, ´distributed´.
The number one reason why cyberattacks are so successful and damaging is because of excessive network access. Users have way more network access than they need or ever should
“The number one reason why cyberattacks are so successful and damaging is because of excessive network access. Users have way more network access than they need or ever should,” he told The Tech Panda in an interview.
This means that once an attacker compromises one machine inside the network, it becomes easier for them to spread and cause damage. As a result, IT and security teams cannot trust their own networks.
“The irony here is, due to that excessive trust between machines, we cannot trust our own networks,” he adds.
InstaSafe Technologies serves to work on two fronts, remove this excess trust, and enable easy and secure access of enterprise applications situated anywhere, be it the cloud or on premise, by any verified workforce, irrespective of their location.
“From the onset, our mission has been singular, to make enterprise cybersecurity simpler and accessible to all,” he says.
The InstaSafe Way
InstaSafe leverages the concept of a Software Defined Perimeter (SDP) to operationalize Zero Trust security. This means that it divides the erstwhile network protected by the network perimeter into micro perimeters that include users, devices, and the apps they are authorized to access. Access is granted on a pre-authorized authenticated context aware basis. This reduces the attack surface significantly and obliterates the probability of network based attacks.
“We have integrated our products with multiple monitoring tools and identity providers, to provide an integrated security experience for our users, while enabling simplified security management,” Panda explains.
With more organizations adopting a WFH policy, the viability and practicality of Zero Trust solutions has come into spotlight
The company´s next-gen cybersecurity solution, ´InstaSafe Zero Trust Application Access (ZTAA)´ is based on the Zero Trust Network Access (ZTNA) framework, which shifts access controls from the perimeter to individual devices and users.
“Our solution by default trusts no user, inside or outside the network. With ISA, the whole enterprise network is placed behind a dark cloud. So, the hackers cannot attack what they cannot see,” he says.
This enterprise network security solution of theirs is delivered as a SaaS without the need of any extra hardware.
“The end result allows employees to work securely from any location without the need for a traditional VPN, and the enterprises get unparalleled security while making the lives of the network admins easy with a single pane management console. This solution stands as a true example of redefined enterprise security,” he adds.
Cloud Agnostic, Hardware Free, Zero Configuration
As a cloud agnostic security solution, InstaSafe was built with the aim of empowering organizations in their transformative migration to the cloud. Recognizing the lacunae in the traditional perimeter based approach in network security, the cybersecurity company has come up with its neoteric cybersecurity offering, ZTAA based on the ZTNA framework, which shifts access controls from the perimeter to in-dividual devices and users.
“Our SDP based interface is a hardware free, zero configuration solution that accords granular level access control to the enterprise and is a highly cost effective, practical, and prudent solution for any organization looking to strengthen their security architecture,” Panda elaborates.
By using ISA, an enterprise can extend secured access to both remote and on-premise users, with an assurance of uncompromising security. Using ZTAA’s SDP architecture, the whole enterprise network is placed behind a dark cloud. Given that hackers cannot attack what they cannot see, enterprise networks become secured against an array of credible threats, resulting in a secure, productive business environment.
A Security Bundle for the Tough Times
With WFH becoming the new normal, the security risks associated with maintaining a largely distributed workforce are accentuated.
“The aftermath of the outbreak has caused many organizations to realise that their security setup is woefully inadequate in terms of dealing with the security risks associated with a remote workforce. Most organizations use legacy based solutions, which are unscalable, difficult to setup, and provide weaker security when put up against new age hackers who try out a wide variety of attacks,” Panda explains.
In these tough times, Zero Trust security has been in the spotlight for being one of the prime drivers of secure business continuity in organizations, and we have been an active part of the Zero Trust conversation in India and abroad, helping organizations with highly customized security setups
In these difficult times, InstaSafe has come up with a security bundle that would help enterprises in dealing with heightened security concerns. It has made their scalable, on demand, easy to deploy cloud security based Zero Trust solutions free for all startups with a base of up to 100 users to ensure business continuity. In addition, it is providing additional vulnerability disclosure services for customers to help them detect security gaps in their organizations.
“In these tough times, Zero Trust security has been in the spotlight for being one of the prime drivers of secure business continuity in organizations, and we have been an active part of the Zero Trust conversation in India and abroad, helping organizations with highly customized security setups,” he says proudly.
Inspiration and Origin
As the discussion on cybersecurity moves from the IT department to the board room, more companies realize its importance in a world witnessing digital transformation at a breakneck speed.
This makes me cry.
But honestly I get it. I’ve been the overworked, tired admin who just wants one product to fix it. And that’s how we end up with enterprises with half a dozen sophisticated tools, half implemented and generating noise.
— ?missa? is hacking the things (@SecuritySphynx) May 8, 2021
“The major issue that was associated with cybersecurity was the inherent complexity of the solutions of the day, and their traditional ‘command and control’ approach to security, which operated on binary lines of ‘allow’ and ‘block’, while using ownership and control as a proxy for trust. But the times have changed,” says Panda.
“With the advent of digital transformation processes, every asset was potentially compromised, and the need arose for adaptive solutions that helps make sense of the grey nature of assets in the black and white world of network security,” he adds.
InstaSafe was started with a mission of creating simpler, people centric solutions that went beyond traditional conceptions of assigning trust by default to internal assets and denying trust to external assets
With more and more enterprises migrating their applications to the cloud, companies that were turning digital had to open up their tightly secured network perimeter to a multitude of users, which not only included remote employees but also third party partners. A cost effective solution was required that would secure the flow of this data through a secure yet simple authorization and encryption process.
It was to address this gap that InstaSafe was started in 2012, says Panda.
“InstaSafe was started with a mission of creating simpler, people centric solutions that went beyond traditional conceptions of assigning trust by default to internal assets and denying trust to external assets,” he says.
Instead, it relied on a context aware access control process that assessed the level of trust that should be given to an entity and balanced it with the risk associated with the entity when access is requested.
“By using a Zero Trust approach, we basically stopped discriminating between devices within the network, or outside it, and assigned Zero Trust to all devices. Every device was authenticated and vetted, and the context of each access request was verified before granting access,” he explains.
Initially, InstaSafe was based on relatively novel security conceptions. The SDP architecture based on Cloud Security Alliance’s (CSA) guidelines was then evolving as a revolutionary solution that could change the way multi-cloud access and secure remote connectivity can be achieved. Today, Zero Trust has become mainstream, owing to its elasticity, security, and scalability.
“With more organizations adopting a WFH policy, the viability and practicality of Zero Trust solutions has come into spotlight. InstaSafe has grown at a rapid pace during this transitional period, making it to the coveted list of the fastest growing tech companies of the country. While the way we work has certainly matured, we are still hungry to innovate, and solve every modern security challenge that comes our way,” he says.
The InstaSafe USP: Staying Ahead of the Times
With a mission to provide a simple but effective solution that would disrupt the traditional way of applying security and protection that already existed in the markets, when organizations were on the cusp of their migration from perimeter set up to either hybrid or CSP models, InstaSafe was already ahead.
“To be frank, we were little ahead of our times. Cybersecurity, as we see it today, is a highly fragmented sector. Without a well organized information security team, enterprises often find themselves at their wit’s end, trying to figure out which technology best suits their organization,” Panda explains.
We base our solutions, use cases, and technologies towards the design and operation of security infrastructure that is scalable, secure, flexible, and affordable
This often results in companies using multiple, obsolete technologies to solve multiple challenges, complicating the entire security posture of the company, leaving open the scope for existence of security loopholes. InstaSafe wanted to solve this.
“Our core technologies are designed to tackle this very challenge, and we base our solutions, use cases, and technologies towards the design and operation of security infrastructure that is scalable, secure, flexible, and affordable,” he adds.
Unique Zero Trust Methodology
Panda explains that most, if not all data security startups, tend to assign some level of implicit trust inside the system. By dividing business systems and processes into ‘inside’ and ‘outside’ and assigning a previously entitled amount of trust to internal systems, they create a divide that is not viable in the modern world.
“This excessive trust often leads to excessive latent risks that manifest themselves later as an exploited cyberattack,” he explains.
InstaSafe on the other hand, believes that trust never was an entitlement.
Trust needs to be earned. It needs to be established by authenticating the credentials of the user, while also validating the context as to why access is being sought
“Trust needs to be earned. It needs to be established by authenticating the credentials of the user, while also validating the context as to why access is being sought,” he says.
By employing this unique, Zero Trust methodology in the design of its technologies, the company seeks to create a final product that can not only accommodate modern disruptions like the cloud but also create a stronger security setup within the enterprise.
“It would not be wrong to say that we were one of the first few global players in the Zero Trust domain, when we started in 2012. As the CSA´s definition of an SDP architecture evolved, both Gartner and Forrester started covering the Zero Trust Model, we found that we were in a unique position,” he recalls.
Since they had been helping organizations adopt a Zero Trust approach for some time already, and their products had undergone several iterations and corrections, they were able to come up with a much superior offering than what other Zero Trust players had to offer.
“I would like to believe that this competitive advantage in terms of product superiority still stands, and this, along with our constant attention towards innovating and accommodating customer feedback in our upgrades to make a people centric solution, makes us different,” he adds.
The past year saw companies coming to terms with the need to upgrade their cybersecurity infrastructure. In the last year alone, InstaSafe had the opportunity to cater to the security needs of more than half a million users belonging to 100+ Fortune 2000 companies.
We wish to expand on our mission of simplifying enterprise security to provide an integrated security experience. This of course would involve horizontal product line expansion to provide a unified Zero Trust experience
“Our steady growth trajectory has led us to becoming India’s fastest growing cybersecurity company and tenth fastest growing tech company,” Panda informs proudly.
The company was recognized by Deloitte Fast 50 and ET India Growth Champions, with a three year average growth of more than 574%. They´ve also had the privilege of being featured by Nikkei and the Financial Times as one of Asia’s fastest growing companies. In addition, they were nominated as a preferred WFH solution by the Data Security Council of India. Moreover, global market research agency Gartner, has recommended InstaSafe as a preferred tool for crafting Zero Trust strategies, along with giants like Google, CISCO, and Microsoft.
InstaSafe is in plans to expand its influence beyond the Asian market, and Panda says, they hope to emerge as one of the foremost cybersecurity players in the world in the next decade.
“Cybersecurity conversations have shifted from the confines of security teams to become the spotlight in boardroom discussions. In this scenario, we wish to expand on our mission of simplifying enterprise security to provide an integrated security experience. This of course would involve horizontal product line expansion to provide a unified Zero Trust experience,” he concludes.